Undervolting allows attacks on Intel's secure enclaves
Researchers at the University of Birmingham have identified a weakness in Intel's processors: by undervolting the CPU, Intel's secure enclave technology becomes vulnerable to attack.
Researchers at the University of Birmingham have identified a weakness in Intel's processors: by undervolting the CPU, Intel's secure enclave technology becomes vulnerable to attack.
Researchers at the University of Birmingham have identified a weakness in Intel’s processors: by undervolting the CPU, Intel’s secure enclave technology becomes vulnerable to attack.
Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’. This is done through privileged software interfaces, such as a “model-specific register” in Intel Core processors.
A team of researchers from the University of Birmingham’s School of Computer Science along with researchers from imec-DistriNet (KU Leuven) and Graz University of Technology have been investigating how these interfaces can be exploited in Intel Core processors to undermine the system’s security in a project called Plundervolt.
New results, released today and accepted to IEEE Security & Privacy 2020, show how the team was able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations – a method used to shield sensitive computations for example from malware. This means that even Intel SGX's memory encryption and authentication technology cannot protect against Plundervolt.
Intel have already responded to the security threat by supplying a microcode update to mitigate Plundervolt.
David Oswald, Senior Lecturer in Computer Security at the University of Birmingham, says: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves. Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”
The work was funded by the Engineering and Physical Sciences Research Council (EPSRC) and by the European Union’s Horizon 2020 Research and Innovation Programme.