A new side-channel attack takes aim at Intel’s CPU ring interconnect in order to glean sensitive data.
Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords.
Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics. Instead it leverages a component called CPU ring interconnect contention. This component facilitates communication across various CPU units – including cores, the last-level cache, system agent, and graphics unit – on modern Intel processors, such as the Skylake and Coffee Lake CPUs.
Riccardo Paccagnella, one of the researchers with the University of Illinois at Urbana-Champaign who discovered the attack, told Threatpost that the side-channel attack could give attackers the means to infer “key bits” from both vulnerable cryptographic implementations and from the precise timing of keystrokes typed by a victim user.
“The attacker needs to be able to already run unprivileged code on the machine under attack,” Paccagnella told Threatpost. “This may be possible by either fooling the user into downloading some code (e.g. a malicious app/malware) and run it, stealing the credentials of an unprivileged user of the same machine (and then, e.g., SSH-ing into it), or exploiting remote code execution vulnerabilities.”
In their research paper [PDF]: “Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical,” researchers said the attack is unique because it works in spite of some previous side-channel defenses.
“In this paper, we present the first on-chip, cross-core side channel attack that works despite [previous] countermeasures,” said the team of University of Illinois at Urbana-Champaign researchers in their paper, which will be presented at USENIX Security 2021.
What is CPU Ring Interconnect?
Intel’s CPU architecture includes several unique clock domains – including a per-CPU core clock domain, a processor graphics clock domain and a ring interconnect clock domain. The latter is an on-die “bus” that works to pass information between CPU cores, caches and Intel processor graphics. Researchers said, there are two challenges that make it “uniquely difficult” to leverage this channel in an attack. Firstly, little is known about the ring interconnect’s functioning and architecture. Secondly, data that can be gleaned through ring contention is “noisy by nature” making it difficult to learn sensitive data.
“Not only is the ring a contention-based channel—requiring precise measurement capabilities to overcome noise—but also it only sees contention due to spatially coarse-grained events such as private cache misses,” said researchers.
The Side-Channel Attack
In order to launch the attack, researchers were able to reverse engineer of the various protocols that handle the communication on the ring interconnect. From there, at a high level, they were able to piece together the conditions needed for two processes to incur the ring contention. They then came up with various side-channel attacks that “leverage the fine-grained temporal patterns of ring contention to infer a victim program’s secrets.”
This allowed researchers to create two proof-of-concept (PoC) attacks. One attack extracts “key bits” from vulnerable RSA and Edwards-curve Digital Signature Algorithm (EdDSA) encryption algorithm implementations.
“Specifically, [the attack] abuses mitigations to preemptive scheduling cache attacks to cause the victim’s loads to miss in the cache, monitors ring contention while the victim is computing, and employs a standard machine learning classifier to de-noise traces and leak bits,” according to researchers.
The second attack, meanwhile, targets keystroke timing information, which researchers said can be used to infer data like passwords. The attack stems from the fact that keystroke events cause spikes in ring contention that can be detected by an attacker – even with obstacles like background noise.
“We show that our attack implementations can leak key bits and keystroke timings with high accuracy,” said researchers, who published their experimental code for the attack on GitHub.
Intel for its part pointed to existing security best practices for mitigating against the side-channel attack: “We appreciate the ongoing work and coordination with the research community,” said Intel. “After reviewing the paper, we believe developers and system administrators can employ a number of security best practices that help protect against various types of side channel attacks, including those found in this paper.”
What Are Side-Channel Attacks?
Side-channel attacks extract sensitive information, such as cryptographic keys, from signals created by electronic activity within computing devices as they carry out computation. There are an array of techniques to launch side-channel attacks, including using caches, branch predictors or analog signals.
Intel and other CPU manufacturers have stepped up their defenses of such attacks. Many existing side-channel attacks can be mitigated by disabling simultaneous multi-threading (SMT) architecture used in CPUs; or disabling shared memory between processes in different security domains (by partitioning the last-level cache) in order to block cross-core cache-based attacks.
However, researchers argue, this latest side-channel attack bypasses these existing defenses.
“The main novelty of our attack compared to previous ‘traditional side channel’ attacks is that our attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures,” Paccagnella told Threatpost. “As a consequence, it is hard to mitigate using existing ‘domain isolation’ techniques.”
While the Spectre and Meltdown side-channel attacks have garnered widespread attention, Intel said these are speculative execution attacks. This most recent discovery, however, is a different “traditional side-channel” attack, more similar to a side-channel attack like PortSmash. According to Intel, “traditional” side channels leverage “architecturally committed operations” in order to infer information. Meanwhile, speculative execution attacks take advantage of operations “that only execute speculatively and thus are not committed into the architectural state.”
Researchers also noted that AMD CPUs utilize different proprietary technologies known as Infinity Fabric/Architecture for their on-chip interconnect.
“Investigating the feasibility of our attack on these platforms requires future work,” said researchers. “However, the techniques we use to build our contention model can be applied on these platforms too.”