Intel is expanding its arsenal against attacks on physical hardware

Intel unveiled a Tunable Replica Circuit at Black Hat USA designed to help protect against certain types of physical error injection attacks without requiring interaction with the computer owner.

Image: Adobe Stock

The security community is so focused on software-based attacks that they often forget that physical attacks are possible. Physical attacks are also often viewed as allowing an attacker to physically access the target computer and then use hardware to compromise the computer. Such hardware can be, for example, a Bash Bunny or a Rubber Ducky. However, it is still software that compromises the computer.

There’s another, lesser-known, but still existing possibility: playing around with the pins on the computer chip that supply the clock and voltage. This is where the Tunable Replica Circuit (TRC) comes into play, which Intel presented in parts of its hardware at BlackHat USA 2022.

What is a TRC?

TRC uses hardware-based sensors to explicitly detect circuit-based timing errors that occur as a result of an attack, where the attack is a non-invasive physical error on the pins that supply the clock and voltage. Intel’s TRC also has the ability to detect electromagnetic fault injection (EMFI).

Fault injection attacks allow an attacker to cache a NOP (No Operation) instruction instead of a JMP (Jump) condition, thereby altering the flow of execution. It might also be useful to replace real keys in fixed-function crypto engines.

Intel stated that the TRC will be deployed in the 12th Gen Intel Core processor family, adding fault injection detection technology to the Intel Converged Security and Management Engine (Intel CSME) (Figure A).

Figure A

Simplified diagram of TRC integration in Intel CSME.
Simplified diagram of TRC integration in Intel CSME. Image: Intel Corporation.

It is enabled by default in CSME and does not require any interaction with the computer owner.

SEE: Mobile Security Policy (TechRepublic Premium)

Intel CSME is an embedded subsystem in the Platform Controller Hub (PCH) that serves as the silicon initialization of the platform, provides a remote management function independent of the operating system and offers additional security such as Intel Boot Guard or integrated TPM (Trusted-Platform Module), which enables secure booting, disk encryption , secure storage and virtual smart card enabled.

In the published paper by Intel’s Sr. Principal Engineer Daniel Nemiroff and Principal Engineer Carlos Tokunaga, they warn that “attackers can focus their attention on hardening software vulnerabilities through the use of virtualization, stack canaries, authentication of code before execution, etc have drawn attention to physically attacking computing platforms. A favorite tool of these attackers are error injection attacks via glitch voltage, clock pins to cause circuits to fail timing, leading to execution of malicious instructions, exfiltration of secrets, etc.”

How does a TRC work?

The TRC works by monitoring the delay of certain types of digital circuits. It is calibrated to signal a fault at a voltage level beyond the CSME’s nominal operating range. Any error condition emanating from the TRC indicates potential data corruption and triggers mitigation techniques to ensure data integrity. To avoid false alarms, Intel has also developed a feedback-based calibration flow.

Security scenarios have been tested and proven that the TRC can be calibrated to a point where timing violations can only be the result of an attack. These tests were performed by Intel Labs, the iSTARE (Intel Security Threat Analysis and Reverse Engineering) team, a team specialized in hacking Intel’s chips. The company also mentions external testing. To further increase confidence in the TRC and gain additional insight into fault injection testing, Intel completed Riscure for clock, voltage, and EMFI testing. The company was unable to successfully perform a fault injection attack, concluding that “in all cases, the successful disruptions were detected by the countermeasures implemented”.

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

Error injections in the real world

One might wonder what the odds are that an attacker is actually trying to perform bug injections in the real world. The answer to this question is difficult as there is no real literature on the subject, but researchers have suggested that these attacks are possible and often use injection devices under the thousand dollar mark.

From an attacker’s perspective, the greatest interest in true fault injection is to bypass Secure Boot. Embedded systems are also more vulnerable to this type of attack than ordinary desktop or laptop computers.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.

About Willie Ash

Check Also

can-newsletter.org – Miscellaneous

The MSP family from Promik is growing: The MSP2300Net in-system programmer enables the shortest programming …