Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU’s last-level cache, rather than following the standard (and significantly longer) path through the server’s main memory. By avoiding system memory, Intel’s DDIO—short for Data-Direct I/O—increased input/output bandwidth and reduced latency and power consumption.
Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers. The most serious form of attack can take place in data centers and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers. To prove their point, the researchers devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server.
Merely scratching the surface
The researchers have named their attack NetCAT, short for Network Cache ATtack. Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks. The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn’t enabled. They are also advising hardware makers do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers.
“While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future,” the researchers, from the Vrije Universiteit Amsterdam and ETH Zurich, wrote in a paper published on Tuesday. “We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse.”
The researchers devised NetCAT after reverse-engineering DDIO and finding that last-level caches were sharing data across CPUs and peripherals, even when they received untrusted or potentially malicious input. Among the things this shared resource divulged was the precise arrival times of data packets sent in sensitive connections such as SSH. The information gave the researchers a side channel they could use to deduce the contents of each keystroke.
NetCAT is based partly on the observation that humans follow largely universal typing patterns that can often reveal clues about the keys they enter into a keyboard. For instance, it’s usually faster for most people to type an “s” immediately after an “a” than to type a “g” right after typing an “s.” These patterns allowed the researchers to use DDIO to carry out a keystroke timing attack, similar to this one, that uses statistical analysis of the inter-arrival timings of packets. Below is a video demonstrating the attack:
The researchers used rapid delivery provided by RDMA to simplify the attack, but it’s not a strict requirement, and future attacks may not need it at all. In an email, Kaveh Razavi, one of the Vrije Universiteit researchers who wrote the paper NetCAT: Practical Cache Attacks from the Network, wrote:
In short, the root cause of the vulnerability boils down to Intel’s DDIO feature enabling the (last-level) CPU cache to be shared with arbitrary peripherals such as network cards. This dramatically extends the attack surface of traditional cache side-channel attacks, which are normally mounted on a local setting (say from a VM to another in the cloud), exposing servers to cache side-channel disclosure from untrusted clients over the network. Using RDMA (for convenience), we have demonstrated the vulnerability can be exploited in real-world settings to leak sensitive information (e.g., keystrokes from an SSH session).
PRIME+PROBE
To suss out the timing information from the last-level cache, the researchers used a technique known as PRIME+PROBE. It involves first priming the cache by receiving packets that will be read from certain memory locations. The result: the technique brings the cache to a known state. The attack then waits for the target SSH client to type a letter. That triggers the PROBE stage, which attempts to detect any changes by receiving the same packets from the same memory locations.
“If the client has typed a key, then these packets will arrive slightly slower, signaling a keystroke,” Razavi wrote. “By performing PRIME+PROBE in a loop, NetCAT can find out whenever the victim types something in a network connection.”
The researchers proposed a second attack scenario that uses DDIO as a covert channel to funnel sensitive data off a server. In one variation, the covert channel connects a targeted server to an unnetworked, cooperating sandboxed process on a remote machine. A second variation creates a covert channel between two cooperating network clients running inside two separate networks.
Covert channels are mechanisms attackers use to transfer data between processes or hardware that are barred by security policies from communicating with one another. By stealthily bypassing this policy, attackers can steal sensitive data in a way that’s not detectable by the target.
The research is impressive, and the vulnerability it reveals is serious. Anyone who uses Intel-made processors inside data centers or other untrusted networks should carefully review the research, Intel’s advisory, and any advisories by the network provider to ensure DDIO doesn’t present a threat. People should also be aware that disabling DDIO comes at a significant performance cost. So far as the researchers know, chips from AMD and other manufacturers aren’t vulnerable because they don’t store networking data on shared CPU caches.
At the same time, people should remember that the research isn’t likely to materialize into widespread attacks in the real world any time soon.
“NetCAT is a complex attack and is likely not the low-hanging fruit for the attackers,” Razavi wrote. “In server settings with untrusted clients, where security matters more than performance, however, we recommend DDIO to be disabled.”