New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading

New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading

Last week, the head of OpenBSD development, Theo de Raadt, told the press that the OS project he leads would no longer enable Hyper-Threading on Intel processors because of security issues. A full paper is due to be released in August at the Black Hat security conference. All de Raadt has said is that the issue is related to simultaneous multi-threading and that it impacted Intel CPUs.

“In particular, it is ill-advised to run different security domains (address spaces) on a pair of hyperthread CPUs,” he said. “Maybe there are other ways to resolve this problem, but Intel isn’t sharing solutions with us. We have selected the expedient approach of disabling hyperthreading until we know more.”

Last week, researchers at VU Amsterdam disclosed a new vulnerability dubbed TLBleed that leverages side-channel vulnerabilities and Hyper-Threading to read data out of the translation lookaside buffer, or TLB cache inside Intel CPUs, The Register reported. The TLB cache isn’t like the L1 or L2 caches used inside a conventional microprocessor. Instead, the TLB is used to cache maps of the tables that convert virtual memory addresses into the actual physical locations where data is stored in RAM. The most commonly-used maps are stored within the TLB.

As with the other side channel attacks we’ve discussed, there’s a gap here that can be exploited. A ‘fast’ access (the data to be looked-up is already stored within the TLB) is going to have slightly different characteristics than a ‘slow’ access, in which the CPU must go and search the full tables rather than the handful of frequently-accessed maps that were stored within the TLB itself. In the test case, the researchers were able to implement a strategy in which the Curve 25519 EdDSA algorithm (using libcrypt) was implemented and run on one core, while the second core ran an attack program. The attack program was capable of determining the 256-bit key used to calculate the signature in 99.8 percent of tests on a Skylake Core i7-6700K, 98.2 percent of tests on an Intel Broadwell Xeon E5-2620v4, and 99.8 percent on a Coffee Lake CPU. The keys can be leaked via the side channel based less on which TLB entries are changed but when they changed.

“The end-to-end attack time is composed of: 2ms of capture time; 17 seconds of signals analysis with the trained classifier; and a variable amount of brute-force guessing with a median work factor of 213, taking a fraction of a second,” the team – Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida – stated in their paper.

This may not represent a major flaw, and Intel doesn’t seem particularly concerned about it. One of the authors of the report has published a tweet to this effect:

time but not data flow is unsafe; (c) coarse-grained access patterns leak more than was previously thought. But don't panic, while a cool attack, #tlbleed is not the new #Spectre. Full details and paper out next week. cc @vu5ec @c_giuffrida @gober @herbertbos 2/2

— Ben Gras (@bjg) June 22, 2018

Intel has also released a statement:

Intel has received notice of research from Vrije Universiteit Amsterdam, which outlines a potential side-channel analysis vulnerability referred to as TLBleed. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre or Meltdown. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources. These measurements can potentially allow researchers to extract information about the software and related data. TLBleed uses the Translation Lookaside Buffer (TLB), a cache common to many high performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel® Integrated Performance Primitives Cryptography version U3.1 – written to ensure constant execution time and data independent cache traces -should be immune to TLBleed. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.

Ars Technica suggests that while TLBleed is a new side channel attack, it isn’t more powerful than known side-channel attacks. It’s also not clear if it impacts more than cryptography. As Ars writes: “It’s a problem for crypto; it’s probably not a problem for everyone.”

It isn’t known, at this juncture, whether CPUs from AMD are impacted. They also implement SMT, but do so in a manner that is different from Intel’s implementation.

Continue reading

NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space
NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space

NASA reports the probe grabbed so much regolith from the asteroid that it's leaking out of the collector. The team is now working to determine how best to keep the precious cargo from escaping.

AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere
AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere

AMD unveiled its RX 6000 series today. For the first time since it bought ATI in 2006, there will be some specific advantages to running AMD GPUs in AMD platforms.

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.

NASA Discovers Vital Organic Molecule on Titan
NASA Discovers Vital Organic Molecule on Titan

In the latest analysis, researchers from NASA have identified an important, highly reactive organic molecule in Titan's atmosphere. Its presence suggests the moon could support chemical processes that we usually associate with life.