Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hyperthreading Considered Harmful

Posted by CowboyNeal on from the not-just-for-performance dept.

cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

14 of 392 comments (clear)

  1. This ought to be interesting by displague · · Score: 5, Interesting

    Doesn't Linux handle HT the same way it handles SMP? So even if there was a hole in HT, hardware-wise, software wise you would be just as protected as you would be on an SMP system?

    --
    Marques Johansson
  2. Quick fix by Junior+J.+Junior+III · · Score: 5, Funny

    I am counteracting the harmful effects of hyperthreading by eating a high-fiber diet. So far, I haven't had any problems.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  3. more info at KernelTrap by Anonymous Coward · · Score: 5, Informative

    I read about this last night here at KernelTrap. They offer more info, evidently having talked to Colin...

  4. Oh dear. by Morky · · Score: 5, Funny

    I guess I need to shut off hyperthreading on our app server before the users who can't sort an Excel spreadsheet have a chance to expliot the vulnerability.

  5. Probably a Timing-Based Attack by Sunlighter · · Score: 5, Interesting

    My guess is that this is a timing attack. While thread 1 generates an RSA key, thread 2 times itself performing various instructions. If thread 1 is using the FPU to do a multiply, the FPU won't be available for thread 2 right away, so there will be a measurable delay. Thread 2 can then determine when thread 1 is running multiplies.

    If my hunch is correct, an OS could fix this by allowing a process to enter a "secure mode" which would force the other thread on the same CPU to be idle when that process was scheduled.

    --
    Sunlit World Scheme. Weird and different.
    1. Re:Probably a Timing-Based Attack by AtrN · · Score: 5, Informative
      This got mentioned in comp.arch and Dan Bernstein pointed out others have mentioned similar things previously. The abstract mentioned reads,

      Other People's Cache - HyperAttacks with HyperThreading - Dag Arne Osvik, Norway

      We have investigated the use of memory caches of modern processors as side-channels for timing attacks against software implementations of cryptographic algorithms. In particular, we have successfully performed a new kind of attack where the attacker has no privileges other than being able to run on the same processor as the victim. That is, the attacker has no access to plaintext or ciphertext, and is not allowed by the operating system to communicate with the victim. In this scenario we have recovered 45 out of 128 key bits from AES encryption of English text in just one minute on an Intel processor with HyperThreading. Moreover, with regular known plaintext attacks we have achieved full key recovery.
  6. Re:Whoosh!!! by mmkkbb · · Score: 5, Informative

    Actually, Intel CPUs contain patchable microcode ROMs. You can see the option to enable it when you configure a Linux kernel.

    --
    -mkb
  7. opportunity to get paid for his volunteer work by dpilot · · Score: 5, Insightful

    I'd sooner guess that by presenting a paper at a conference, he's hoping to turn this into a job offer. There are any number of stories about black-hats mending their ways, and getting security jobs. Here's someone trying to start out as a white-hat, doing things the right way to begin with. Seems to me that if he's on the mark, he's a better risk for a job offer than a reformed black-hat.

    --
    The living have better things to do than to continue hating the dead.
  8. Same Guy? by Bananatree3 · · Score: 5, Interesting

    This is the same guy who calculated the 1 Quadrillionth hexadigit of Pi (no, not digit. It is in base 16). His project was called PiHex. According to his currently short but illustrious trackrecord, along with this current announcement, he is destined for being a big-name IT security guru.

  9. Re:It is just an 'give me a job' attention grab by Intrigued · · Score: 5, Insightful
    I don't see that.

    If he can produce even a moderately effective proof-of-concept exploit (which apparently he has), someone with a little malicious creativity will find out a way to abuse it.

    Also as a security professional, any gap, niche or irregularity in core security processes needs to be taken seriously even if nothing ever pans out in a real exploit.

    As far as the attention grab, I don't begrudge the guy at all. If the exploit is bogus, he will have advertised to the world "I'm an idiot - don't hire me!". If it is valid, he has shown his worth and deserves some support.

  10. SCO Unix variants... by Per+Abrahamsen · · Score: 5, Funny

    As we all know, this includes Linux :-)

  11. Security is a real-time embedded application by gvc · · Score: 5, Interesting

    Some of the most effective hacks/espionage come from exploiting "secondary channels" for information.

    For example, I know of one hack from the good old days that involved placing a password across a page boundary. The OS compared the password to a plain text version character-by-character, so faulted if the characters up to the page boundary were all correct. Observing the disk access light (or the time to reject the password) provided character-by-character cracking.

    Of course, password checking is now more sophisticated, but so is cryptanalysis. I think people that use encryption for real are well aware that there's an exposure in doing so on any time-shared system, or any system that can be observed in any way by a potential cryptanalyst.

    I would guess, based on the sparse information presented here, that this is the nature of the attack. If - and that's a big if - you can cause an adversary to be scheduled in just the right way, you may be able to capture part or all of a private key by observing timing artifacts of the hyperthreading implementation.

    This may be good security research, but unless I were protecting state secrets, I'd wait and evaluate the risk relative to other security risks that we find acceptable. I would also guess that the exposure is minimal compared to other high-tech and low-tech potential information leaks.

  12. Re:On the other hand by babbage · · Score: 5, Informative

    And this isn't the first time he has come up with some interesting research that has been mentioned on Slashdot before. Sure, he seems to be a little arrogant, but with his record so far, I think he's earned the benefit of the doubt here...

    --
    DO NOT LEAVE IT IS NOT REAL
  13. Paper by cperciva · · Score: 5, Informative

    My paper is available here.

    Have fun reading, I'm going back to the conference.

    --
    Tarsnap: Online backups for the truly paranoid