Abstract
Hardware-based fault injection attacks such as voltage and clock glitching have been thoroughly studied on embedded devices. Typical targets for such attacks include smartcards and low-power microcontrollers used in IoT devices. This paper presents the first hardware-based voltage glitching attack against a fully-fledged Intel CPU. The transition to complex CPUs is not trivial due to several factors, including: a complex operating system, large power consumption, multi-threading, and high clock speeds. To this end, we have built VoltPillager, a low-cost tool for injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator on the motherboard. This allows us to precisely control the CPU core voltage. We leverage this powerful tool to mount fault-injection attacks that breach confidentiality and integrity of Intel SGX enclaves. We present proof-of-concept key-recovery attacks against cryptographic algorithms running inside SGX. We demonstrate that VoltPillager attacks are more powerful than recent software-only undervolting attacks against SGX (CVE-2019-11157) because they work on fully patched systems with all countermeasures against software undervolting enabled. Additionally, we are able to fault security critical operations by delaying memory writes. Mitigation of VoltPillager is not straightforward and may require a rethink of the SGX adversarial model where a cloud provider is untrusted and has physical access to the hardware.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 30th Usenix Security Symposium (USENIX Security 21) |
| Publisher | USENIX |
| Number of pages | 18 |
| Publication status | Published - 12 Sept 2020 |
| Event | 30th USENIX Security Symposium 2021 (USENIX Security 21) - Vancouver, Canada Duration: 11 Aug 2021 → 13 Aug 2021 |
Conference
| Conference | 30th USENIX Security Symposium 2021 (USENIX Security 21) |
|---|---|
| Country/Territory | Canada |
| City | Vancouver |
| Period | 11/08/21 → 13/08/21 |