Thread #PLATYPUS
PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com
I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.
(1/n)
PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com
I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.
(1/n)
PLATYPUS is a Side Channel Attack allowing to _remotely_ extract secrets from Intel CPU incl. SGX enclave and AES-NI.
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.
(2/n)
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.
(2/n)
From an attacker PoV, this interface is great since it's unpriviledged and can be accessed remotely.
On the other side, it's quite low resolution, you can only get samples at 20kHz. This later limitation is overcome by several of techniques (cf paper).
(3/n)
On the other side, it's quite low resolution, you can only get samples at 20kHz. This later limitation is overcome by several of techniques (cf paper).
(3/n)
Having a digital oscilloscope inside a CPU is a dream for any Side Channel Attacker.
Within this threat model, for sure, it becomes possible to spy everything on what's going on inside the CPU, including the use of cryptographic materials whether they are in SGX or not...
(4/n)
Within this threat model, for sure, it becomes possible to spy everything on what's going on inside the CPU, including the use of cryptographic materials whether they are in SGX or not...
(4/n)
I'm pretty surprised this attack has just been discovered now!
Power-based Side Channel Attacks have been published more that 20 years ago, and were probably exploited before
In this context, the attacker has a physical access to the chip and measures its power consumption
(5/n)
Power-based Side Channel Attacks have been published more that 20 years ago, and were probably exploited before
In this context, the attacker has a physical access to the chip and measures its power consumption
(5/n)
These attacks are very efficient and drove a whole industry willing to secure its circuits against an attacker with a physical access (Secure Element/Smartcard)
A lot of research has been done enhancing attacks and countermeasures on these chips (cf. CPA, DPA, Template..)
(6/n)
A lot of research has been done enhancing attacks and countermeasures on these chips (cf. CPA, DPA, Template..)
(6/n)
Today, a circuit without such countermeasures is clearly vulnerable to these attacks. Any attacker with a physical access can extract secrets from them.
(7/n)
(7/n)
On Intel CPU, these attacks weren't much studied:
- An attacker with a physical access to a CPU is a bit less realistic
- It's not convenient to set-up a testbench measuring power consumption on a 3GHz CPU having multiple cores
(8/n)
- An attacker with a physical access to a CPU is a bit less realistic
- It's not convenient to set-up a testbench measuring power consumption on a 3GHz CPU having multiple cores
(8/n)
On ARM-based SoC, both Side Channel have been studied:
- measuring power consumption/EM on the chip
- use software to get the power trace. It has been done directly from the OS (Android for instance), or from the SoC ADC - (eg. @colinoflynn excellent work)
(9/n)
- measuring power consumption/EM on the chip
- use software to get the power trace. It has been done directly from the OS (Android for instance), or from the SoC ADC - (eg. @colinoflynn excellent work)
(9/n)
All the pieces were on the table, but no one could see it before now (at least publicly, this could have been exploited already).
So, congratz again to the @tugraz team (@mlqxyz
et al.) for putting them together!
So, congratz again to the @tugraz team (@mlqxyz
et al.) for putting them together!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
