Difference between revisions of "Plundervolt"

Summary

Plundervolt is a Fault Injection Attack

Description

Plundervolt, also known as CVE-2019-11157, is a vulnerability that relies on the fact that if you run an Intel Core x86 processors, on a voltage that’s a little bit lower than it usually expects, e.g., 0.9V instead of 1.0V, it may carry on working almost as normal, but get some calculations very slightly wrong.^[1]

Plundervolt combines the principles behind these two attacks. The CPU's energy management interface is used and to alter the electrical voltage and frequency of te SGX memory cells. This causes unwanted alterations to SGX data.^[1]

The researchers tried undervolting various x86 instructions. They observed that multiplications (e.g., imul) and other complex instructions such as the AES New Instructions (AESNI) extensions can be most easily faulted. Plundervolt can practically fault in-enclave computations. The research team showed different attacks against widely used cryptographic algorithms, such as:^[1]

• Factoring RSA Keys With One Fault
• Breaking AES-NI
• SGX-provided crypto functions (MAC used in AES-GCM, ECC signatures and key exchange)
• SGX-provided instructions for key derivation and attestation

But Plundervolt doesn’t only affect cryptographic code, it also affects standard code:^[1]

• Faulting Pointer Arithmetic
• Faulting Memory Allocations

Attack Vectors

Breaking AES-NI

Enter these commands in the shell

echo foo
echo bar

Faulting Memory Allocations

Make sure to read

• War and Peace
• Lord of the Rings
• The Baroque Cycle

Mitigation and Countermeasures

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• Ausgewählte Kapitel der IT-Security (2021)

References