Skip to main content
  1. Home
  2. Computing
  3. News

Researchers bypass Intel's Software Guard Extensions to access RSA keys

Brad Jones
By

Close-up of hands on a laptop keyboard in a dark room.
Dmitry Tishchenko/123RF
Intended to help users keep their systems safe and secure, Intel Software Guard Extensions is a set of CPU instructions that can make particular portions of code and data private. However, a new paper suggests that SGX could in fact be used to facilitate a malicious attack.

Samuel Weiser and four collaborators from the Graz University of Technology in Austria have published research that demonstrates how SGX can be used to conceal a piece of malware. Within minutes, this technique was used to gain access to RSA keys hidden in SGX enclaves, according to a report from The Register.

Recommended Videos

The researchers developed a method of monitoring vulnerable cache sets that allowed them to spot the telltale signature of an RSA key calculation. “Key recovery comes in three steps,” reads the paper. “First, traces are preprocessed. Second, a partial key is extracted from each trace. Third, the partial keys are merged to recover the private key.”

Related

Tests were run on an SGX-capable Lenovo ThinkPad T460S, which was running Ubuntu version 16.10. The team found that a single cache trace offered access to 96 percent of a 4,096-bit RSA key, and it only took eleven traces for the complete key to be assembled. The process took less than five minutes.

The authors of the paper said it’s possible to block the type of attack that they’ve demonstrated. However, the responsibility of addressing the vulnerability falls to Intel, as changes made to operating systems could end up causing further damage to the SGX model.

This isn’t the first time that Weiser has gone public with evidence that SGX is vulnerable. In January 2017, he was part of a group of researchers that published a paper that demonstrated how its input-output protections could be abused to gain access to private user data.

Digital Trends was given the following statement by Intel:

There have been many academic articles looking at the security of SGX, including side-channel attacks. In general these papers do not demonstrate anything new or unexpected about the Intel SGX architecture.

Preventing side channel attacks is a matter for the enclave developer. Intel makes this clear In the security objectives for SGX, which are well documented. The types of side-channel attacks identified on the RSA implementation used in the Graz paper were well-known for some time and are addressed by other crypto libraries available to developers (e.g. OpenSSL).

Updated on 03-17-2017 by Brad Jones: Added statement from Intel.

Editors' Recommendations

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
The 5 best MacBooks for video editing in 2024
Apple MacBook Pro 16 front angled view showing display and keyboard.

Video editing is one of the most demanding things you can ask of your laptop. Not only do you need a powerful processor to keep things running smoothly, but you'll also need loads of RAM and a solid GPU to best carry out the task. If any of these components are lacking, you could run into trouble with your software – resulting in sluggish performance and a frustrating overall experience.

Hunting for a laptop that's robust enough to handle video editing isn't easy, but you can make things more manageable by sticking to Apple's MacBook catalog.

Read more
The 7 best laptop stands in 2024
Time for a desk upgrade! These great stands will elevate and protect your laptop
The Grovemade Wood Laptop Stand with other Grovemade desk supplies.

One of the first things to do after you get one of the best new laptops is to hunt for great accessories. That can mean getting the best wireless mouse to carry around with you, upgrading to more consistent Wi-Fi with a PC Wi-Fi adapter, or even getting a carrying case for when you take it out to the coffee shop for work. One laptop accessory that is often overlooked, much to our despair, is the laptop stand.

A laptop stand can be a great source of comfort due to the increased ergonomics, reduced heat on your lap, and give your laptop better overall functionality on top of a desk, too. Some are even designed to help keep the laptop cool, something every owner of one of the best gaming laptops will know is important. So, look at the following list of the best laptop stands with a mind for quality and comfort, you're sure to find something that meets your needs.
The best laptop stands in 2024

Read more
This Lenovo gaming laptop with an RTX 4090 is $740 off today
Lenovo Legion Pro 7i on a desktop surface outside.

Lenovo often has some of the best laptop deals and today is no different with a sweet discount for anyone seeking a new gaming laptop. A new arrival from Lenovo, the Lenovo Legion Pro 7i is already $740 off bringing it down to $2,900 from $3,640. Packed with the latest hardware, you’re going to love it and we’re here to tell you exactly why. Remember -- this deal is unlikely to stick around for long.

Why you should buy the Lenovo Legion Pro 7i
As one of the best gaming laptop brands, it’s always worth strongly considering Lenovo and its Legion range when seeking a new gaming rig. This particular model is packed with the latest hardware. It has a 14th-generation Intel Core i9-14900HX processor paired up with a massive 32GB of memory so it’s all set for gaming for a long time at high detail levels. Of course, to do so, it needs a great graphics card and you can’t get much better than the Nvidia GeForce RTX 4090 with 16GB of dedicated VRAM that’s included here. It all comes together to futureproof your gaming sessions for a long time to come.

Read more