In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can’t be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections—which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves)—are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.
Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.
Attacking deterministic encryption
Both attacks use a small piece of hardware, known as an interposer, that sits between CPU silicon and the memory module. Its position allows the interposer to observe data as it passes from one to the other. They exploit both Intel’s and AMD’s use of deterministic encryption, which produces the same ciphertext each time the same plaintext is encrypted with a given key. In SGX and SEV-SNP, that means the same plaintext written to the same memory address always produces the same ciphertext.
This is an intriguing topic that highlights the ongoing challenges in network security. It’s fascinating to see how even advanced technology can be vulnerable to physical attacks. Staying informed about these developments is crucial in our increasingly digital world.
Absolutely, it really underscores how even the most advanced security measures can have vulnerabilities. As we move further into cloud computing, the need for continuous innovation in chip security will be crucial to stay ahead of potential threats. It’s a reminder that security is an ever-evolving field!
You’re right, it’s surprising how physical attacks can bypass even sophisticated technology. It’s a reminder that as we advance in security, we also need to consider the physical environments where these systems operate. Enhancing security protocols around hardware could be a crucial next step.
great reminder of the importance of securing hardware in addition to software. Many organizations may focus on software defenses, but without robust physical security measures, they can still be vulnerable. It’s crucial to address both aspects to ensure comprehensive protection.
Absolutely, securing hardware is often an overlooked aspect of security strategies. It’s interesting to note that as cloud computing evolves, the need for robust physical security measures becomes even more critical, especially with the rise of remote work and accessibility.