Intel Zeros in on Hardware Security with a Tunable Replica Circuit
Intel is employing a new hardware security measure to mitigate the threat of physical fault injection attacks.
While many may think of security as a purely software-defined pursuit, a system's underlying hardware is a significant component of its overall security. To this end, companies and researchers design computing platforms that feature circuit-level security. On August 11, Intel announced a new hardware technique to mitigate the threat of fault injection attacks in its CPUs.
Tunable replica circuit integration in Intel's Converged Security and Management Engine. Image used courtesy of Intel
In this article, we’ll talk about physical fault injection attacks and Intel’s new security features to minimize their impact.
Physical Fault Injections Attacks
Of the many physical attack vectors that exist on computing hardware, one that is significantly noteworthy is the physical fault injection attack.
A physical fault injection attack occurs when an adversary aims to induce errors in a device’s internal components to access cryptographic keys or other sensitive data. These attacks disrupt a device’s behavior beyond its intended operation through intense electromagnetic pulses, high temperatures, and under and overvolting the device’s supply voltage.
Setup of a generic fault injection and side-channel attack. Image used courtesy of Shepherd et al
These attacks involve a fault generator that injects a fault in the device under test (DUT) once it detects a given trigger from that device. Triggers might occur when a device begins its control check of kernel access, for example, or a different system function during which fault generation could be detrimental.
The generator aims to inject a well-timed and calibrated fault in the DUT. From there, an attacker generally uses a control computer to analyze the resulting outputs, such as register values, memory addresses, or oscilloscope traces. From here, an attacker can discover useful faults such as instruction corruption and decryption errors.
Intel Taps "Tunable Replica Circuits"
In an attempt to make its computing platforms more robust and immune to such attacks, Intel recently announced the integration of tunable replica circuits (TRC) into its Converged Security and Management Engine (CSME).
A standard tunable replica circuit. Image used courtesy of BlackHat
A tunable replica circuit is a circuit that consists of a launch flip flop, a tunable delay chain, and a capture flop. The capture flop detects when a signal exits the delay chain at the wrong speed or with the incorrect timing, indicating an injected fault. Historically Intel has used TRCs to monitor and correct dynamic variations in its devices' performance, such as voltage drop, temperature, and aging in circuits. Now, however, the company has found a way to apply TRCs to protect against fault injections.
Intel CSME hardware architecture concept. Image used courtesy of Intel
Intel’s TRC is designed to protect against fault injection attacks by monitoring the delay of digital circuits. According to the company, the TRC within the CMSE can be calibrated to ascertain that any measured timing violations can only result from an attack. Once an attack is recognized, the CSME can deploy several protection measures to keep the device safe.
In practice, Intel is deploying its TRC to its Platform Controller Hub, which is isolated from the CPU to enhance the system’s root of trust.