Intel, AMD Secure Enclaves Breached by Physical Attacks
▼ Summary
– Chip protections like Intel SGX and AMD SEV-SNP use encrypted enclaves to secure data and operations in cloud computing against attackers.
– Researchers have recently published two attacks, Battering RAM and Wiretap, that undermine the security of both Intel and AMD’s protections.
– Battering RAM actively manipulates encrypted data to introduce backdoors or corrupt information, defeating both SGX and SEV-SNP defenses.
– Wiretap passively decrypts sensitive data protected by SGX and remains undetectable throughout the process.
– Both attacks exploit deterministic encryption in the chips by using an interposer to observe data between the CPU and memory, allowing ciphertext analysis.
In today’s cloud-centric digital environment, hardware-level security features embedded in processors from industry leaders like Intel and AMD play a critical role in protecting confidential information. These technologies, commonly referred to as Trusted Execution Environments or TEEs, create isolated, encrypted spaces within the chip where sensitive data and computational processes can operate securely. Major platforms including Signal Messenger and WhatsApp rely on these enclaves to shield user communications, while cloud service providers universally advise their implementation. Intel markets its version as Software Guard Extensions (SGX), while AMD’s comparable offering is called Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
Despite bold security claims from both manufacturers, research teams have repeatedly uncovered vulnerabilities that undermine these protections. This week, two separate academic studies detailed new methods that further expose weaknesses in SGX and SEV-SNP. The first, named Battering RAM, successfully bypasses security measures on both platforms, enabling attackers not just to read encrypted information but to actively alter it, potentially inserting hidden backdoors or corrupting critical data. A second technique, known as Wiretap, operates entirely undetected while passively deciphering protected SGX data.
These intrusion methods share a common approach through specialized hardware known as an interposer. This compact device inserts physically between the central processing unit and its memory modules, allowing observation of all data exchanges between these components. Both attacks leverage a fundamental characteristic of the encryption systems, their deterministic nature. Deterministic encryption generates identical encrypted output whenever the same original data is processed with a specific key. For SGX and SEV-SNP implementations, this means that repeating the same information to an identical memory location will consistently produce matching ciphertext, creating patterns that adversaries can analyze.
(Source: Ars Technica)
