Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”
The HT technology allows two separate processes, software threads, to concurrently execute, using a single CPU, and it’s this capability that can be exploited. he multiple processes share access to the CPU’s cache, and through this shared access the security keys for the computer can be gleaned.
Cache is a portion of memory, usually built into the microprocessor, that enables ultrafast access to frequently-used, and recently-used data. By storing the data in fast-access memory, overall system performance is improved. Generally, the system’s L1 cache is cleared between system processes; however, with HT technology, the cache may remain filled, pending a request from another thread, this allows one processing thread to have access to the data intended for use by the other. The problem is akin to a shared desk: one user has access to another’s papers unless the desk is cleared between work shifts.
Percival reported that the co-access security risk only affects servers, and that desktop users are not at risk; however,
Hyper-Threading processors also ship on desktop PCs, but this particular flaw is only a problem for servers, Percival said on his Web site.
According to Percival, “Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw,” Colin explains. “This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately.”
Call for Comments
What do you think? Leave your comments below.
BSDCan 2005 Hyper-Threading Vulnerability