Intel Introduces First Protections Against Certain Physical Threats
August 15, 2022 | IntelEstimated reading time: 3 minutes
Intel improves software reliability by building silicon enhancements realized through logic inside the processor. Today, the company described a new technique to complement existing software mitigations for fault injection attacks.
Tunable Replica Circuit (TRC) – Fault Injection Protection uses hardware-based sensors to explicitly detect circuit-based timing failures that occur as the result of an attack. TRC is first delivered in the 12th Gen Intel® Core™ processor family. It adds fault injection detection technology to the Intel® Converged Security and Management Engine (Intel® CSME), where it is designed to detect non-invasive physical glitch attacks on the pins supplying clock and voltage. TRC is also designed to detect electromagnetic fault injections.
“Software protections have hardened with virtualization, stack canaries and code authentication before execution,” said Daniel Nemiroff, senior principal engineer at Intel. “This has driven malicious actors to turn their attention to physically attacking computing platforms. A favorite tool of these attackers is fault injection attacks via glitching voltage, clock pins and electromagnetic radiation that cause circuit timing faults and may allow execution of malicious instructions and potential exfiltration of secrets.”
Intel’s TRC was originally developed by Intel Labs to monitor dynamic variations, such as voltage droop, temperature, and aging in circuits to improve performance and energy efficiency. As new technologies evolve, so do their applications.
“By changing the monitoring configuration and building the infrastructure to leverage the sensitivity of the TRC to fault injection attacks, the circuit was tuned for security applications,” said Carlos Tokunaga, principal engineer in Intel Labs, explaining the research approach.
Intel Labs, iSTARE-PASCAL (Physical Attack and Side Channel Analysis Lab) and Intel’s Client Computing Group partnered on testing and validating TRC for security scenarios. Together they proved that TRC can be calibrated to a point where such timing violations could only be the result of an attack. Intel applied the TRC as a hardware sensor to detect and help protect against these fault injection attack methods.
Intel’s TRC is designed to protect against certain types of physical attacks by monitoring the delay of specific types of digital circuits. When calibrated to specific expectations of the sensor sensitivity, TRC signals an error when it detects a timing failure due to a voltage, clock, temperature or electromagnetic glitch. Because the TRC is calibrated to signal an error at a voltage level beyond the nominal operating range of the CSME, any error condition from the TRC is an indication that data could be corrupted, triggering mitigation techniques to ensure data integrity.
Intel has applied the TRC to the Platform Controller Hub (PCH), a separate chipset isolated from the CPU that enhances protection of a system’s root of trust called the Intel CSME.
The most crucial aspect for productizing this type of hardware sensor is calibration. Calibrated too aggressively, the sensor would detect normal workload voltage droops as false positives. False positives create noise and could result in platform instability, bringing additional burden for already overworked cybersecurity teams.
To avoid false positives, Intel developed a feedback-based calibration flow. Minimizing the false negatives is also important, so the feedback loop uses results from false-positive and false-negative testing along with margin data from the hardware sensor. This indicates how close the sensor was to detecting a glitch as well as the accuracy of the guard bands.
Architectural advancements can often result in considerably less execution overhead compared to software-only implementations, yet physical attack methods have traditionally been outside of threat models.
As more compute is brought to the intelligent edge, Intel has invested in physical attack protection security capabilities to enhance software resilience as workloads expand and threat models evolve. Security is a system-level property rooted in the silicon. Every component in the system — from software to silicon — can help keep data secure.
Details of this research was presented at Black Hat USA 2022: Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning. Additional technical information is available in the following whitepaper: Fault-Injection Countermeasures, Deployed at Scale.
Suggested Items
Keysight, Instrumentix Partner to Launch Complete Trade Monitoring Solution for Financial Markets
11/21/2024 | Keysight TechnologiesKeysight Technologies, Inc. expanded its financial capital markets portfolio through a partnership with Instrumentix to introduce a cutting-edge trade solution.
Sat Nusapersada Chooses Siemens' Process Preparation Software to Boost NPI and SMT Line Efficiency
11/21/2024 | Siemens Digital Industries SoftwareSiemens Digital Industries Software announced that Sat Nusapersada, one of the largest Electronics Manufacturing Services (EMS) providers in Indonesia, has adopted its Process Preparation software to reduce its timescale for New Product Introduction (NPI) of printed circuit board assemblies and improve the efficiency of its Surface Mount Technology production lines by 23 percent.
PCB Design Software Market Expected to Hit $9.2B by 2031
11/21/2024 | openPRThis report provides an overview of the PCB design software market, detailing key market drivers, challenges, technological advancements, regional dynamics, and future trends. With a projected compound annual growth rate (CAGR) of 13.4% from 2024 to 2031, the market is expected to grow from USD 3.9 billion in 2024 to USD 9.2 billion by 2031.
Keysight Providing Software to Enable Researchers through the Microelectronics Commons
11/15/2024 | Keysight TechnologiesKeysight Technologies, Inc. announced it has reached an agreement to provide its electronic design automation (EDA) software to six of the eight hubs participating in the Microelectronics Commons (Commons).
Boeing Delivers Advanced O3b mPOWER Satellites to Operator SES
11/14/2024 | BoeingBoeing teams have successfully delivered the 7th and 8th O3b mPOWER satellites to SES. These satellites, featuring Boeing’s advanced software-defined communications payload, are being transported to Cape Canaveral for a planned launch in December.