OpenBSD's decision to disable Intel's Hyper-Threading technology by default appears to have been built on a sound foundation, with details of a key-leaking exploit dubbed TLBleed appearing in public for the first time.
OpenBSD developer Mark Kettinis raised eyebrows last week by publishing a patch to disable Intel's Hyper-Threading technology by default, following concerns over the possibility that data could be exfiltrated from a supposedly 'secure' thread by another thread running on the same physical core.
While Kettinis did not share details of any potential exploit against the Hyper-Threading system, his patch appears to have been prescient: A team of security researchers have confirmed a vulnerability dubbed TLBleed which exploits Hyper-Threading in exactly the manner of which Kettinis warned. Far from theoretical, the attack is extremely effective: The researchers claim to have a 98 percent success rate in recovering a 256-bit EdDSA encryption key after a single signing operation.
Details of the flaw are to be made public later this week ahead of the team's presentation at the Black Hat USA security conference in August. The Register, however, has viewed the team's research paper, and confirms its details while stating that it is non-trivial to exploit - thus not of the same level of concern as this year's earlier Spectre and Meltdown vulnerabilities.
Intel, for its part, has neither confirmed nor denied the vulnerability, issuing only its stock response that it is 'looking into this feedback'. Ben Gras, one of the researchers behind TLBleed, has also indicated that AMD processors may be vulnerable, though this has yet to be confirmed experimentally.
Intel has been in touch to confirm details of the flaw, which it describes as a 'potential vulnerability,' while claiming that software written to use consistent execution time for cryptographic operations should be immune to the attack - including those using Intel's own cryptographic libraries. 'Intel has received notice of research from Vrije Universiteit Amsterdam, which outlines a potential side-channel analysis vulnerability referred to as TLBleed. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre or Meltdown,' Intel's spokesperson explains. 'Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources.
'These measurements can potentially allow researchers to extract information about the software and related data. TLBleed uses the Translation Lookaside Buffer (TLB), a cache common to many high performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel® Integrated Performance Primitives Cryptography version U3.1 - written to ensure constant execution time and data independent cache traces should be immune to TLBleed. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.'
September 18 2020 | 18:30