Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hyperthreading Considered Harmful

Posted by CowboyNeal on from the not-just-for-performance dept.

cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

5 of 392 comments (clear)

  1. more info at KernelTrap by Anonymous Coward · · Score: 5, Informative

    I read about this last night here at KernelTrap. They offer more info, evidently having talked to Colin...

  2. Re:Whoosh!!! by mmkkbb · · Score: 5, Informative

    Actually, Intel CPUs contain patchable microcode ROMs. You can see the option to enable it when you configure a Linux kernel.

    --
    -mkb
  3. Re:Probably a Timing-Based Attack by AtrN · · Score: 5, Informative
    This got mentioned in comp.arch and Dan Bernstein pointed out others have mentioned similar things previously. The abstract mentioned reads,

    Other People's Cache - HyperAttacks with HyperThreading - Dag Arne Osvik, Norway

    We have investigated the use of memory caches of modern processors as side-channels for timing attacks against software implementations of cryptographic algorithms. In particular, we have successfully performed a new kind of attack where the attacker has no privileges other than being able to run on the same processor as the victim. That is, the attacker has no access to plaintext or ciphertext, and is not allowed by the operating system to communicate with the victim. In this scenario we have recovered 45 out of 128 key bits from AES encryption of English text in just one minute on an Intel processor with HyperThreading. Moreover, with regular known plaintext attacks we have achieved full key recovery.
  4. Re:On the other hand by babbage · · Score: 5, Informative

    And this isn't the first time he has come up with some interesting research that has been mentioned on Slashdot before. Sure, he seems to be a little arrogant, but with his record so far, I think he's earned the benefit of the doubt here...

    --
    DO NOT LEAVE IT IS NOT REAL
  5. Paper by cperciva · · Score: 5, Informative

    My paper is available here.

    Have fun reading, I'm going back to the conference.

    --
    Tarsnap: Online backups for the truly paranoid