Student Raises the Specter of an Attack on Intel Chips

Updated: A computer science researcher uncovers a new type of attack that could hit servers running Intel processors with Hyperthreading.

Companies running servers based on certain Intel Corp. chips could come under attack from the inside, due to a new type of software timing attack.

A research paper released on Friday by Oxford University computer science student Colin Percival details a method by which an attacker could heist cryptography keys on servers running Intel processors with Hyperthreading.

Hyperthreading technology runs two threads or streams of data, making computer software view a single processor as two.

The exploit Percival details takes advantage of the threads shared access to memory caches within the processor to interpret data thats being processed and thus lift the keys. A software timing attack basically watches the behavior of a computer in an effort to expose protected information.

"We demonstrate that this shared access to memory caches provides not only an easily used high bandwidth covert channel between threads, but also permits a malicious thread (operating, in theory, with limited privileges) to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys," Percival writes in an abstract explaining the paper, which was posted to his Web site.

Percivals paper, based around his tests of a 2.8GHz Pentium 4 processor with Hyperthreading, outlines a new type of software timing attack that could be used to divine cryptographic keys on at least one type of specifically configured Intel-processor machine, Intel spokesman Howard High acknowledged.

Percival contends in the paper that the exploit should work on any type chip with a similar, multi-thread and memory cache design.

Intel, with which High said Percival shared a draft of the paper, has been working with operating system vendors to add safeguards against the type of attack, the Intel spokesman said.

Software timing attacks, and particularly the method discovered by Percival, could harbor somewhat dangers for companies, said Rick Fleming, chief technology officer at Digital Defense Inc., in San Antonio, Texas.

Instead of being executed from the outside, such an attack is more likely to be mounted from the inside, such as by a company employee attempting to winnow away cryptographic keys and use them to pilfer other data from a specific server.

Next Page: A technically feasible approach.