Intel and AMD Trusted Enclaves, a Foundation For Network Security, Fall To Physical Attacks (arstechnica.com) 28
Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.
Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.
Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.
Hardware vulnerable to physical attacks (Score:3)
Xbox hardware security (Score:1)
Guarding Against Physical Attacks: The Xbox One Story [platformse...summit.com] was written in 2019.
I don't know if the Xbox has been compromised since then, but if it has been, it wasn't easy.
Re: (Score:2)
The XBox is impressive, but it uses a physical ring of defenses. CPU makers don't have that much room.
At most, they can put a capsule of a potent acid, so decapping causes it to physically dissolve the secure area.
Instead, maybe some work should be done on PUFs. This way, the chip doesn't have to contain any secure data. It just uses its unclonable encrypt/decrypt operation to deal with stuff. A name:value lookup for passwords could be infinite because it wouldn't need to be stored in an enclave.
Re: (Score:2)
Correction, can't find the link, but there was a special purpose chip that had a tiny vial in glass of acid to hinder decapping. I can't find the link, so I'll pin [citation needed] on my own post.
Re: (Score:2)
You mean those [wikipedia.org] red [fandom.com] rings [lifewire.com]?
Re: (Score:2)
If it isn't operable, it can't be hacked. /s
Re: (Score:2)
“In short: The memory limitations in the hidden ROM made the system vulnerable in principle. A terribly wrong design and three bugs in the implementation opened three independent backdoors.”
Re: (Score:2)
It actually is a story because of the specific hardware and the role it has (restricting what the user/owner of the machine can do). Users/owners tend to have physical access. Also, after an attack with physical access, one on the whole class of devices without that physical access is often not far behind.
Details matter.
The good part of this: (Score:3)
This will actually make it easier for security companies to analyze malware that uses SGX and SEV.
Frankly, I find these to be misfeatures as the people who actually want these are slinging DRM.
Re: (Score:2)
Frankly, I find these to be misfeatures as the people who actually want these are slinging DRM.
Or you know, protecting encryption keys from computer-nabbed-by-the-FBI style attacks.
Not that I perceive a large uhhh, demand for that... I can definitely think of at least 1 person sitting in jail who really wishes he had SGX on his machine.
Re: (Score:2)
Yep, because the FBI would never get access to the keys. What universe are you living in? Because it is not this one.
Re: (Score:2)
Yes. This is exclusively about Digital Restriction Management. No surprise Microsoft is behind this crap.
If an attacker has physical access to my DIMMS (Score:2)
Re: (Score:3)
Right, for most of us this probably isn't particularly relevant. But, if you're employed by a cloud vendor possessing contracts with a national government... then maybe you do need to think about this.
Re: If an attacker has physical access to my DIMMS (Score:2)
If you are a government actor depending on a cloud vendor you have bigger problems.
Re: (Score:2)
It can affect us directly. The Secure Enclave on a phone can be all that keeps data away from the hands of bad guys on a stolen phone. The TPM might be the only thing that keeps company data out of the hands of nation-state tier level thieves. Yes, it sounds like overkill, but might as well do it right, because you never know.
Re: If an attacker has physical access to my DIMMS (Score:2)
The motherboard is the second level of defense. The case is the third. The rack is the fourth, the cage is the fifth. The armed guard is the sixth.
Physical attacks are readily mitigated by those with the will.
Battering RAM (Score:2)
Dredge in flour, then beaten eggs, then dried bread crumbs, preferably Panko. Deep-fry until golden brown.
Code signing is not security (Score:2)
Just because you have a "security enclave" doesn't mean it has anything to do with security for user data. In virtually all cases we've seen in reality so far, this kind of technology is used for securing business models against the interests of the users. Effectively they facilitate attacks against the user rather than hinder them. The most prominent example, of course, is DRM.
So please skip the nonsense. In the rare event you actually need some sort of hardware security, get a hardware security module.
Re: (Score:2)
Indeed. Also note that actually reasonably secure systems (Linux, if managed competently, for example or the xBSDs) do not even use this "security" hardware because it is not needed. This "secure" hardware is not an asset, it is a problem.
PHYSICAL access (Score:3)
>"In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center."
These are PHYSICAL attacks that require getting physically to the server (keys/locks/cameras/security guards/alarms), taking the server power down (service loss/downtime alerts/network monitoring), removing it from the rack, opening it, installing special/rare/custom/foreign hardware, closing it back up, installing it back on the rack, applying power, and booting it back up again. How is that happening in data centers for "cloud computing"? How is this actually relevant for any realistic security model?
The ONLY realistic value in this information is when trying to protect CLIENT machines FROM THE CLIENT'S OWNERS. You know, where the owner of the equipment has access and wants more access to their own stuff. Yes, as others have pointed out, probably from hacking DRM. Oh, the world is ending...
Re: (Score:2)
It could happen rather easily: e.g. the government could compel a datacenter to provide access to a rack server of its customer. Or a datacenter worker could be bribed to do it. Power outage can be explained by a power distribution malfunction.
E.g. Signal uses Azure and SGX is a component of their security, for dealing with things like contact discovery. But surely nobody would be interested in compromising Signal..
You're probably need to be quite a high-value target be attacked this way.
Why not have fully encrypted RAM? (Score:2)
Why has no-one made a computer (or if they have, why is it not more widely known or used) that works like, say, the Xbox One and Xbox Series where the CPU has a unique (and unreadable by any software) key burnt into it at manufacture time and any access to RAM is encrypted using that key and some hardware encryption.
Done right, it would be impossible for any attacks that rely on reading or writing the contents of RAM other than through the CPU memory controller (and the encryption hardware) to even work.
May
Re: (Score:3)
Oh lord who cares (Score:2)
Yeah, I got bad news, if someone is able to get access to your hardware for long enough to install an interposer AND get it to work (the signal integrity engineering at modern RAM speeds borders on magic, and an interposer throws God* only knows how many nanohenries of mutual inductance wrenches into the machinery), they've got time to do a LOT of things.
*and by God I mean the milli
I hope they publish all keys (Score:2)
This crap has to stop. Security-by-obscurity has no place in competent engineering.