Results 1 to 16 of 16

Thread: Side-channel vulnerability called PortSmash detailed

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,621
    Thanks
    0
    Thanked
    1,705 times in 591 posts

    Side-channel vulnerability called PortSmash detailed

    Researchers used this vulnerability as a vector to steal private decryption keys.
    Read more.

  2. #2
    Senior Member
    Join Date
    May 2014
    Posts
    852
    Thanks
    53
    Thanked
    111 times in 73 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.

  3. #3
    Long member
    Join Date
    Apr 2008
    Posts
    781
    Thanks
    32
    Thanked
    149 times in 110 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Tabbykatze View Post
    Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.
    Yeh, I was thinking this... It's not exactly the biggest vulnerability in the world ever.

  4. #4
    Bows out! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Hopefully somewhere less backstabby
    Posts
    28,789
    Thanks
    3,203
    Thanked
    4,454 times in 3,440 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: Side-channel vulnerability called PortSmash detailed

    No bother since Intel has switched off SMT for almost its whole consumer range now - what a coincidence(sorry at the cheap shot).

    I wonder if Ryzen is affected??


    Those despicable Elk,stealing the pond weed!

  5. #5
    Long member
    Join Date
    Apr 2008
    Posts
    781
    Thanks
    32
    Thanked
    149 times in 110 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

    Another cheap shot.

  6. #6
    Bows out! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Hopefully somewhere less backstabby
    Posts
    28,789
    Thanks
    3,203
    Thanked
    4,454 times in 3,440 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by philehidiot View Post
    Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

    Another cheap shot.
    I know just the people!!


    Those despicable Elk,stealing the pond weed!

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    852
    Thanks
    53
    Thanked
    111 times in 73 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    Not sure how much it will be affected because of the way they handle inter core and thread security but we will have to see what they come out with. Because this is not a speculative execution vulnerability but is instead inside core thread handling it could be.

  8. #8
    Registered+
    Join Date
    Jun 2014
    Posts
    52
    Thanks
    0
    Thanked
    5 times in 5 posts

    Re: Side-channel vulnerability called PortSmash detailed

    I get that it's important to say that it could affect other SMT implementations and AMD is the only other real player with SMT but mentioning AMD in the first sentence and saying "other architectures featuring SMT, especially AMD Ryzen systems, are also vulnerable to PortSmash style exploits" is misleading. The results are only about intel and there's nothing about ryzen's SMT implementation that makes it 'especially' vulnerable other than it has SMT. Using the word 'especially' instead of 'like' changes the context from "possibly also affects other SMT implementations which include AMD" to "AMDs SMT implementation will be affected more than others".

    Not making any accusations but if I wanted to get hold of a brown envelope stuffed with cash I might just start writing articles about CPUs and just wait for the guy in the trench coat to turn up. Or maybe I could start benchmarking CPUs? Or maybe I could open up a security analysis lab? I reckon Intel spend more on "creative marketing" than r&d, that's why they haven't cracked 10nm!

  9. #9
    Senior Member
    Join Date
    May 2014
    Posts
    852
    Thanks
    53
    Thanked
    111 times in 73 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by EN1R0PY View Post
    I get that it's important to say that it could affect other SMT implementations and AMD is the only other real player with SMT but mentioning AMD in the first sentence and saying "other architectures featuring SMT, especially AMD Ryzen systems, are also vulnerable to PortSmash style exploits" is misleading. The results are only about intel and there's nothing about ryzen's SMT implementation that makes it 'especially' vulnerable other than it has SMT. Using the word 'especially' instead of 'like' changes the context from "possibly also affects other SMT implementations which include AMD" to "AMDs SMT implementation will be affected more than others".

    Not making any accusations but if I wanted to get hold of a brown envelope stuffed with cash I might just start writing articles about CPUs and just wait for the guy in the trench coat to turn up. Or maybe I could start benchmarking CPUs? Or maybe I could open up a security analysis lab? I reckon Intel spend more on "creative marketing" than r&d, that's why they haven't cracked 10nm!
    Looks like the wording may have been changed as now it just says "and possibly AMD".

  10. #10
    Senior Member
    Join Date
    Dec 2013
    Posts
    2,453
    Thanks
    288
    Thanked
    295 times in 206 posts

    Re: Side-channel vulnerability called PortSmash detailed

    It will almost certainly effect AMD CPUs as it basically makes use of a vulnerability that's been known about for over a decade, if you attempt to use the same resource you can detect a conflict through timing differences. It's more to do with bad code than bad hardware as the storing of cryptography stuff shouldn't have an effect on the code you're running.

