We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96).
hertzbleed.com
Modern CPUs dynamically adjust their frequency to reduce power consumption (during low CPU loads) and ensure that the system stays below power and thermal limits (during high CPU loads). You might have heard of this feature under names like DVFS, Turbo Boost, Turbo Core, etc.
Mar 8, 2021 • 7 tweets • 2 min read
Our work on ring interconnect side channel attacks was accepted at @USENIXSecurity 2021 (#usesec21)! Full paper and source code are now available at: arxiv.org/pdf/2103.03443…
Context: Multicore CPUs have many components (agents) that communicate with each other. The ring interconnect is what many Intel CPUs use to move data between these components (e.g., during a memory access).