New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading

New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading

Last week, the head of OpenBSD development, Theo de Raadt, told the press that the OS project he leads would no longer enable Hyper-Threading on Intel processors because of security issues. A full paper is due to be released in August at the Black Hat security conference. All de Raadt has said is that the issue is related to simultaneous multi-threading and that it impacted Intel CPUs.

“In particular, it is ill-advised to run different security domains (address spaces) on a pair of hyperthread CPUs,” he said. “Maybe there are other ways to resolve this problem, but Intel isn’t sharing solutions with us. We have selected the expedient approach of disabling hyperthreading until we know more.”

Last week, researchers at VU Amsterdam disclosed a new vulnerability dubbed TLBleed that leverages side-channel vulnerabilities and Hyper-Threading to read data out of the translation lookaside buffer, or TLB cache inside Intel CPUs, The Register reported. The TLB cache isn’t like the L1 or L2 caches used inside a conventional microprocessor. Instead, the TLB is used to cache maps of the tables that convert virtual memory addresses into the actual physical locations where data is stored in RAM. The most commonly-used maps are stored within the TLB.

As with the other side channel attacks we’ve discussed, there’s a gap here that can be exploited. A ‘fast’ access (the data to be looked-up is already stored within the TLB) is going to have slightly different characteristics than a ‘slow’ access, in which the CPU must go and search the full tables rather than the handful of frequently-accessed maps that were stored within the TLB itself. In the test case, the researchers were able to implement a strategy in which the Curve 25519 EdDSA algorithm (using libcrypt) was implemented and run on one core, while the second core ran an attack program. The attack program was capable of determining the 256-bit key used to calculate the signature in 99.8 percent of tests on a Skylake Core i7-6700K, 98.2 percent of tests on an Intel Broadwell Xeon E5-2620v4, and 99.8 percent on a Coffee Lake CPU. The keys can be leaked via the side channel based less on which TLB entries are changed but when they changed.

“The end-to-end attack time is composed of: 2ms of capture time; 17 seconds of signals analysis with the trained classifier; and a variable amount of brute-force guessing with a median work factor of 213, taking a fraction of a second,” the team – Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida – stated in their paper.

This may not represent a major flaw, and Intel doesn’t seem particularly concerned about it. One of the authors of the report has published a tweet to this effect:

time but not data flow is unsafe; (c) coarse-grained access patterns leak more than was previously thought. But don't panic, while a cool attack, #tlbleed is not the new #Spectre. Full details and paper out next week. cc @vu5ec @c_giuffrida @gober @herbertbos 2/2

— Ben Gras (@bjg) June 22, 2018

Intel has also released a statement:

Intel has received notice of research from Vrije Universiteit Amsterdam, which outlines a potential side-channel analysis vulnerability referred to as TLBleed. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre or Meltdown. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources. These measurements can potentially allow researchers to extract information about the software and related data. TLBleed uses the Translation Lookaside Buffer (TLB), a cache common to many high performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel® Integrated Performance Primitives Cryptography version U3.1 – written to ensure constant execution time and data independent cache traces -should be immune to TLBleed. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.

Ars Technica suggests that while TLBleed is a new side channel attack, it isn’t more powerful than known side-channel attacks. It’s also not clear if it impacts more than cryptography. As Ars writes: “It’s a problem for crypto; it’s probably not a problem for everyone.”

It isn’t known, at this juncture, whether CPUs from AMD are impacted. They also implement SMT, but do so in a manner that is different from Intel’s implementation.