X86 CPU, critical! The latest vulnerability has caused heated discussion. Hackers can remotely steal keys. Intel "all processors" are affected

Fish and sheep From the Aofei temple
qubits | official account QbitAI

x86 CPU, dangerous ！

A new safety study shows that ： In a country called Hertzbleed Under the attack mode of , Hackers can steal encryption keys directly from remote servers .

Whether it's Intel or AMD CPU, It's not immune .

The scope of influence is probably aunt sauce's .

Intel ： All .

AMD：

The research came from research institutions such as the University of Texas at Austin and the University of Illinois at Urbana Champaign , Once the relevant papers were issued, they triggered a heated discussion .

What exactly happened , Let's study it carefully together .

in the light of DVFS The attack of

In cryptography , Power analysis It is a side channel attack method that has long existed .

for instance , By measuring the power consumed by the chip while processing data , Hackers can extract this encrypted data .

Fortunately, power analysis can not be realized remotely , The attack means are relatively limited .

But in Hertzbleed in , The researchers found that , Use dynamic voltage frequency scaling （DVFS）, The power side channel attack can be transformed into a remote attack ！

and DVFS, It is what major manufacturers are currently using to reduce CPU An important function of power consumption .

To be specific , The researchers found in the experiment , In some cases ,x86 The dynamic frequency scaling of the processor depends on the data being processed , Its particle size is milliseconds .

That is to say ,DVFS Caused by the CPU Frequency variation , It can be directly linked to the power consumption of data processing .

because CPU The difference in frequency can be converted into the difference in actual occurrence time , By monitoring the response time of the server , Attackers can observe this change remotely .

In the paper , The researchers are running SIKE（ An encryption algorithm ） Tested on the server of Hertzbleed.

Results show , In an unoptimized attack version , They were in 36 Hours and 89 Within hours , Completely extracted Cloudflare Encryption library CIRCL And Microsoft PQCrypto-SIDH All keys in .

Intel &AMD： No patch

The researchers say , They are already in 2021 To Intel in the third quarter of 、Cloudflare And Microsoft disclosed the research . First quarter of this year , They also share AMD There was communication .

however , Intel and AMD There are no plans to patch this .

Intel senior director of secure communications and event response Jerry Bryant Think ：

Although it is interesting from a research point of view , But we don't think this kind of attack is feasible outside the laboratory environment .

Intel rated the vulnerability as medium .

But Intel also mentioned in the announcement ： Guidelines are being released to address this potential vulnerability .

While Microsoft and Cloudflare aspect , The encryption code base has been updated .

The researchers estimate that , These updates make CIRCL and PQCrypto-SIDH The cost of unpacking performance increases 5% and 11%.

They mentioned , Disable the frequency boost function , Intel's “Turbo Boost”、AMD Of “Turbo Core” etc. , Can ease Hertzbleed The problems brought about by , But this will have a bad impact on the system performance .

in addition , What's interesting is , The researchers revealed that , Intel did not issue a patch , But they were asked to postpone the release of the findings .

Reference link ：
[1]https://www.hertzbleed.com/
[2]https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/

—  End  —

Live registration |  Arrayed optical waveguide ：

Push AR The display technology of glasses going to the consumer market within three years

The development of metacosmic industry , Bringing together cutting-edge technologies , Build a new form of the next generation Internet . and AR equipment , Or will become the next generation of Internet “ Access level ” equipment .

Consumption level AR What is the core competitiveness of the equipment ？AR What is the technical principle of optical module ？ How is its development ？ Your first pair AR What will the device look like ？6 month 16 Japan , The live broadcast will be announced ～

Focus on me here , Remember to mark the star ～