TLBleed attack can extract signing keys, but exploit is difficult

An interesting, new side-channel attack abuses the Hyper-Threading feature of Intel chips and can extract signing keys with near-perfect accuracy. But both the researchers and Intel downplayed the danger of the exploit.

Ben Gras, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida, researchers at Vrije Universiteit's systems and network security group in Amsterdam, said their attack, called TLBleed, takes advantage of the translation lookaside buffer cache of Intel chips. If exploited, TLBleed can allow an attacker to extract the secret 256-bit key used to sign programs, with a success rate of 99.8% on Intel Skylake and Coffee Lake processors and 98.2% accuracy on Broadwell Xeon chips.

However, Gras tweeted that users shouldn't be too scared of TLBleed, because while it is "a cool attack, TLBleed is not the new Spectre."

"The OpenBSD [hyper-threading] disable has generated interest in TLBleed," Gras wrote on Twitter. "TLBleed is a new side-channel in that it shows that (a) cache side-channel protection isn't enough: TLB still leaks information; (b) side-channel safe code that is constant only in the control flow and time but not data flow is unsafe; (c) coarse-grained access patterns leak more than was previously thought."

Justin Jett, director of audit and compliance for Plixer LLC, a network traffic analysis company based in Kennebunk, Maine, said TLBleed is "fairly dangerous, given that the flaw allows for applications to gain access to sensitive memory information from other applications." But he noted that exploiting the issue would prove challenging.

"The execution is fairly difficult, because a malicious actor would need to infect a machine that has an application installed that they want to exploit. Once the machine is infected, the malware would need to know when the application was executing code to be able to know which memory block the sensitive information is being stored in. Only then will the malware be able to attempt to retrieve the data," Jett wrote via email. "This is particularly concerning for applications that generate encryption keys, because the level of security that the application is trying to create could effectively be reduced to zero if an attacker is able to decipher the private key."

Intel also downplayed the dangers associated with TLBleed; the company has not assigned a CVE number and will not patch it.

"TLBleed uses the translation lookaside buffer, a cache common to many high-performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel Integrated Performance Primitives Cryptography version U3.1 -- written to ensure constant execution time and data independent cache traces should be immune to TLBleed," Intel wrote in a statement via email. "Protecting our customers' data and ensuring the security of our products is a top priority for Intel, and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified."

Jett noted that even if Intel isn't planning a patch, it should do more to alert customers to the dangers of TLBleed.

"Intel's decision to not release a CVE number is odd at best. While Intel doesn't plan to patch the vulnerability, a CVE number should have been requested so that organizations could be updated on the vulnerability and software developers would know to write their software in a way that may avoid exploitation," Jett wrote. "Without a CVE number, many organizations will remain unaware of the flaw."

The researchers plan to release the full paper this week. And, in August, Gras will present on the topic at Black Hat 2018 in Las Vegas.