Breaking Trusted Execution Environments
6 months ago
- #TEE
- #DDR5
- #Security
- Trusted Execution Environments (TEEs) aim to provide hardware-backed data privacy and integrity, but modern implementations by Intel and AMD are vulnerable to physical memory interposition attacks.
- A DDR5 memory interposition device can be built cheaply using off-the-shelf components, allowing attackers to inspect all memory traffic, including encrypted data.
- The attack exploits deterministic encryption in TEEs, enabling comparison of encrypted data blocks to infer plaintext content.
- Secret attestation keys from Intel TDX and AMD SEV-SNP can be extracted, compromising the security of confidential virtual machines (CVMs).
- Nvidia's GPU Confidential Computing is also vulnerable, as extracted attestation keys can be used to bypass TEE protections for AI workloads.
- The portable version of the attack device fits into a 17" briefcase, making it easy to deploy in various environments.
- Real-world impacts include potential financial losses in cryptocurrency services and breaches in cloud computing security.
- Mitigation strategies are limited, as TEE vendors consider physical attacks out of scope, emphasizing the need for enhanced physical security measures.