[ad_1]

During Black Hat USA 2022, Intel presented a research entitled “Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning“in which he discussed the details of a new technique which integrates the mitigation measures of physical fault injection attacks already present at the software level.

The US company went to integrate logic called Tunable Replica Circuit (TRC) into the chipset accompanying the processor. Such protection against fault injection relies on sensori to explicitly detect anomalies in the timing of the circuits occurring as a result of an attack. TRC was first integrated on platforms targeting 12th Generation Intel Core processors.

The TRC adds fault injection detection technology to the Intel Converged Security and Management Engine (Intel CSME) and is designed to detect non-invasive physical attacks on the pins that supply clock and voltage. The TRC is also designed to detect electromagnetic fault injections.

“Software protection is enforced with virtualization, stack canaries, and code authentication before execution,” said Daniel Nemiroff, Intel Senior Principal Engineer. “This has prompted attackers to turn their attention to physical attacks on computer platforms. One of the preferred tools is fault injection attacks through voltage, clock and electromagnetic radiation glitches that cause circuit timing errors and can allow the execution of malicious instructions and the potential exfiltration of secret data“.

The Tunable Replica Circuit was originally developed by Intel Labs to monitor dynamic variations such as voltage sags, temperature drops and aging in circuits with the aim of improving performance and energy efficiency. As new technologies evolve, their applications also evolve.

“By modifying the monitoring configuration and building the infrastructure to take advantage of the sensitivity of the TRC to fault injection attacks, the circuit has been optimized for security applications,” said Carlos Tokunaga, principal engineer at Intel Labs, explaining the research approach.

Intel Labs, iSTARE-PASCAL (Physical Attack and Side Channel Analysis Lab) and Intel’s Client Computing Group have collaborated to test the TRC in different security scenarios. Together, the three groups have shown that the TRC can be calibrated to the point where such timing violations can be traced back to an attack.

Intel’s TRC is capable of reporting an attack when it detects a timing error due to a voltage, clock, temperature, or electromagnetic glitch. Because the TRC is calibrated to report errors that occur at voltage levels outside the CSME’s rated operating range, any reported error conditions indicate that the data may be corrupted and take appropriate mitigation steps to ensure the data integrity.

Intel has applied the TRC to the Platform Controller Hub (PCH), the system chipset, isolated from the CPU, inside which we find Intel CSME. “The most important aspect of manufacturing this type of hardware sensor is calibration. Calibrated with too high a sensitivity, the sensor would detect normal workload voltage drops as false positives. False positives could cause platform instability, placing an additional burden on cybersecurity managers. To avoid false positives, Intel has developed a feedback-based calibration flow“, explains the company.

Minimizing false negatives is also important, so the feedback loop relies on false positive and false negative test results, along with hardware sensor margin data. This indicates how close the sensor is to detecting a glitch and the accuracy of the protection bands.


.

[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *