PortSmash Microarchitecture Attack

vendor:

OpenSSL

by:

Daniel Gruss, Clémentine Maurice, Stefan Mangard, and Thomas Prescher

4.7

CVSS

MEDIUM

Side-Channel Attack

200

CWE

Product Name: OpenSSL

Affected Version From: OpenSSL 1.1.0h

Affected Version To: OpenSSL 1.1.0h

Patch Exists: YES

Related CWE: CVE-2018-5407

CPE: a:openssl:openssl:1.1.0h

Other Scripts: N/A

Platforms Tested: Skylake and Kaby Lake

2018

PortSmash Microarchitecture Attack

PortSmash is a side-channel attack that exploits simultaneous multithreading (SMT) in modern processors to obtain private cryptographic keys. It is a local attack that requires the attacker to have access to the same physical machine as the victim. The attack is based on the fact that SMT allows two threads running on the same physical core to observe each other’s cache-evicted data. This attack is based on the fact that SMT allows two threads running on the same physical core to observe each other’s cache-evicted data. The attack works by having one thread, the spy, monitor the cache-evicted data of the other thread, the victim, while the victim is performing a cryptographic operation. The spy can then use the data it observes to infer the secret cryptographic key used by the victim.

Mitigation:

The best mitigation for this attack is to disable SMT on the affected systems. Additionally, software developers should ensure that their applications are not vulnerable to side-channel attacks.

Source

Exploit-DB raw data:

# Summary

This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407.

![Alt text](parse_raw_simple.png?raw=true "Title")

# Setup

## Prerequisites

A CPU featuring SMT (e.g. Hyper-Threading) is the only requirement.

This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures, customizing the strategies and/or waiting times in `spy` is likely needed.

## OpenSSL

Download and install OpenSSL 1.1.0h or lower:

cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz
tar xzf openssl-1.1.0h.tar.gz
cd openssl-1.1.0h/
export OPENSSL_ROOT_DIR=/usr/local/ssl
./config -d shared --prefix=$OPENSSL_ROOT_DIR --openssldir=$OPENSSL_ROOT_DIR -Wl,-rpath=$OPENSSL_ROOT_DIR/lib
make -j8
make test
sudo checkinstall --strip=no --stripso=no --pkgname=openssl-1.1.0h-debug --provides=openssl-1.1.0h-debug --default make install_sw

If you use a different path, you'll need to make changes to `Makefile` and `sync.sh`.

# Tooling

## freq.sh

Turns off frequency scaling and TurboBoost.

## sync.sh

Sync trace through pipes. It has two victims, one of which should be active at a time:

1. The stock `openssl` running `dgst` command to produce a P-384 signature.
2. A harness `ecc` that calls scalar multiplication directly with a known key. (Useful for profiling.)

The script will generate a P-384 key pair in `secp384r1.pem` if it does not already exist.

The script outputs `data.bin` which is what `openssl dgst` signed, and you should be able to verify the ECDSA signature `data.sig` afterwards with

openssl dgst -sha512 -verify secp384r1.pem -signature data.sig data.bin

In the `ecc` tool case, `data.bin` and `secp384r1.pem` are meaningless and `data.sig` is not created.

For the `taskset` commands in `sync.sh`, the cores need to be two logical cores of the same physical core; sanity check with

$ grep '^core id' /proc/cpuinfo
core id : 0
core id : 1
core id : 2
core id : 3
core id : 0
core id : 1
core id : 2
core id : 3

So the script is currently configured for logical cores 3 and 7 that both map to physical core 3 (`core_id`).

## spy

Measurement process that outputs measurements in `timings.bin`. To change the `spy` strategy, check the port defines in `spy.h`. Only one strategy should be active at build time.

Note that `timings.bin` is actually raw clock cycle counter values, not latencies. Look in `parse_raw_simple.py` to understand the data format if necessary.

## ecc

Victim harness for running OpenSSL scalar multiplication with known inputs. Example:

./ecc M 4 deadbeef0123456789abcdef00000000c0ff33

Will execute 4 consecutive calls to `EC_POINT_mul` with the given hex scalar.

## parse_raw_simple.py

Quick and dirty hack to view 1D traces. The top plot is the raw trace. Everything below is a different digital filter of the raw trace for viewing purposes. Zoom and pan are your friends here.

You might have to adjust the `CEIL` variable if the plots are too aggressively clipped.

Python packages:

sudo apt-get install python-numpy python-matplotlib

# Usage

Turn off frequency scaling:

./freq.sh

Make sure everything builds:

make clean
make

Take a measurement:

./sync.sh

View the trace:

python parse_raw_simple.py timings.bin

You can play around with one victim at a time in `sync.sh`. Sample output for the `openssl dgst` victim is in `parse_raw_simple.png`.

# Credits

* Alejandro Cabrera Aldaya (Universidad Tecnológica de la Habana (CUJAE), Habana, Cuba)
* Billy Bob Brumley (Tampere University of Technology, Tampere, Finland)
* Sohaib ul Hassan (Tampere University of Technology, Tampere, Finland)
* Cesar Pereida García (Tampere University of Technology, Tampere, Finland)
* Nicola Tuveri (Tampere University of Technology, Tampere, Finland)

EDB Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/45785.zip