Merely scratching the surfaceThe researchers have named their attack NetCAT, short for Network Cache ATtack. Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks. The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn't enabled. They are also advising hardware makers do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers. "While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future," the researchers, from the Vrije Universiteit Amsterdam and ETH Zurich, wrote in a paper published on Tuesday. "We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse."
The researchers devised NetCAT after reverse-engineering DDIO and finding that last-level caches were sharing data across CPUs and peripherals, even when they received untrusted or potentially malicious input. Among the things this shared resource divulged was the precise arrival times of data packets sent in sensitive connections such as SSH. The information gave the researchers a side channel they could use to deduce the contents of each keystroke.
NetCAT is based partly on the observation that humans follow largely universal typing patterns that can often reveal clues about the keys they enter into a keyboard. For instance, it's usually faster for most people to type an "s" immediately after an "a" than to type a "g" right after typing an "s." These patterns allowed the researchers to use DDIO to carry out a keystroke timing attack, similar to this one, that uses statistical analysis of the inter-arrival timings of packets. Below is a video demonstrating the attack:The researchers used rapid delivery provided by RDMA to simplify the attack, but it's not a strict requirement, and future attacks may not need it at all. In an email, Kaveh Razavi, one of the Vrije Universiteit researchers who wrote the paper NetCAT: Practical Cache Attacks from the Network, wrote:
In short, the root cause of the vulnerability boils down to Intel's DDIO feature enabling the (last-level) CPU cache to be shared with arbitrary peripherals such as network cards. This dramatically extends the attack surface of traditional cache side-channel attacks, which are normally mounted on a local setting (say from a VM to another in the cloud), exposing servers to cache side-channel disclosure from untrusted clients over the network. Using RDMA (for convenience), we have demonstrated the vulnerability can be exploited in real-world settings to leak sensitive information (e.g., keystrokes from an SSH session).
The feature, Intel Visualization of Internal Signals Architecture (VISA), could allow attackers to gain the lowest-levels of access to Intel CPUs and any data being processed by those CPUs. Intel VISA Unveiled. The bad news is that the Positive Technologies researchers found a way to disable VISA using an older Intel ME vulnerability.
To suss out the timing information from the last-level cache, the researchers used a technique known as PRIME+PROBE. It involves first priming the cache by receiving packets that will be read from certain memory locations. The result: the technique brings the cache to a known state. The attack then waits for the target SSH client to type a letter. That triggers the PROBE stage, which attempts to detect any changes by receiving the same packets from the same memory locations."If the client has typed a key, then these packets will arrive slightly slower, signaling a keystroke," Razavi wrote. "By performing PRIME+PROBE in a loop, NetCAT can find out whenever the victim types something in a network connection."
The researchers proposed a second attack scenario that uses DDIO as a covert channel to funnel sensitive data off a server. In one variation, the covert channel connects a targeted server to an unnetworked, cooperating sandboxed process on a remote machine. A second variation creates a covert channel between two cooperating network clients running inside two separate networks.Covert channels are mechanisms attackers use to transfer data between processes or hardware that are barred by security policies from communicating with one another. By stealthily bypassing this policy, attackers can steal sensitive data in a way that's not detectable by the target.
The research is impressive, and the vulnerability it reveals is serious. Anyone who uses Intel-made processors inside data centers or other untrusted networks should carefully review the research, Intel's advisory, and any advisories by the network provider to ensure DDIO doesn't present a threat. People should also be aware that disabling DDIO comes at a significant performance cost. So far as the researchers know, chips from AMD and other manufacturers aren't vulnerable because they don't store networking data on shared CPU caches.
At the same time, people should remember that the research isn't likely to materialize into widespread attacks in the real world any time soon.
"NetCAT is a complex attack and is likely not the low-hanging fruit for the attackers," Razavi wrote. "In server settings with untrusted clients, where security matters more than performance, however, we recommend DDIO to be disabled."