When Good Turns Evil - Using Intel SGX to Stealthily Steal Bitcoins
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat conference talk that delves into the practical implementation of malware inside Intel SGX and its ability to evade state-of-the-art detection mechanisms. Learn how an unprivileged user can execute malware within an SGX enclave to extract secret RSA keys from co-located enclaves using cache attacks. Discover the intricacies of SGX protection features, Bitcoin wallets, cache attacks, and double fetch vulnerabilities. Examine the potential implications for Bitcoin theft, DRM video players, and sidechain-resistant crypto. Gain insights into proposed solutions at the operating system and hardware levels, as well as the advantages and limitations of atomic fetches and TFX. Presented by Michael Schwarz and Moritz Lipp, this 54-minute talk offers a comprehensive look at the intersection of trusted execution environments and potential security threats.
Syllabus
Outline
Introduction to SGX
Using SGX to implement Bitcoin wallets
Bitcoins Signatures
Cache Attacks
Prime and Rope
How does this work
Not that easy
Building the time
Physical address
Physical page
Addresses
Summary
Results
Performance Counter
Solution
Operating System
Hardware
Sidechain resistant crypto
DRM video player
Stealing Bitcoins
The Problem
Validity Period
Double Fetch Back
Shared Memory
Double Fetch Detection
Video Player Exploit
Double Fetches
Atomic Fetches
TFX
How it works
Dropit
Code
Advantages
Takeaways
Out of Scope
Conclusion
Taught by
Black Hat
Related Courses
Pseudorandom Black Swans: Cache Attacks on CTR_DRBGTheIACR via YouTube Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
IEEE via YouTube NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube The 9 Lives of Bleichenbacher's CAT - New Cache Attacks on TLS Implementations
IEEE via YouTube Malicious Management Unit - Why Stopping Cache Attacks in Software is Harder Than You Think
USENIX via YouTube