A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer’s main processor, including Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) and Ciphertext Hiding.
The attack, at its core, involves the use of an interposition device built using off-the-shelf electronic equipment that costs under $1,000 and makes it possible to physically inspect all memory traffic inside a DDR5 server.
“This allows us for the first time to extract cryptographic keys from Intel TDX and AMD SEV-SNP with Ciphertext Hiding, including in some cases secret attestation keys from fully updated machines in trusted status,” the researchers noted on an informational site.
“Beyond breaking CPU-based TEEs, we also show how extracted attestation keys can be used to compromise Nvidia’s GPU Confidential Computing, allowing attackers to run AI workloads without any TEE protections.”
The findings come weeks after the release of two other attacks aimed at TEEs, such as Battering RAM and WireTap. Unlike these techniques that target systems using DDR4 memory, TEE.Fail is the first attack to be demonstrated against DDR5, meaning they can be used to undermine the latest hardware security protections from Intel and AMD.
The latest study has found that the AES-XTS encryption mode used by Intel and AMD is deterministic and, therefore, not sufficient to prevent physical memory interposition attacks. In a hypothetical attack scenario, a bad actor could leverage the custom equipment to record the memory traffic flowing between the computer and DRAM, and observe the memory contents during read and write operations, thereby opening the door to a side-channel attack.
This could be ultimately exploited to extract data from confidential virtual machines (CVMs), including ECDSA attestation keys from Intel’s Provisioning Certification Enclave (PCE), necessary in order to break SGX and TDX attestation.
“As attestation is the mechanism used to prove that data and code are actually executed in a CVM, this means that we can pretend that your data and code is running inside a CVM when in reality it is not,” the researchers said. “We can read your data and even provide you with incorrect output, while still faking a successfully completed attestation process.”
The study also pointed out that SEV-SNP with Ciphertext Hiding neither addresses issues with deterministic encryption nor prevents physical bus interposition. As a result, the attack facilitates the extraction of private signing keys from OpenSSL’s ECDSA implementation.
“Importantly, OpenSSL’s cryptographic code is fully constant-time and our machine had Ciphertext Hiding enabled, thus showing these…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
