Now This Gets Deep

A prof by the name of Colin Percival of Simon Fraser University in British Columbia has published a 12-page paper (PDF here) that shows how simultaneous execution of threads in the Intel Pentium hyperthreading model can lead to compromised security. If you can stomach wading through the details, it makes for a fascinating journey through processor internals. It helps if you can read assembly code and understand encryption. What he demonstrates is basically this: in the Pentium model simultaneously executing threads share access to the level 1 and level 2 memory caches. In the simplest exploit Professor Percival shows that two threads can use the timing of reads and writes from these caches to communicate bits between themselves at up to 400 kilobytes per second. That’s a fairly high-bandwidth channel, but the threads have to cooperate. In the piece de resistance he shows that a spy thread, working without the knowledge of the thread it is watching, can use the timing effects of level 2 cache misses to infer certain characteristics of the data being operated on, including important parts of the modulo arithmetic used in OpenSSL encryption key processing.

Leave a Reply

Your email address will not be published. Required fields are marked *