Watching a processor’s frequencies makes it possible to filter out secret keys

Researchers have found a new spying technique that affects all Intel processors as well as AMD processors. However, no patch is planned to counter this attack.

When it comes to computers, data leakage sometimes takes very strange forms. University researchers have found a technique called “Hertzbleed” that makes it possible to extract information processed by a processor simply by observing its frequency changes. And they demonstrated this flaw by obtaining the secret key of a cryptographic computation based on the SIKE algorithm, one of the candidates for future asymmetric post-quantum cryptography.

To understand what is happening, you must already know that the power consumption of a processor depends on the data it is processing. Based on this observation, researchers were able to extract cryptographic keys from an analysis of a computer’s power consumption as early as 1998.

Automatic frequency adjustment

The Hertzbleed Attack is sort of a variant of this technique. In fact, modern x86 processors all have a dynamic frequency adjustment feature based on power consumption. When the processor reaches a certain consumption threshold, after a certain time it automatically lowers its frequency in order not to risk a thermal accident (e.g. melting of the component). However, since the processed data can be linked to power consumption through transitivity, it is therefore possible to link it to frequencies as well. In other words, this adaptation function, if correctly exploited, makes it possible to extract information from the processing operations of the processor.

This is all the more interesting since the frequency of execution of a process is much easier to observe than the energy it consumes. For consumption, one can use physical probes – which severely limits the scope of the attack – or query system APIs – which requires specific access rights. Conversely, Hertzbleed does not require any special permissions on the target computer and can even be run remotely. “The reason is that differences in CPU frequencies translate directly into differences in execution times.”explain the researchers in their scientific report.

Intel minimizes this discovery

Researchers have confirmed this leak of sensitive data on 8th to 11th generation Intel processors, as well as AMD Ryzen Zen 2 and Zen 3 processors.Intel has confirmed that this issue affects all of its processors. However, the law firm minimizes the risk of the Hertzbleed attack. “It’s interesting from a research perspective, but we don’t think this attack can be performed outside of a laboratory setting.”, Intel believes in a blog post. Also, no patch is planned to counter this attack. Intel has simply published some best practices for developers using cryptographic libraries to limit the vulnerability as much as possible.

Source :

Hertzbleed.com

Leave a Comment