Researchers contradict AMD claims that SEV keys can’t be extracted remotely

By Nick Heyman On Aug 24, 2021

Security researchers have overruled claims from AMD that recent findings concerning the chip giant’s security processes do not pose a real-world threat.

The Technische Universität (TU) Berlin’s Security in Telecommunications group recently published a research paper that demonstrated a means to defeat AMD’s SEV mechanism in a voltage fault injection attack they refer to as a glitching attack.

AMD said the report, which described means to extract encryption keys from Secure Encrypted Virtualization (SEV)-enabled CPUs, had little real-world implication since it requires physical access to a server.

Robert Buhren, one of the authors of the paper, contacted TechRadar Pro to dismiss AMD’s supposition, and instead claims that the attacker needs to have physical access to any arbitrary Epyc CPU, and not necessarily to the CPU that executes the targeted virtual machines (VM).

“A malicious admin could buy the CPU somewhere and use the extracted keys on systems in the data-center. IMHO, this makes the attack much more dangerous as no physical tampering with machines in the data center is required,” Buhren told us.

Real world implications

Further explaining the real-world implications of their research, Buhren adds that the attack they describe enables attackers to use keys extracted from one AMD Epyc CPU to attack VMs running on any other AMD CPU as long as it is based on the same microarchitecture.

“In our paper we specifically describe an attack scenario that allows an attacker to decrypt a SEV protected VM’s memory without physical access to the system hosting the VM,” asserts Buhren.

Buhren further points to his team’s earlier research paper, in which they had published proof-of-concept (PoC) code, which enabled a malicious administrator to mount the kind of attack that’s described in their current research.

The PoC shows how an attacker can use the keys from one AMD processor to extract a SEV-protected VM’s memory inside a data center.

He explains that their most recent glitching attack makes it possible to extract details from all three generations of Zen CPUs, in essence enabling the PoC to work on all AMD processors that support SEV.

Even more worryingly, Buhren claims that since the glitching attack isn’t a firmware issue, it’ll work regardless of whether AMD publishes updated firmware or not.

AMD hasn’t yet responded to TechRadar Pro’s email requesting for comment on Buhren’s assertions.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.