YoVDO

When Good Turns Evil - Using Intel SGX to Stealthily Steal Bitcoins

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Cryptography Courses Intel SGX Courses Cache Attacks Courses

Course Description

Overview

Explore a Black Hat conference talk that delves into the practical implementation of malware inside Intel SGX and its ability to evade state-of-the-art detection mechanisms. Learn how an unprivileged user can execute malware within an SGX enclave to extract secret RSA keys from co-located enclaves using cache attacks. Discover the intricacies of SGX protection features, Bitcoin wallets, cache attacks, and double fetch vulnerabilities. Examine the potential implications for Bitcoin theft, DRM video players, and sidechain-resistant crypto. Gain insights into proposed solutions at the operating system and hardware levels, as well as the advantages and limitations of atomic fetches and TFX. Presented by Michael Schwarz and Moritz Lipp, this 54-minute talk offers a comprehensive look at the intersection of trusted execution environments and potential security threats.

Syllabus

Outline
Introduction to SGX
Using SGX to implement Bitcoin wallets
Bitcoins Signatures
Cache Attacks
Prime and Rope
How does this work
Not that easy
Building the time
Physical address
Physical page
Addresses
Summary
Results
Performance Counter
Solution
Operating System
Hardware
Sidechain resistant crypto
DRM video player
Stealing Bitcoins
The Problem
Validity Period
Double Fetch Back
Shared Memory
Double Fetch Detection
Video Player Exploit
Double Fetches
Atomic Fetches
TFX
How it works
Dropit
Code
Advantages
Takeaways
Out of Scope
Conclusion


Taught by

Black Hat

Related Courses

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
TheIACR via YouTube
Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
IEEE via YouTube
NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube
The 9 Lives of Bleichenbacher's CAT - New Cache Attacks on TLS Implementations
IEEE via YouTube
Malicious Management Unit - Why Stopping Cache Attacks in Software is Harder Than You Think
USENIX via YouTube