A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP

Li，Mengyuan1; Wilke，Luca2; Wichelmann，Jan2; Eisenbarth，Thomas2; Teodorescu，Radu1; Zhang，Yinqian3

10.1109/SP46214.2022.9833768

2022

1081-6011

978-1-6654-1317-6

Proceedings - IEEE Symposium on Security and Privacy

2022-May

337-351

22-26 May 2022

San Francisco, CA, USA

Hardware-assisted memory encryption offers strong confidentiality guarantees for trusted execution environments like Intel SGX and AMD SEV. However, a recent study by Li et al. presented at USENIX Security 2021 has demonstrated the CipherLeaks attack, which monitors ciphertext changes in the special VMSA page. By leaking register values saved by the VM during context switches, they broke state-of-the-art constant-time cryptographic implementations, including RSA and ECDSA in the OpenSSL. In this paper, we perform a comprehensive study on the ciphertext side channels. Our work suggests that while the CipherLeaks attack targets only the VMSA page, a generic ciphertext side-channel attack may exploit the ciphertext leakage from any memory pages, including those for kernel data structures, stacks and heaps. As such, AMD's existing countermeasures to the CipherLeaks attack, a firmware patch that introduces randomness into the ciphertext of the VMSA page, is clearly insufficient. The root cause of the leakage in AMD SEV's memory encryption - the use of a stateless yet unauthenticated encryption mode and the unrestricted read accesses to the ciphertext of the encrypted memory - remains unfixed. Given the challenges faced by AMD to eradicate the vulnerability from the hardware design, we propose a set of software countermeasures to the ciphertext side channels, including patches to the OS kernel and cryptographic libraries. We are working closely with AMD to merge these changes into affected open-source projects.

Privacy Systematics Side-channel attacks Data structures Libraries Encryption Registers

其他

英语

EI

20223412587275

Open source software ; Side channel attack ; Time switches

Computer Software, Data Handling and Applications:723

2-s2.0-85135909950

Scopus

1.The Ohio State University,United States
2.University of Lübeck,Germany
3.Southern University of Science and Technology,China

Li，Mengyuan,Wilke，Luca,Wichelmann，Jan,et al. A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP[C],2022:337-351.