CAVEaT

 View Only

  • 1.  Discussion of the Single Stepping Attack entry

    Posted Oct 18, 2024 01:23:00 PM

    This is for discussion of the Single Stepping Attack entry.



    ------------------------------
    Kurt Seifried
    Chief Blockchain Officer and Director of Special Projects
    Cloud Security Alliance
    [email protected]
    ------------------------------


  • 2.  RE: Discussion of the Single Stepping Attack entry

    Posted Oct 23, 2024 09:53:00 AM

    In "Affected Platforms" the TTP implicates "Azure Titan Chips".  These apparently do not exist. Google has a Titan M2 chip: What is the Titan M2 security chip in Google's Pixel phones?

    Also, the foundational research references that started the TTP concept are not provided:

    CounterSEVeillance and TDXdown attacks: Two teams of academics have published details on two new attacks that can break the confidentiality of CPU trusted execution environments (TEEs). The attacks allow threat actors to recover sensitive data from sections of a CPU that have been designed to protect important data. The first attack is named CounterSEVeillance [PDF] and can recover data from AMD's Secure Encrypted Virtualization (SEV) TEE. The second attack is named TDXdown and impacts Intel's newest TEE technology, the Trust Domain Extensions (TDX). Both technologies are commonly used in cloud computing and virtual machine technologies. AMD has published guidance on how to deal with the attack, while Intel released firmware patches. [Additional coverage in SecurityWeek]

    Heckler was an attack against SEV-SNP and TDX presented at USENIX Security 2024 back in August. The details, including the full research paper, is hosted on the associated GitHub site https://ahoi-attacks.github.io/heckler/. As for stepping attacks, see the SGX Step tool https://github.com/jovanbulck/sgx-step.

    For credibility, it would appear these should be referenced as foundational.






    ------------------------------
    Mari Spina
    Sr. Principal Cybersecurity Engineer
    The MITRE Corp
    ------------------------------

    Original Message


  • 3.  RE: Discussion of the Single Stepping Attack entry

    Posted Oct 29, 2024 05:20:00 PM
    Edited by Alex Kaluza Oct 29, 2024 05:21:40 PM

    Additional Info:

    Key Features of the Titan M2:     The Titan M2 is Google's dedicated security chip used in Pixel devices starting with 6 series, designed to secure sensitive data by handling encryption, protecting cryptographic keys, and ensuring the integrity of device boot processes. By isolating sensitive operations, the Titan M2 provides robust hardware-backed security against both physical and digital attacks, enhancing Android's security framework to better protect user data.

    • RISC-V Architecture: The Titan M2 is built on the RISC-V CPU architecture, incorporating its own memory, RAM, and cryptographic accelerator. This design enables the chip to operate independently of the main processor, reducing potential attack vectors. (Android Authority)

    • Secure Boot and Data Protection: Collaborating with the Google Tensor security core, the Titan M2 ensures the integrity of the boot process and safeguards user data. It securely stores cryptographic keys, passwords, and PINs, isolating them from the main operating system to prevent unauthorized access. (Google Security Blog)

    • Android StrongBox Support: The chip supports Android StrongBox, providing a secure environment for generating and storing cryptographic keys used by various applications. This feature enhances the protection of sensitive data, such as payment information and personal credentials. (Android Authority)

    • Resistance to Physical Attacks: Google has designed the Titan M2 to be resilient against side-channel attacks, such as power analysis and voltage fluctuations, which are sophisticated methods used to extract sensitive information from hardware devices. (Android Authority)

    Threat Tactic Protocols (TTPs) targeting Trusted Execution Environments (TEEs) that provide insight:

    • CounterSEVeillance Attack: The CounterSEVeillance attack focuses on AMD's Secure Encrypted Virtualization (SEV), demonstrating how sensitive information can be recovered even from SEV-protected environments, a vulnerability particularly concerning for cloud-based virtual machines. This research, published by academics, can be found in the CounterSEVeillance paper.

    • TDXdown Attack: The TDXdown attack targets Intel's Trust Domain Extensions (TDX), which are designed to protect data in TEE environments. Researchers have shown how Intel's TDX can be exploited to access protected data, a finding that raises questions about the robustness of newer Intel cloud security solutions. The TDXdown attack details are available here.

    • Heckler Attack: The Heckler attack, presented at USENIX Security 2024, explores vulnerabilities in both AMD SEV-SNP and Intel TDX within virtualized settings. This research illustrates how attackers might breach these protections in environments that are widely used in cloud computing. For full details, the research is available on GitHub.

    • SGX Step Tool: The SGX Step Tool is a diagnostic framework for Intel's Software Guard Extensions (SGX) that exposes timing-based vulnerabilities. While designed for debugging, it reveals potential weaknesses in SGX-protected systems. More information on this tool is accessible here.

    ------------------------------
    Alex Kaluza
    Research Analyst
    Cloud Security Alliance
    ------------------------------

    Original Message