Abstract
Software Guard Extension (SGX) is a hardware-based trusted execution environment (TEE) implemented in recent Intel commodity processors. By isolating the memory of security-critical applications from untrusted software, this mechanism provides users with a strongly shielded environment called enclave for executing programs safely. However, recent studies have demonstrated that SGX enclaves are vulnerable to side-channel attacks. In order to deal with these attacks, several protection techniques have been studied and utilized.In this paper, we explore a new pattern history table (PHT) based side-channel attack against SGX named Bluethunder, which can bypass existing protection techniques and reveal the secret information inside an enclave. Comparing to existing PHT-based attacks (such as Branchscope [ERAG+18]), Bluethunder abuses the 2-level directional predictor in the branch prediction unit, on top of which we develop an exploitation methodology to disclose the input-dependent control flow in an enclave. Since the cost of training the 2-level predictor is pretty low, Bluethunder can achieve a high bandwidth during the attack. We evaluate our attacks on two case studies: extracting the format string information in the vfprintf function in the Intel SGX SDK and attacking the implementation of RSA decryption algorithm in mbed TLS. Both attacks show that Bluethunder can recover fine-grained information inside an enclave with low training overhead, which outperforms the latest PHT-based side channel attack (Branchscope) by 52×. Specifically, in the second attack, Bluethunder can recover the RSA private key with 96.76% accuracy in a single run.
Highlights
The Hardware-based Trusted Execution Environment (TEE) is a promising technique to enable secure computation
2 it has been disclosed that the key part of the 2-level predictor is a n-bit pattern history table (PHT) [ERAG+18], the value of n has not been disclosed to the public; 3 Current branch prediction unit (BPU)-based attacks usually require both the attacker and the victim processes to be executed in a sequential order, which limits the temporal resolutions of the attacks
We demonstrate 2 attack cases when the attacker process and victim process run on two hyper-threads on the same physical core, first against the vfprintf function (Section 6.1) and against the RSA implementation of the mbed TLS library (Section 6.2)
Summary
The Hardware-based Trusted Execution Environment (TEE) is a promising technique to enable secure computation. 2 it has been disclosed that the key part of the 2-level predictor is a n-bit PHT [ERAG+18], the value of n has not been disclosed to the public; 3 Current BPU-based attacks usually require both the attacker and the victim processes to be executed in a sequential order (e.g., first the attacker trains the predictor, the victim executes the code, and the attacker detects the state changes at last), which limits the temporal resolutions of the attacks To overcome these challenges, we developed three novel exploitation techniques: 1 fixing the branch history of the victim’s core by interrupting the SGX enclave and 2 reverse-engineering the inner logic of the entries in the 2-level predictor; 3 proposing a detection method which can improve the temporal resolution of the attack by adjusting the branch directions of the attacker’s target branch dynamically. The implementation of Bluethunder against SGX will be open sourced later
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.