Intel’s Hyper-Threading Technology May Compromise Security@ 2005/05/14
On Intel Pentium 4 with Hyper-Threading processor the two threads being executed on each processor share more than the execution units, but also they share access to the memory caches. Caches have already been demonstrated to be cryptographically dangerous: many implementations of AES are subject to timing attacks arising from the non-constancy of S-box lookup timings. However, having caches shared between threads provides a vastly more dangerous avenue of attack, claims Colin Percival, a researcher who has spent about half a year investigating the matter.
According to a document released Friday, this shared access to memory caches pro-vides not only an easily used high bandwidth covert channel between threads, but also permits a malicious thread (operating, in theory, with limited privileges) to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.
The security flaw hardly affects desktop users, but server administrators should pay attention to the situation. It is also unclear whether sharing of memory caches between threads may confront security within systems running dual-core processors.
The author provides some suggestions to processor designers, operating system vendors, and the authors of cryptographic software, of how this attack could be mitigated or eliminated entirely.
Intel’s reaction on the allegations was unavailable at press time.