A team of researchers at the University of Illinois has developed a new side-channel attack technique that manipulates information leaks through the Ring Interconnect Intel processors. The attack allows you to highlight information about memory use in another application and track information about the time of keystrokes. The researchers have published a companion measurement toolkit and several exploit prototypes.
Three exploits have been proposed that will allow:
- Recover individual bits of encryption keys when using RSA and EdDSA implementations that are vulnerable to side channel attacks (if computation delays depend on the data being processed). For example, leaks of individual bits with information about the initialization vector (nonce) of EdDSA are enough to use attacks to sequentially recover the entire private key. The attack is difficult to implement in practice and can be carried out with a large number of reservations. For example, successful operation is shown by disabling SMT (HyperThreading) and sharding the LLC cache between CPU cores.
- Define parameters about the delays between keystrokes. Delays depend on the position of the keys and allow, through statistical analysis, to recreate data entered from the keyboard with a certain probability (for example, most people usually type “s” after “a” much faster than “g” after “s”).
- Establish a covert communication channel for transferring data between processes at a rate of about 4 megabits per second, which does not use shared memory, processor cache, and CPU-specific resources and processor structures. It is noted that the proposed method of creating a covert channel is very difficult to block with existing methods of protection against attacks through side channels.
Exploits do not require elevated privileges and can be used by regular unprivileged users. It is noted that the attack can potentially be adapted to organize data leakage between virtual machines, but this issue went beyond the scope of research and testing of virtualization systems was not carried out. The proposed code has been tested on an Intel i7-9700 CPU in an Ubuntu 16.04 environment. In general, the attack method has been tested on Intel Coffee Lake and Skylake desktop processors, and is potentially applicable to Broadwell Xeon server processors.