Presented at
Black Hat Asia 2018,
March 23, 2018, 11:45 a.m.
(60 minutes)
<span>In this talk, we will show that despite all doubts, it is practical to implement malware inside SGX. Moreover, this malware uses the protection features of SGX to hide itself from all state-of-the-art detection mechanisms. We show that an unprivileged user can execute malware inside an SGX enclave that uses a cache attack to extract a secret RSA key from a co-located enclave. Our malware does not use any kernel component, privileges, or operating system modifications to proxy commands from the enclave. Instead, we built novel techniques to mount the attack without operating system support. For a code reviewer, our enclave code looks like a benign series of simple memory accesses and loops. <br><br>We demonstrate that this attack is practical by mounting a cross-enclave attack to recover a full 4096-bit RSA key used in a secure signature process. This scenario can be found in real-world situations for Bitcoin wallets that are implemented inside SGX to protect the private key. With an SGX enclave, existing detection techniques (Herath and Fogh, BlackHat USA 2015) are not applicable anymore. The main takeaway is that SGX helps attackers in hiding their malware, without even requiring any privileges (i.e., no root privileges). <br><br>Additionally, so-called double fetch bugs are problems in APIs which can often be exploited to hijack the program flow inside a higher-privileged domain, such as given by the enclave. We show that cache attacks can be used to dynamically detect such vulnerabilities in secure enclaves without access to its code or even the binary. <br><br>Furthermore, the cache can be used as a primitive to reliably exploit such vulnerabilities, allowing to leak secrets such as private keys from enclaves. In our live demonstration, we show that SGX is not a miracle cure for badly written software and high-quality software is still required to protect secret information.</span>
Presenters:
-
Moritz Lipp
- InfoSec Researcher, Graz University of Technology
Moritz Lipp is a researcher in information security at Graz University of Technology. He is pursuing his PhD with a strong focus on microarchitectural side-channel attacks on personal computers and mobile devices at the Institute of Applied Information Processing and Communications. His research has been published at top academic conferences and presented on different venues around the world.
-
Michael Schwarz
- Infosec PhD student, Graz University of Technology
Michael Schwarz is an Infosec PhD student at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016 and Black Hat Asia 2017 where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016, NDSS 2017, and NDSS 2018.
Links:
Similar Presentations: