Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices.


Doctoral students Riccardo Paccagnella and Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. The upshot is that one application can read another application's private memory and snoop on the user's key presses.

"It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," explained Paccagnella told The Register. "The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses."


Side-channel attacks, like the 2018 Spectre and Meltdown vulnerabilities, exploit characteristics of modern chip microarchitecture to expose or infer secrets through interaction with a shared computing component or resource.

In a paper [PDF] to be presented at USENIX Security 2021 in August – "Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical" – Paccagnella, Luo, and Fletcher recount how they managed to figure out the workings of Intel's ring interconnect, or bus, that passes information between CPU cores.


Armed with that understanding, they found they could leak cryptographic key bits from RSA and EdDSA implementations, which are already known to be vulnerable to side-channel attacks. They also showed they could monitor keystroke timing, which prior research has shown can be used to reconstruct typed passwords.


Digging into Mount Doom


The challenge face ..