Plundervolt

Summary

Description

Plundervolt, also known as CVE-2019-11157, is a vulnerability that relies on the fact that if you run an Intel Core x86 processors, on a voltage that’s a little bit lower than it usually expects, e.g., 0.9V instead of 1.0V, it may carry on working almost as normal, but get some calculations very slightly wrong.^[1]^[2]

Plundervolt attacks the Intel Software Guard eXtensions (SGX). Intel SGX is a security feature implemented in almost all modern Intel CPUs. The SGX enclaves operate on small sections of the main memory of the CPU. It is usually isolated at a hardware level (separation of SGX memory and CPU memory) and at a software level (encrypted SGX data).^[1]^[2]^[3]

Plundervolt combines the principles behind these two attacks. The CPU's energy management interface is used and to alter the electrical voltage and frequency of te SGX memory cells. This causes unwanted alterations to SGX data.^[1]^[2]

The researchers tried undervolting various x86 instructions. They observed that multiplications (e.g., imul) and other complex instructions such as the AES New Instructions (AESNI) extensions can be most easily faulted. Plundervolt can practically fault in-enclave computations. The research team showed different attacks against widely used cryptographic algorithms, such as:^[1]^[2]

Factoring RSA Keys With One Fault
Breaking AES-NI
SGX-provided crypto functions (MAC used in AES-GCM, ECC signatures and key exchange)
SGX-provided instructions for key derivation and attestation

But Plundervolt doesn’t only affect cryptographic code, it also affects standard code:^[1]^[2]

Faulting Pointer Arithmetic
Faulting Memory Allocations

Attack Vectors

Breaking AES-NI

Enter these commands in the shell

echo foo
echo bar

Faulting Memory Allocations

Make sure to read

War and Peace
Lord of the Rings
The Baroque Cycle

Mitigation and Countermeasures

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

Ausgewählte Kapitel der IT-Security (2021)

References

↑ ^1.0 ^1.1 ^1.2 ^1.3 ^1.4 K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, F. Piessens and D. Gruss, "Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble," in IEEE Security & Privacy, vol. 18, no. 5, pp. 28-37, Sept.-Oct. 2020, doi: 10.1109/MSEC.2020.2990495.
↑ ^2.0 ^2.1 ^2.2 ^2.3 ^2.4 K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, D. Gruss and F. Piessens, "Plundervolt: Software-based Fault Injection Attacks against Intel SGX," 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1466-1482, doi: 10.1109/SP40000.2020.00057.
↑ https://nakedsecurity.sophos.com/2019/12/16/plundervolt-stealing-secrets-by-starving-your-computer-of-voltage/

[PLV-1] 1.0 ^1.1 ^1.2 ^1.3 ^1.4 K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, F. Piessens and D. Gruss, "Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble," in IEEE Security & Privacy, vol. 18, no. 5, pp. 28-37, Sept.-Oct. 2020, doi: 10.1109/MSEC.2020.2990495.

[PLV1-2] 2.0 ^2.1 ^2.2 ^2.3 ^2.4 K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, D. Gruss and F. Piessens, "Plundervolt: Software-based Fault Injection Attacks against Intel SGX," 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1466-1482, doi: 10.1109/SP40000.2020.00057.

[PLV2-3] ttps://nakedsecurity.sophos.com/2019/12/16/plundervolt-stealing-secrets-by-starving-your-computer-of-voltage/

[1]

[2]

[3]

Plundervolt

Contents

Summary

Description

Attack Vectors

Breaking AES-NI

Faulting Memory Allocations

Mitigation and Countermeasures

Courses

References

Navigation menu

Plundervolt

Summary

Description

Attack Vectors

Breaking AES-NI

Faulting Memory Allocations

Mitigation and Countermeasures

Courses

References

Navigation menu

Search