Intel CPU’s have now become the target for another side-channel vulnerability posing a security threat. The vulnerability, termed ‘PortSmash’, appears somewhat similar to the previously discovered TLBleed, as it also lets an attacker pilfer cryptographic keys.
PortSmash Vulnerability – Side-Channel Security Flaw In Intel CPUs
A team of researchers has found a new side-channel flaw in Intel chips. The vulnerability named PortSmash allegedly allows an attacker to steal cryptographic keys from the internal processes of the CPU.
Reportedly, the researchers have verified the PortSmash vulnerability exploit on Skylake and Kaby Lake Intel processors. Nonetheless, the vulnerability supposedly affects all CPUs using Simultaneous Multithreading (SMT) architecture. The researchers suspect the flaw may affect AMD Ryzen as well.
The team of researchers who discovered the flaw includes five researchers from the Tampere University of Technology, Finland, and one from the Universidad Tecnologica de la Habana CUJAE, Cuba. They have briefly described the vulnerability in their advisory. As stated,
“We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures.”
Simultaneous Multithreading or SMT enables the execution of multiple computing threads on a CPU core for improved performance. So, the vulnerability referred herewith allows leakage of decryption keys when a malicious process runs alongside the legitimate ones.
In their report, the researchers stated that they could steal an OpenSSL private key using this attack.
“We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim (an OpenSSL-powered TLS server in this case).”
Billy Brumley, one of the researchers, has shared the proof-of-concept for this vulnerability (CVE-2018-5407) on GitHub. Whereas, the team has compiled the details in the form of a research paper awaiting moderation for publication in Cryptology ePrint Archive.
Regarding possible fixes, researchers recommended,
“Disable SMT/Hyper-Threading in the bios. Upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches)
Intel has responded to PortSmash reports after the exploit surfaced online. They state that they do not believe this vulnerability to be unique to Intel. Nor does it link to Foreshadow or the infamous Spectre and Meltdown.
“Intel received notice of the research. This issue is not reliant on speculative execution and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices.”