Hertzbleed: New x86 side-channel attack

[Cmaier]

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys

Boost frequencies reveal timings, and thus secret keys

www.tomshardware.com

Here’s another one.

 

[Yoused]

… However, it should theoretically apply to almost all modern CPUs because it works by observing the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique, a staple of modern processors. As such, this isn't a microarchitecture-specific attack — any processor with dynamic power and thermal management is potentially impacted. Intel says this has prompted it to share its findings with other chipmakers so they can assess any potential impact.​

Apple Cinnamon uses a more-or-less fixed clock speed, without the "turbo to 5GHz" common on Intel processors.

 

[Cmaier]

… However, it should theoretically apply to almost all modern CPUs because it works by observing the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique, a staple of modern processors. As such, this isn't a microarchitecture-specific attack — any processor with dynamic power and thermal management is potentially impacted. Intel says this has prompted it to share its findings with other chipmakers so they can assess any potential impact.​

Apple Cinnamon uses a more-or-less fixed clock speed, without the "turbo to 5GHz" common on Intel processors.

I can see several ways to mitigate the attack. As you note, not aggressively changing power state is one. One can have power states but slow them down over longer windows. Or one can relegate all key operations to key hardware units that operate at fixed speed and which use differential circuitry to ensure that 1->0 or 0->1 transitions use the same amount of power (alternatively or in addition, throwing a random number generator in the unit just to generate noise works as well).

If I had to bet, I would think that this won’t work so well on M-series chips because they tend not to flop around between power states every few milliseconds, and they have dedicated hardware to do a lot of the cryptography stuff. But I guess we’ll wait for more information.

 

[mr_roboto]

From the summary I thought this might be one of the many power-based side channels which are kinda useless in the real world, and it sounds like that's probably true:

Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.

In other words, you probably have to modify the motherboard to install an extremely high bandwidth current sense circuit inline with relevant CPU supply rail, then collect and crunch an awful lot of raw data to get anything. There won't be any remote exploits based on this.

 

[Cmaier]

From the summary I thought this might be one of the many power-based side channels which are kinda useless in the real world, and it sounds like that's probably true:

In other words, you probably have to modify the motherboard to install an extremely high bandwidth current sense circuit inline with relevant CPU supply rail, then collect and crunch an awful lot of raw data to get anything. There won't be any remote exploits based on this.

I don;t believe the second part - any of these power attacks works with normal power monitoring if you give it long enough.