WireTap: Breaking Server SGX via DRAM Bus Interposition
19 hours ago
- #Hardware Security
- #SGX
- #Blockchain
- Intel's Software Guard eXtensions (SGX) provides hardware-backed security for sensitive data, even against root-level attackers.
- Researchers demonstrated a physical attack on SGX using a cheap, DIY interposer device to capture memory traffic and extract secret keys.
- The attack exploits deterministic memory encryption in SGX, allowing attackers to map encrypted memory to plaintext.
- Successful breaches include extracting SGX attestation keys, forging SGX quotes, and compromising real-world systems like Secret Network, Phala, Crust, and IntegriTEE.
- The attack has significant implications for blockchain deployments, enabling unauthorized access to confidential transactions and fake storage proofs.
- Intel considers physical attacks like WireTap outside SGX's threat model, with no current mitigations beyond secure physical environments.
- Older SGX platforms using Intel ME are not vulnerable, but newer platforms with TME (DDR4) are at risk.
- Secret Network, Phala, and Crust have implemented measures like seed rotation and trusted node enrollment in response to the vulnerabilities.
- The research highlights the need for trusted physical environments when using SGX and similar TEE technologies.