Sign In

Communications of the ACM

ACM TechNews

Intel SGX is Vulnerable to an Unfixable Flaw That Can Steal Crypto Keys and More


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
An Intel chip.

A team of international researchers disclosed a previously undiscovered vulnerability that steals information from Intel's Software Guard eXtensions.

Credit: Intel

A team of international researchers from Worcester Polytechnic Institute, the University of Michigan, Katholieke Universiteit Leuven in Belgium, Graz University of Technology in Austria, Australian digital research network Data61, and Australia’s University of Adelaide disclosed a previously undiscovered vulnerability that steals information from Intel's Software Guard eXtensions (SGX), a kind of digital vault for securing users' most sensitive data.

The proof-of-concept attack—called Load Value Injection (LVI)—stems from speculative execution. The exploit allows for the raiding of information stored in the SGX enclave.

Said the researchers, “Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations up to 19 times."

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources