YoVDO

Plundervolt - Software-Based Fault Injection Attacks against Intel SGX

Offered By: IEEE via YouTube

Tags

Intel SGX Courses RSA Conference Courses System Security Courses Cryptographic Algorithms Courses

Course Description

Overview

Explore the Plundervolt attack, a software-based fault injection technique targeting Intel SGX, in this IEEE conference talk. Delve into the exploitation of privileged interfaces for dynamic frequency and voltage scaling in modern processors, particularly Intel Core series. Understand how adversaries can manipulate voltage to compromise the integrity of Intel SGX enclave computations, bypassing memory encryption and authentication safeguards. Examine real-world attack scenarios, including key recovery from cryptographic algorithms and inducing memory safety vulnerabilities in secure enclave code. Learn about the challenges of mitigating Plundervolt and the potential need for microcode updates or hardware modifications to ensure trusted computing base recovery.

Syllabus

Intro
TEES Trusted Execution Environments
DVES Dynamic voltage and frequency scaling
Undervolting Intel CPUs
Investigating faults in SGX
Fault analysis
Detailed CPU testing
Faulting RSA
Faulting AES-NÍ
When a single random byte fault is induced at the input of the eighth round, the AES key can be deduced. The computation complexity to recover 128 bit key is: 232 +256 encryptions.
Memory corruption
To summarise


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Cryptography And Network Security
Indian Institute of Technology, Kharagpur via Swayam
Applied Cryptography
University of Colorado System via Coursera
Cryptography Principles for IT Professionals and Developers
Pluralsight
Cryptography Application
Pluralsight
Security Architecture and Engineering: Build Defenses for CISSP®

Pluralsight