Researchers have discovered another side-channel security vulnerability in modern processors which have simultaneous multithreading (SMT) capabilities, though with confirmation currently limited to Intel parts, through which private data including cryptographic keys can be obtained: PortSmash.
Announced in a post to the oss-sec mailing list late on Friday, PortSmash is another in a string of security vulnerabilities discovered in simultaneous multithreading (SMT) implementations which allow a single physical processor core to run two or more threads at the same time. While boosting performance, at least for certain workloads, SMT - known on Intel processors as Hyper-Threading - comes with a major caveat: A security flaw in the processor itself can be exploited by a thread to access information originally intended for another thread running on the same physical core.
In server environments, particularly in virtualised platforms where a single physical server can be expected to be running workloads from a variety of different end users, that's a problem - and one serious enough that OpenBSD developer Mark Kettinis released a patch disabling Hyper-Threading in the operating system just ahead of the announcement of TLBleed, a security flaw allowing cryptographic key recovery cross-thread on Intel processors.
Now, there's a new reason to think about disabling Hyper-Threading: PortSmash, confirmed on Skylake and Kaby Lake architecture Intel processors but believed to extend across the company's entire range and, potentially but not yet confirmed, to SMT implementations on rival AMD's parts. 'We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures,' researcher Billy Brumley explains in the announcement. 'More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.'
In an email to Bleeping Computer, Brumley broke the flaw down further, using an example he came up with for his young daughter: 'You have a bag of jelly beans. I have a bag of jelly beans. We're pouring them into the same funnel,' Brumley told the site. 'I can't see you or your jelly beans. But the rate at which I can pour my jelly beans depends on the rate you're pouring your jelly beans. If your rate depends on a secret, I can learn that secret by timing how fast my jelly beans are going into the funnel. The jelly beans are instructions. The broad funnel part is the pipeline, and the narrow part an execution port. We are sharing the same funnel because of Simultaneous Multi-Threading (SMT).'
Proof-of-concept code, targeting the cryptographic keys used by OpenSSL, has already been released to GitHub. Thus far, Intel has not responded to the report, and while OpenSSL can be protected via a newly-released patch the general vulnerability itself can only be mitigated against by disabling SMT altogether on affected platforms - at least until Intel, and AMD if its processors prove vulnerable as expected, release microcode updates.
Intel has provided a statement which confirms the flaw, and which appears to put the onus on software developers to prevent exploitation. 'Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms,' the company's statement reads. 'Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.'
September 18 2020 | 18:30