Welcome Stranger to OCC!Login | Register

PortSmash Timing Side-Channel Vulnerability Discovered

Category: General News
Posted: 12:46PM

The year is almost over, but we are not done yet with new vulnerabilities being discovered that exploit some design feature of CPUs. Today PortSmash has been revealed and this side-channel attack works by exploiting simultaneous multithreading (SMT) to leak information that could then be used to reconstruct encrypted data. While this was tested only with Intel CPUs (Skylake and Kaby Lake specifically), the researchers state all CPUs using a form of SMT may be vulnerable, which would many more Intel CPUs (Hyperthreading is Intel's name for its SMT solution) and many AMD Ryzen CPUs as the Zen architecture supports SMT.

More specifically, PortSmash works by using port contention to learn some characteristics of information being run on the same physical core, but different logical core. Processors with SMT support are able to execute more than one instruction at the same time thanks to the many functions the execution engine within a physical core is capable of. This allows the scheduling portion of the processor to send two different set of instructions to the same execution engine, having both run in parallel. Port contention is when those two instructions would actually require the same work be done, so one has to wait for the other to complete (or at least get partway down the pipeline). This delay caused by the contention is measured by PortSmash, making it a timing side-channel attack and the researchers were able to use it to extract an OpenSSL (<= 1.1.0h) P-384 private key from a server, but the researchers state other information could also be extracted. It does require the malicious code run on the same physical core of a processor to work, but has no other requirements such as root access, so the vulnerability is present in user space. Proof-of-concept code has been shared on GitHub of the attack as well

A fix for this vulnerability is to disable the SMT implementation in a system's BIOS, and apparently at least one of the researchers hopes this discovery will lead to the eventual end of SMT in processors. Another fix, at least for protecting OpenSSL is to update it to version 1.1.1 or 1.1.0i.

Source: ZDNet and GitHub

Register as a member to subscribe comments.
Guest_Jim_* on November 04, 2018 16:14

I really need to check all of my email folders more often. Was sent the Intel statement on this a couple days ago and was asked to share:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.


Braegnok on November 04, 2018 19:31

Side channel attacks have been used for years,  https://www.rambus.com/blogs/an-introduction-to-side-channel-attacks/   

Submit your comment:
Members, please LOGIN before posting
Live user
verification *:

Enter the letters you see in the image (without spaces)
Comment *:

* indicates required fields
© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1709840298   (xlweb1)