The attack was found to require physical access to computer hardware, which is a relevant threat for SGX enclaves that, until now, were thought to provide sufficient protection from a malicious cloud operator.
This research leveraged the presence of a separate voltage regulator chip to control the CPU voltage, with VoltPillager connecting to the unprotected interface and precisely controlling the voltage.
Work carried out at the University of Birmingham to find vulnerabilities that can be exploited within Intel’s security guarantees using undervolting dates back to a 2019 project.
This program involved an international team of researchers, including those from the university, using an attack, named Plundervolt, to induce faults and recover secrets. Intel fixed this vulnerability in late 2019 by removing the ability to undervolt from software with microcode and BIOS updates.
However, from this recent discovery, researchers were able to conclude that this hardware undervolting can achieve the same, and more, as the Plundervolt attack.
Should CEOs take responsibility for cyber-physical security incidents?
“This weakness allows an attacker, if they have control of the hardware, to breach SGX security,” said Zitai Chen, a PhD student in Computer Security at the University of Birmingham.
“Perhaps it might now be time to rethink the threat model of SGX. Can it really protect against malicious insiders or cloud providers?”
This research received funding from the Engineering and Physical Sciences Research Council (EPSRC), the European Union’s Horizon 2020 research and innovation programme, and the Paul and Yuanbi Ramsay Endowment Fund.
The VoltPillager tool will be presented at the Usenix Security 2021 conference.