We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Hardwared Based CPU Undervolting on The Cheap

Formale Metadaten

Titel
Hardwared Based CPU Undervolting on The Cheap
Untertitel
Stealing Your Secrets for $30
Serientitel
Anzahl der Teile
637
Autor
Mitwirkende
Lizenz
CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Previous work such as Plundervolt has shown that software-based undervolting can induce faults into Intel SGX enclaves and break their security guarantees. However, Intel has addressed this issue with microcode updates. We later discovered that there is a physical connection on the motherboard which allows us to control the voltage and conduct fault injection. In this talk, we will present a low-cost device: Voltpillager, which use this physical connection to break the guarantees provided by SGX again. On a standard motherboard, there is a separate Voltage Regulator (VR) chip that generates and controls the CPU voltage. Our tool, VoltPillager, uses this to connect to the (unprotected) interface of the VR and control that voltage. Based on this, we then mount fault-injection attacks that breach confidentiality and integrity of Intel SGX enclaves, and present proof-of-concept key-recovery attacks against cryptographic algorithms running inside SGX. Our results may require a rethink of the widely assumed SGX adversarial model, where a cloud provider hosting SGX machines is assumed to be untrusted but has physical access to the hardware.