Explore the Plundervolt attack, a software-based fault injection technique targeting Intel SGX, in this IEEE conference talk. Delve into the exploitation of privileged interfaces for dynamic frequency and voltage scaling in modern processors, particularly Intel Core series. Understand how adversaries can manipulate voltage to compromise the integrity of Intel SGX enclave computations, bypassing memory encryption and authentication safeguards. Examine real-world attack scenarios, including key recovery from cryptographic algorithms and inducing memory safety vulnerabilities in secure enclave code. Learn about the challenges of mitigating Plundervolt and the potential need for microcode updates or hardware modifications to ensure trusted computing base recovery.
Plundervolt - Software-Based Fault Injection Attacks against Intel SGX
Overview
Syllabus
Intro
TEES Trusted Execution Environments
DVES Dynamic voltage and frequency scaling
Undervolting Intel CPUs
Investigating faults in SGX
Fault analysis
Detailed CPU testing
Faulting RSA
Faulting AES-NÍ
When a single random byte fault is induced at the input of the eighth round, the AES key can be deduced. The computation complexity to recover 128 bit key is: 232 +256 encryptions.
Memory corruption
To summarise
Taught by
IEEE Symposium on Security and Privacy
