YoVDO

CLKscrew - Exposing the Perils of Security-Oblivious Energy Management

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Software Security Courses Fault Attacks Courses Intel SGX Courses

Course Description

Overview

Explore a groundbreaking 54-minute Black Hat conference talk that unveils the CLKSCREW attack, a novel class of software-based fault attacks exploiting security-oblivious energy management mechanisms. Delve into how these attacks can be conducted without physical access to devices or fault injection equipment, making them more accessible to potential attackers. Learn about timing faults, challenges in implementation, and the use of MDG files and signature verification in the attack process. Examine code emulation techniques, faulting implementations, and timing anchors used to execute the attack. Analyze scatter plots and adaptive delay methods employed to refine the attack's effectiveness. Gain insights into the implications for Intel SGX and RSA encryption, and understand why these vulnerabilities are not random occurrences. Presented by Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo, this talk offers a comprehensive look at the perils of security-oblivious energy management in modern computing systems.

Syllabus

Introduction
Timing Faults
Challenges
MDG File
Signature Verification
Code Emulation
Faulting Implementation
Faulting Sketch
Timing Anchor
Track Fault
Scatter Plot
Adaptive Delay
Summary
Remarks
Roundup
Disclosures
Intel SGX
RSA Attack
Why is it not random


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube