- An interposer of $ 50 can repeat encrypted traffic and undermine enclave memory, experts claim
- Intel SGX and AMD SEV-SNP both fall to play manipulation
- Trade-offs-offs-offs favored scalability, leaving freshness and integrity unprotected
Academics from KU Leuven and the University of Birmingham have shown how a simple interposer can undermine the hardware protection of both Intel and AMD processors.
The teams built and tested a cheap interposer for less than $ 50 that sit physically between a CPU and DDR4 memory modules.
They showed that with these cheap components, an attacker can observe, alias and repeat encrypted memory traffic to undermine reliable enclaves designed to protect sensitive data in the cloud.
Breaking deterministic encryption
The interposer is a small circuit located on the memory signal path that contains analog switches controlled by a microcontroller.
By turning these switches, the unit can selectively redirect or ground address and command lines, so two different physical addresses point to the same drama cells.
Because both SGX and SEV SNP use deterministic memory crippling, which depends on complaints and addressing inputs, the same complaining text at the same address always produces the same chiffer text.
The striker therefore captures the chiffer text at an observed address and later forces the processor to read from an alias address.
This causes the deterministic encryption to provide a valid decrypt plaintiff who is out of date or attacker selected.
This replay method enables arbitrary reader and writes to otherwise protected enclave memory on systems where the encryption key and address semanity allow such operations.
The researchers revealed two separate techniques, abused RAM and wiretap, both of which are utilizing deterministic encryption used in trusted execution environments.
In the case of battery RAM, the method against both Intel and AMD processor protection works.
The researchers say it, “exposes the basic limits to the scalable memory crippling designs currently used by Intel and AMD.”
“Battery RAM […] is able to introduce memory alias dynamically when driving. As a result, abuser RAM can bypass Intels and AMD’s start-up time alias control. “
The related wiretap technique takes a mapping method that paired observed chiffer text blocks for probable plainty text values, enabling partial reconstruction of secrets used during cryptographic operations and any recovery keys recovery.
Wiretap is dependent on building a Chiffertext-to-known-plain text dictionary for common values inside algorithms such as ECDSA.
It then matches encrypted sequences against this dictionary until there are enough values to reconstruct keys.
While wiretap is more equipment intensive than the battery RAM prototype, the passive decryption threats demonstrate that does not require active manipulation.
Because both attacks are targeted at DDR4 signaling and are dependent on deterministic encryption, systems that use DDR5 or TDX that avoid deterministic schemes are less vulnerable to these exact methods.
The researchers emphasized the vulnerability stem from a deliberate engineering choice in which determinism and scalability were prioritized rather than freshness and integrity.
Both Intel and AMD maintain their trusted enclaves are not designed to withstand physical attacks, and emphasize their protection focuses on software compromises, not on scenarios where attackers install hardware between CPU and memory.
The fact that such attacks require only a cheap processor -intersperser raising questions about the practicality by excluding them from the threat model.
Solving the problem probably requires hardware changes, such as the adoption of probabilistic encryption or addition of integrity and freshness control to memory crippling.
These approaches are more difficult to scale over large memory spaces, which explains why deterministic design was chosen.
Until more resilient design arrives, organizations that use enclaves to sensitive tasks must acknowledge that their strongest defense can fail against attackers with modest resources and physical access.
Via Arstechnica
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
