Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that can be used to launch key recovery attacks against the Advanced Encryption Standard (AES) algorithm.
These technologies are collectively referred to as Pathfinder It is composed of scholars from the University of California, San Diego, Purdue University, the University of North Carolina at Chapel Hill, Georgia Institute of Technology, and Google.
Hosein Yavarzadeh, the paper’s lead author, said in a statement: “Pathfinder allows an attacker to read and manipulate key components of the branch predictor, thereby enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Specter attack.
“This includes extracting secret images from libraries such as libjpeg and recovering encryption keys from AES through intermediate value extraction.”
Specter is the name of a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in memory and thereby bypass isolation protections between applications.
The latest attack method targets a feature in the branch predictor called the Path History Register (PHR), which keeps a record of the last branch taken, to induce branch misprediction and cause the victim program to execute unintended code paths , thus inadvertently exposing its confidential information.
Specifically, it introduces new primitives that can manipulate the PHR and the Prediction History Table (PHT) within the Conditional Branch Predictor (CBR) to leak historical execution data and ultimately trigger Specter-style vulnerabilities.
In a set of demonstrations outlined in the study, we found that this method can effectively extract secret AES encryption keys and reveal secret images during processing of the widely used libjpeg image library.
Following responsible disclosure in November 2023, Intel said in an announcement last month that Pathfinder is built on Specter v1 attacks and that previously deployed mitigations for Specter v1 and traditional side channels can mitigate reported attacks. loopholes. There is no evidence that it affects AMD CPUs.
“[This research] Shows that PHR is prone to leaks, reveals data not available through PHT (ordered results of duplicate branches, global ordering of all branch results), exposes more branch code as a potential attack surface, and cannot be mitigated (clear, use obfuscation for the techniques proposed by PHT),” the researchers said.
