An attack method 'Hertzbleed Attack' that can remotely steal the encryption key from most CPUs is announced

A research team consisting of multiple universities in the United States has announced a new method of side-channel attack ' Hertzbleed Attack ' targeting all Intel CPUs and multiple AMD CPUs. The research team claims that Hertzbleed Attack can be used to break through the encryption of the attacked CPU, and Intel and AMD have announced countermeasures.

Hertzbleed Attack
https://www.hertzbleed.com/

◆ What kind of attack is Hertzbleed Attack?
Hertzbleed Attack is an attack method that steals the encryption key by analyzing the power consumption when the CPU performs calculation processing. The method of stealing confidential information by analyzing power consumption ( simple power analysis ) has been studied for a long time, but in simple power analysis, it was necessary to measure the power consumption of the attack target with high accuracy. However, in the Hertzbleed Attack announced this time, the 'calculation processing execution time' that exists in the frequency scaling technology that realizes operation at frequencies exceeding the rated clock such as ' Turbo Boost ' of Intel CPU and ' Precision Boost ' of AMD CPU By exploiting the feature that 'it depends on power consumption', it is possible to execute simple power analysis just by measuring the processing time.

According to the research team, Hertzbleed Attack does not require physical access and can be performed remotely. In fact, the research team reported that it succeeded in remotely acquiring the encryption key of the encryption algorithm ' SIKE ' by executing Hertzbleed Attack on CPUs made by Intel and AMD.

◆ Which CPU is affected?
According to the information about Hertzbleed Attack released by Intel on June 14, 2022, ' all Intel processors ' will be affected. In fact, the research team says that it has confirmed that Hertzbleed Attack is effective for 8th to 11th generation Intel CPUs.

Intel has released Hertzbleed Attack countermeasure guidance for developers.

Frequency Throttling Side Channel Guidance
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/frequency-throttling-side-channel-guidance.html

In addition, the research team confirmed that Hertzbleed Attack is effective even for AMD CPUs that adopted Zen 2 and Zen 3 architectures. Below is a list of products affected by the Hertzbleed Attackpublished by AMD.

Desktop processor
· AMD Athlon ™ X4 processor
・ AMD Ryzen ™ Threadripper ™ PRO processor
・ 2nd Gen AMD Ryzen ™ Threadripper ™ processors
・ 3rd Gen AMD Ryzen ™ Threadripper ™ processors
・ 7th Generation AMD A-Series APUs
· AMD Ryzen ™ 2000 Series Desktop processors
· AMD Ryzen ™ 3000 Series Desktop processors
· AMD Ryzen ™ 4000 Series Desktop processors with Radeon ™ graphics

Mobile processor
· AMD Ryzen ™ 2000 Series Mobile processor
· AMD Athlon ™ 3000 Series Mobile processors with Radeon ™ Graphics
· AMD Ryzen ™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen ™ Mobile processors with Radeon ™ graphics
· AMD Ryzen ™ 4000 Series Mobile processors with Radeon ™ graphics
· AMD Ryzen ™ 5000 Series Mobile processors with Radeon ™ graphics

Processor for Chromebook
· AMD Athlon ™ Mobile processors with Radeon ™ graphics

Processor for servers
・ 1st Gen AMD EPYC ™ processors
・ 2nd Gen AMD EPYC ™ processors

In addition, the research team points out that Hertzbleed Attack may be effective even for processors equipped with frequency scaling technology sold by Arm and others.

◆ What are the responses of each company?
The research team disclosed the findings and proof-of-concept code for Hertzbleed Attack to Intel, Cloudflare and Microsoft in the third quarter of 2021, and also to AMD in the first quarter of 2022. At this time, Intel requested the research team to postpone the public release of Hertzbleed Attack until May 10, 2022, and then it was released to the public on June 14, 2022 after Intel requested to postpone the release time. rice field.

At the time of writing, Intel and AMD have not released a patch for Hertzbleed Attack. It's unclear why Intel asked for a postponement of the open house.

'Hertzbleed Attack is interesting from an academic point of view, but we find Hertzbleed Attack to be an effective means of attack outside the lab, ' said Jerry Bryant, senior director of security and threat protection at Intel. I'm not thinking . '

◆ Is there a workaround for the user?
If users are concerned about the effects of Hertzbleed Attack, it is possible to prevent Hertzbleed Attack by disabling frequency scaling features such as 'Turbo Boost' and 'Precision Boost'. However, the research team does not recommend disabling frequency scaling as it has a significant impact on performance. Also, in a custom configuration such as power limit, Hertzbleed Attack may be possible even if frequency scaling is disabled.

The research team has published the proof-of-concept code for Hertzbleed Attack on the following page.

GitHub-FPSG-UIUC / hertzbleed
https://github.com/FPSG-UIUC/hertzbleed