1. InfoconDB
  2. Black Hat
  3. Black Hat USA 2020 Virtual
  4. Plundervolt: Flipping Bits from Software without Rowhammer

Plundervolt: Flipping Bits from Software without Rowhammer

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 11 a.m. (40 minutes)

Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (Black Hat USA 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again.<br><br>In this Black Hat talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt.<br><br>Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency, there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to regulate processor frequency and operating voltage dynamically.<br><br>In this talk, we show that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes.<br><br>We have responsibly disclosed our findings to Intel on June 7, 2019. Intel assigned CVE-2019-11157 to track this vulnerability and refer to mitigations. The scientific paper on Plundervolt will appear at the IEEE Security & Privacy Symposium 2020.

Presenters:

  • Frank Piessens - InfoSec Professor, imec-DistriNet, KU Leuven, Belgium
    <br data-mce-bogus="1">
  • Jo Van Bulck - InfoSec PhD Student, imec-DistriNet, KU Leuven, Belgium
    Jo Van Bulck (@jovanbulck) is a PhD candidate at imec-DistriNet, KU Leuven (BE). His research explores security limitations along with the the hardware-software interface, with particular attention to privileged side-channel attacks in trusted execution environments. Over the past years, Jo has uncovered several innovative microarchitectural side-channel attack vectors in commodity Intel x86 processors, and more recently was among the firsts to discover transient-execution CPU vulnerabilities. In the aftermath of Spectre and Meltdown, his research on the high-profile Foreshadow attack led to a complete collapse of the intel SGX ecosystem and ultimately even dismantled widespread virtual machine and operating system isolation.
  • David Oswald - InfoSec Senior Lecturer, The University of Birmingham, UK
    David Oswald is a Senior Lecturer (associate professor) in the Centre for Cyber Security and Privacy at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. His focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure (cryptographic) algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, VW/Hitag2 RKE systems, and Intel SGX) has created awareness for the crucial importance of security among developers of embedded devices and processors.
  • Flavio Garcia - InfoSec Professor, The University of Birmingham, UK
  • Kit Murdock - InfoSec PhD Student, The University of Birmingham, UK
    Kit Murdock is currently pursuing a PhD in Computer Science at The University of Birmingham. Her research interests include embedded hardware and software based fault injections. Kit has been building and researching a tool to enabled testing and evaluation of hardware fault injection using software emulation. Kit currently runs the University's Ethical Hacking Club: AFNOM which encourages students to learn offensive security in a friendly, informal environment.
  • Daniel Gruss - InfoSec Professor, Graz University of Technology
    Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than three years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on side channels and security on the hardware-software boundary. His research team was involved in several vulnerability disclosures, including Meltdown and Spectre. He has co-authored more than 20 top-tier academic publications in the past five years and received several prizes for his research.

Links:

Similar Presentations: