What is side-channel?
In cryptography, a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. Some side-channel attacks require technical knowledge of the internal operation of the system on which the cryptography is implemented, although others such as differential power analysis are effective as black-box attacks.
In general, A side-channel attack is a form of reverse engineering. Electronic circuits are inherently leaky – they produce emissions as byproducts that make it possible for an attacker without acess to the circuitry itself to deduce how the circuit works and what data it is processing.
What is PortSmash?
The vulnerability named PortSmash CVE-2018-5407 discovered by a group of researchers Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola
Tuveri from Tampere University of Technology, Finland and
Alejandro Cabrera Aldaya from Universidad Tecnologica de la Habana CUJAE, Cuba.
About the Portsmash Research
Researchers tested and confirmed vulnerability with Skylake and Kaby Lake processers, they are able to recover the elliptic curve private key from an OpenSSL-powered TLS server.
We able to detect a port carry out timing side-channel attack to exfiltrate a private key from processes running in parallel on the same CPU core. To exploit the vulnerability root permission is not required, researchers said.
Billy Brumley said, “Our attack has nothing to do with the memory subsystem or caching, the nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures.”
Researchers also published proof-of-concept (PoC) on Github that targets the OpenSSL, the library addressed the flaw in OpenSSL 1.1.0h or lower. the exploit code was written in x64 assembly that runs locally on a vulnerable machine.
SMT/Hyper-Threading architectures Skylake and Kaby Lake verified by researchers and they expect to work with AMD Ryzen.
OpenSSL – 1.1.0h & Ubuntu 18.04 affected with the vulnerability.