Tuesday March 07, 2017

Research Scientists Show that Intel SGX can Leak Cryptography Keys

Intel's SGX or Software Guard Extensions were designed to hide sensitive data such as RSA keys. A team of researchers from Austria's Graz University of Technology were able to write a proof-of-concept malware that can grab RSA keys from SGX enclaves on the same system within 5 minutes of deployment. The "Prime+Probe" attack designed by the researchers thwarts the very thing that SGX was designed to prevent. The "Prime+Probe" attack works in a native Intel environment, but also across Docker containers as the Docker engine calls the same SGX driver from both containers.

News Image

The proof-of-concept recovers RSA keys from someone else's enclave in a three step process. First it discovers the location of the victim's cache sets, then secondly watches and waits for a RSA signature computation to occur. The last step in the process is to extract the key. The article goes into more depth about how the process works and states that it takes less than 5 minutes to steal 4096-bit RSA keys from the infected system. A trace only takes 72 seconds on average to run with 96% of the 4096-bit RSA key revealed after the initial run. Within 11 runs the full 4096-bit key is revealed. The original research paper as a downloadable pdf is found here.

We developed the most accurate timing measurement technique currently known for Intel CPUs, perfectly tailored to the hardware. We combined DRAM and cache side channels, to build a novel approach that recovers physical address bits without assumptions on the page size. We attack the RSA implementation of mbedTLS that is used for instance in OpenVPN. The attack succeeds despite protection against sidechannel attacks using a constant-time multiplication primitive. We extract 96 % of a 4096-bit RSA private key from a single Prime+Probe trace and achieve full key recovery from only 11 traces within 5 minutes.