Researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel security gap in all common CPUs that can hardly be mitigated.
Main processors (CPUs) of computers are designed to run multiple applications simultaneously. This is beneficial for efficiency, but poses a security risk. Researchers at TU Graz and the Helmholtz Center for Information Security have found a novel method that allows attackers to read data from the memory of CPUs by analyzing the processor's energy consumption. They call this method of attack "Collide+Power".
Overwriting data thousands of times
In a "Collide+Power" attack, the attackers store a data package on a segment of the CPU. In a second step, malicious code causes the attacker's own data to be overwritten ("collide") with the data the attackers are targeting. This overwriting consumes power - the more the two data packages differ from each other, the more power is consumed. The entire process is then repeated thousands of times, each time with minimally different attacker data packages to be overwritten. Finally, the targeted data package can be derived from the slightly different power consumptions that occur each time during this process.
Increased power consumption and time delays provide clues
Although the power consumption of CPUs cannot be read without administrator rights, attackers can bypass this security barrier: In addition to increased power consumption, overwriting the data packets also leads to delays in the computing processes on the attacked processor. These delays can be used to determine the power consumption and, in turn, the target data.
Attack currently still very time-consuming
"All computers with modern CPUs are affected by this security weakness," says Andreas Kogler from the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology. "And this security risk is very difficult to fix." However, a "Collide+Power" attack is currently still extremely time-consuming: Due to the countless overwrite operations, the data theft requires at least 16 hours per bit, in other scenarios even up to a year. However, future leaps in technological development could significantly reduce the time required, making "Collide+Power" attacks an everyday security risk.
In principle, the issue of so called power side channels has been known for a long time and is one of the research topics of Stefan Mangard, who leads the IAIK at the TU Graz and has co-authored the Collide+Power study. However, the research group of Daniel Gruss at IAIK only recently discovered that power measurements on modern computers do not require expensive measurement hardware and physical access, but can be done directly from software.
Chip manufacturers have been informed in advance
The major chip manufacturers have been informed about the "Collide+Power" risk in advance and have adjusted their guidelines accordingly. For the general public, the researchers have set up a website describing the security gap in detail: https://collidepower.com/
Andreas KOGLER
Dipl.-Ing. BSc
Institute of Applied Information Processing and Communications
Phone: +43 316 873 – 5583
Email: andreas.kogler@tugraz.at
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
Authors: Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard
https://collidepower.com/paper/Collide+Power.pdf
Andreas Kogler from the Institute of Applied Information Processing and Communications at TU Graz.
Helmut Lunghammer
Lunghammer - TU Graz
Researcher from TU Graz and the Helmholtz Center for Information Security have found a new security ...
Helmut Lunghmmer
Lunghammr - TU Graz
Criteria of this press release:
Journalists
Electrical engineering, Information technology
transregional, national
Research results, Scientific Publications
English
Andreas Kogler from the Institute of Applied Information Processing and Communications at TU Graz.
Helmut Lunghammer
Lunghammer - TU Graz
Researcher from TU Graz and the Helmholtz Center for Information Security have found a new security ...
Helmut Lunghmmer
Lunghammr - TU Graz
You can combine search terms with and, or and/or not, e.g. Philo not logy.
You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).
Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.
You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).
If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).