Intel has experienced side-channel attacks in the past, but this time, a different approach to exploitation has been discovered by the researchers.
The latest form of attack is not dependent on invading cache and memory, but it uses CPU ring interconnect contention. This component can affect a wide range of systems in Intel processors. The graphics unit, system argent, cores, and the last-level cache will most likely be hit in the component.
An Overview of the Attack Discovered by the Researchers
In a report by TechRadar, a team of researchers from the University of Illinois unlocked a finding that Intel CPUs posed a new vulnerability to side-channel attacks.
The team, which was composed of Riccard Paccagnella, a doctoral student, Christopher Fletcher, an assistant professor, and Licheng Lui, a master's student, arrived at the conclusion that Intel's CPU rings can be a portal of several exploitations of data and other information.
Paccagnella said that the attacker needs to run an unprivileged code to attack the machine. In an interview with Threatpost, he said that the attacker might be luring the user to download malicious files or codes such as malware and other suspicious apps.
If the person decides to run any of them, the attacker can now take the opportunity to steal sensitive information from the same machine. The remote code execution vulnerabilities can also be exploited as a result.
Paccagnella added that the side-channel attack appears to be a new form because regardless of side-channel defenses, it would still work to invade data systems.
What Does CPU Ring Interconnect Mean?
The structure of an Intel CPU features multiple unique clock domains, including a ring interconnect clock domain, a clock domain in processor graphics, and the CPU core.
The first one is designed to transfer information to the CPU cores, processor graphics, and caches. The researchers revealed that they had seen the two 'difficult' challenges to solve this kind of channel attack in the study.
The first one revolves around the architecture and functioning of the ring interconnect. The second one is about the data that can be extracted through the ring contention. The experts consider it as 'noisy by nature,' and learning sensitive data could be a difficult task.
How Did the Researchers Deal with Side-Channel Attack?
First, researchers have devised reverse engineering of the protocols focused on ring interconnect's communication. Moreover, they considered the conditions for the processes so they could carry out the ring contention.
From there, they created PoC (proof-of-concept) attacks after arriving with the different side-channel attacks. They make use of ring contention to deduce the secrets behind the user's program.
The first attack emphasizes 'key bits' extraction from RSA (Rivest-Shamir-Adleman), a public cryptosystem for data security, and EdDSA (Edwards-curve Digital Signature Algorithm), a digital signature scheme.
On the other hand, the second attack focused on keystroke timing information, where data like passwords are inferred. The attacker can recognize the spikes in the ring contention, and this is where the attack came from. In addition, the spikes can still be identified even with the background noise.
The researchers who posted their experimental code about the attack on GitHub said their implementations could accurately reveal keystroke timings and key bits.
Meanwhile, Intel appreciated the coordination with the researchers. The company also believed that the developers, together with other administrators, can establish the ideal security practices for protection against side-channel attacks written in the paper.
While Intel and other manufacturers have fortified side-channel defenses, existing attacks can persist in invading them, as per researchers. Furthermore, the experts said that AMD CPUs rely on Infinity Fabrice/Architecture for the on-chip interconnect.
"Investigating the feasibility of our attack on these platforms requires future work. However, the techniques we use to build our contention model can be applied on these platforms too," the researchers concluded.
To access the study entitled "Lord of the Ring(s): Side-Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical," visit this.
Related Article: Intel Hacked: 20GB of Data Including Secret Files Accessible Using Password 'Intel123' Leak Online
This article is owned by Tech Times
Written by Joen Coronel