  11. #11
    Long member
    Join Date
    Apr 2008
    Posts
    781
    Thanks
    32
    Thanked
    149 times in 110 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    When I read it I got the impression that the people who had done it were fairly confident it could translate across to AMD but frankly, the whole thing is probably beyond my understanding.

    A computer scientist was trying to teach me how to use logic gates to build an adder.

    I asked how you make chips slither.

    He stopped trying to teach me soon after.

  12. #12
    Senior Member
    Join Date
    May 2014
    Posts
    852
    Thanks
    53
    Thanked
    111 times in 73 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Corky34 View Post
    It will almost certainly effect AMD CPUs as it basically makes use of a vulnerability that's been known about for over a decade, if you attempt to use the same resource you can detect a conflict through timing differences. It's more to do with bad code than bad hardware as the storing of cryptography stuff shouldn't have an effect on the code you're running.
    It will affect the technology but AMD may have already got security implementations in place to prevent cross thread access. As with Spectre and Meltdown, Meltdown was null on AMD simply because they do not allow any call to be run without the appropriate security level whereas Intel sacrificed security for performance allowing some calls while authority was checked.

    We shall have to see if PoC is established on AMD processors.

  13. #13
    Senior Member
    Join Date
    Dec 2013
    Posts
    2,453
    Thanks
    288
    Thanked
    295 times in 206 posts

    Re: Side-channel vulnerability called PortSmash detailed

    This isn't a cross thread access thing, it's a timing thing, technically Spectre and Meltdown wasn't a thread access thing either as a malicious program couldn't access the code.

    All of these types of attack depend on speculating, in the case of Spectre and Meltdown an attempt to run code would be requested and while privilege levels where being checked the CPU would start running that code despite the privilege level not being known at the time, while that malicious code is attempting to run and its privilege level is being checked the time it takes to access certain resources is measured. While the malicious code ultimately fails because it fails a privilege check we can deduce what resources would have been used by looking at the varying times of accessing certain resources.

    At a completely inaccurate hypothetical level if i ask the CPU to load the alphabet one letter at a time i can detect if the CPU was already working on the letters HACK because those letters loaded far quicker than the other letters, PortSmash is similar in that it runs code to detect what resources are in use. It's all a bit like how we know black holes are a thing despite not being able to see them.

  14. #14
    Long member
    Join Date
    Apr 2008
    Posts
    781
    Thanks
    32
    Thanked
    149 times in 110 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Corky34 View Post
    This isn't a cross thread access thing, it's a timing thing, technically Spectre and Meltdown wasn't a thread access thing either as a malicious program couldn't access the code.

    All of these types of attack depend on speculating, in the case of Spectre and Meltdown an attempt to run code would be requested and while privilege levels where being checked the CPU would start running that code despite the privilege level not being known at the time, while that malicious code is attempting to run and its privilege level is being checked the time it takes to access certain resources is measured. While the malicious code ultimately fails because it fails a privilege check we can deduce what resources would have been used by looking at the varying times of accessing certain resources.

    At a completely inaccurate hypothetical level if i ask the CPU to load the alphabet one letter at a time i can detect if the CPU was already working on the letters HACK because those letters loaded far quicker than the other letters, PortSmash is similar in that it runs code to detect what resources are in use. It's all a bit like how we know black holes are a thing despite not being able to see them.
    That's pretty impressive.

  15. #15
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    9,263
    Thanks
    439
    Thanked
    939 times in 800 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 500GB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 28 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    I expect it will be.

    The interesting ones would be IBM Power and Sun SPARC chips, as they have more than 2 threads per core so whilst the information is leaked from one thread you might need to instrument the other 3 threads on Power or the other 7 threads on a Sparc to recover the data.

    Edit: Changed 15 threads to 7 on Sparc as Niagra was too dumb to port block, but later 8 thread designs were finer grained.
    Last edited by DanceswithUnix; 05-11-2018 at 08:20 PM.

  16. #16
    I really don't care Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    877
    Thanks
    30
    Thanked
    103 times in 85 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 3000 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 840 EVO; RAID-0 x2 WD Black; RAID-0 x2 Crucial MX500
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Side-channel vulnerability called PortSmash detailed

    I expect it becomes less practical as core counts go up. The odds of your process running on a thread that is on the same physical core as another when you've got a crazy number of cores becomes unlikely.

    Of course, it's another tool in the arsenal. And all the more reason not to use cloud or virtual services.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •