Prof. Junbeom Hur’s team reveals threats to Intel CPUs’ data prefetcher and presents at the most prestigious computer-security related conference, ACM CCS 2018, taking place from Oct. 15 to 19 in Toronto, Canada.
▲ Professor Junbeom Hur, Department of Computer Science and Engineering, College of Informatics
Professor Junbeom Hur, Department of Computer Science and Engineering, College of Informatics and his team revealed a potential security threat to Intel CPUs’ data prefetcher and presented their findings at a well-known computer-security related conference.
As the most important element of a computer system, the CPU is the brain of the computer where operations related to data processing take place. All the data handled by wide-ranging devices such as IoT equipment, personal computers, and even cloud servers are processed in CPUs. To boost data processing performance, modern CPUs fetch predictable data to the cache before it is actually needed. This is called “data prefetch” technology. Until now, software side-channel attacks were prevented by making it difficult to accurately detect sensitive information such as data processing times.
However, Prof. Hur and his team have found a way to attack the side-channels within Intel CPUs’ data prefetch technology, and proved that the current countermeasures against such attacks can be defeated. The team confirmed this vulnerability, by successfully recovering private keys by implementing an attack on the ECDH algorithm built upon the latest version of the OpenSSL library.
This finding is especially notable because Intel CPUs are currently the most widely used by commercial cloud computing services, and OpenSSL is the most famous open-source security library in the world. Since this means that sensitive encrypted data, including personal or classified information, may be extracted from the commercial cloud environment, the results of this research are expected to have a deep impact and far reaching consequences.
This research is a part of the 2018 ICT & Broadcasting Technology Development Program, Social Problem Resolution Project (project name: Safe and convenient ways to process personal information into big data) supported by the Ministry of Science & ICT and Institute for Information & Communications Technology Promotion. The results are posted in the open source community, and the upgraded latest version of OpenSSL (version 1.1.1) is currently available. The potential threat of this side-channel attack realized by exploiting data prefetching has been reported to Intel and follow-up measures are awaited.
Meanwhile, the research results have been presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security (CCS), taking place from Oct. 15 to 19 in Toronto, Canada. ACM CCS is regarded as the most prestigious conference in the field of computer security.