Skip to main content

Researchers bypass Intel's Software Guard Extensions to access RSA keys

Close-up of hands on a laptop keyboard in a dark room.
Dmitry Tishchenko/123RF
Intended to help users keep their systems safe and secure, Intel Software Guard Extensions is a set of CPU instructions that can make particular portions of code and data private. However, a new paper suggests that SGX could in fact be used to facilitate a malicious attack.

Samuel Weiser and four collaborators from the Graz University of Technology in Austria have published research that demonstrates how SGX can be used to conceal a piece of malware. Within minutes, this technique was used to gain access to RSA keys hidden in SGX enclaves, according to a report from The Register.

The researchers developed a method of monitoring vulnerable cache sets that allowed them to spot the telltale signature of an RSA key calculation. “Key recovery comes in three steps,” reads the paper. “First, traces are preprocessed. Second, a partial key is extracted from each trace. Third, the partial keys are merged to recover the private key.”

Tests were run on an SGX-capable Lenovo ThinkPad T460S, which was running Ubuntu version 16.10. The team found that a single cache trace offered access to 96 percent of a 4,096-bit RSA key, and it only took eleven traces for the complete key to be assembled. The process took less than five minutes.

The authors of the paper said it’s possible to block the type of attack that they’ve demonstrated. However, the responsibility of addressing the vulnerability falls to Intel, as changes made to operating systems could end up causing further damage to the SGX model.

This isn’t the first time that Weiser has gone public with evidence that SGX is vulnerable. In January 2017, he was part of a group of researchers that published a paper that demonstrated how its input-output protections could be abused to gain access to private user data.

Digital Trends was given the following statement by Intel:

There have been many academic articles looking at the security of SGX, including side-channel attacks. In general these papers do not demonstrate anything new or unexpected about the Intel SGX architecture.

Preventing side channel attacks is a matter for the enclave developer. Intel makes this clear In the security objectives for SGX, which are well documented. The types of side-channel attacks identified on the RSA implementation used in the Graz paper were well-known for some time and are addressed by other crypto libraries available to developers (e.g. OpenSSL).

Updated on 03-17-2017 by Brad Jones: Added statement from Intel.

Editors' Recommendations

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
How to build a PC from scratch: A beginner’s guide
Installing RAM in a desktop PC.

Building a PC for the first time, or even the second or third time, can feel a little intimidating. But one of the best parts about building a computer is that, for the most part, the parts fit where they should, and don't fit where they shouldn't. A graphics card will fit in the graphics card slot, and good luck putting the CPU in the wrong socket.

With a little care, time, and this handy guide, you can build a PC without hassle. We're here to walk you through it.

Read more
Microsoft just made Paint relevant again
Person using Windows 11 laptop on their lap by the window.

The controversial Recall feature has grabbed all the headlines from Microsoft’s Copilot+ announcements yesterday, but this new AI feature is also making Paint relevant again.

It’s called Cocreator, and it’s a new AI feature that can turn your quick sketch, augmented by text, into a much more realistic and impressive image. The exciting thing is that it does all this in real time. It might not get it right the first time, so you'll need patience, and the more details you give about what you want in the image, the better.

Read more
SpaceX’s Starlink internet service reaches milestone
A Starlink dish.

SpaceX’s Starlink service now has more than 3 million customers globally, the company announced this week.

“Starlink is connecting more than 3M people with high-speed internet across nearly 100 countries, territories, and many other markets,” SpaceX said in a social media post on Tuesday that also included a short video showing Starlink satellite dishes set up and providing an internet connection in various places around the world.

Read more