Undervolting allows attacks on Intel's secure enclaves
Researchers at the University of Birmingham have identified a weakness in Intel’s processors: by undervolting the CPU, Intel’s secure enclave technology becomes vulnerable to attack.
Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’. This is done through privileged software interfaces, such as a “model-specific register” in Intel Core processors.
A team of researchers from the University of Birmingham’s School of Computer Science along with researchers from imec-DistriNet (KU Leuven) and Graz University of Technology have been investigating how these interfaces can be exploited in Intel Core processors to undermine the system’s security in a project called Plundervolt.
New results, released today and accepted to IEEE Security & Privacy 2020, show how the team was able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations – a method used to shield sensitive computations for example from malware. This means that even Intel SGX's memory encryption and authentication technology cannot protect against Plundervolt.
Intel have already responded to the security threat by supplying a microcode update to mitigate Plundervolt.
David Oswald, Senior Lecturer in Computer Security at the University of Birmingham, says: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves. Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”
The work was funded by the Engineering and Physical Sciences Research Council (EPSRC) and by the European Union’s Horizon 2020 Research and Innovation Programme.
Notes to editors:
- For media enquiries please contact Beck Lockwood, Press Office, University of Birmingham, tel 0121 414 2772.
- Plundervolt was discovered by the following researchers: Kit Murdock, David Oswald, Flavio D Garcia (The University of Birmingham). Jo Van Bulck, Frank Piessens (imec-DistriNet, KU Leuven). Daniel Gruss (Graz University of Technology)
- Murdock et al. (2019). ‘Plundervolt: Software-based Fault Injection Attacks against Intel SGX’ is published online and will appear at IEEE S&P 2020. A copy of the paper is available on request.
- The University of Birmingham is ranked amongst the world’s top 100 institutions. Its work brings people from across the world to Birmingham, including researchers, teachers and more than 6,500 international students from over 150 countries.
- KU Leuven is Europe’s most innovative university (Reuters) and ranks 48th in the world (Times Higher Education). Scientists at KU Leuven conduct basic and applied research in a comprehensive range of disciplines. The University welcomes more than 50,000 students from over 140 countries.
- For over 200 years, Graz University of Technology has built up an impressive record of achievements in teaching and research. Some 13,400 students and 3,500 staff continue to carry forward its power of innovation and vision into the future.