Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

End of Bibblio RCM includes -->
1/3/2020
11:10 AM
Larry Loeb
Larry Loeb
Larry Loeb

FPGAs Do It Faster Than CPUs

Researchers' use of a 'Jackhammer' exploit has shown again how one problem can be exploited in many ways, with each iteration of an attack becoming faster and more efficient.

Rowhammer is the name of a group of hardware-based attacks that focus on the memory of a computer. Researchers have known since the middle of the last decade that doing a high-rate repeated reading of a data cell inside a memory chip can have deleterious effects on the contents of the cell due to the electrical design of the chip.

Over the years, researchers have been able to extend the initial Rowhammer exploit, getting varied outcomes to occur such as adapting to hardware changes done by manufacturers, altering data, hijacking systems and exfiltrating data from victim machines.

It's about to get worse. Researchers have brought out their Jackhammer.

The Jackhammer paper describes how the Floating Point Gate Array (FPGA) chip that is used to accelerate certain computational tasks can also give rise to a Rowhammer-style attack, which it can do with greater efficiency than other CPU-based Rowhammer exploits. This is because the FPGA can repeatedly access the memory system substantially faster than a host machine's CPU can.

FPGAs can also directly access a machine's CPU cache along with the RAM memory. This is the architectural advantage of where they are placed in a system, and gives them the ability to speed up computations without having to go through intermediate software layers like an operating system.

The researchers realized that CPU-FPGA hybrids were here and growing (especially in cloud instances), and they needed to have a security evaluation. They chose Intel's Arria 10 GXFPGA as an example of the current generation of FPGA accelerator platform that had been designed in particular for heavy and/or cloud-based computation loads.

So, they used it as a test platform. The researchers were able to conduct Rowhammer-style ("Jackhammer") exploits against an RSA implementation embedded in an SSL protocol. The researchers found that they could grab the private keys that were used to secure SSL connections with this technique.

They also found that using custom FPGAs to implement the Rowhammer exploit would cause far more of the "bit flips" that they wanted to see. A FPGA can hit the data cell faster and more often than a CPU can do it meaning the FPGA causes more results to occur during an attack. It all goes faster when an FPGA is used.

And as a side benefit, no trace of all this is left on the CPU because it's never touched when an FPGA is used.

That right there means new thinking at the hardware level needs to be done about FPGA-CPU hybrids. Monitoring of the RAM in a system may be necessary to ensure its integrity. Other hardware tricks will no doubt be needed.

Jackhammer shows again how one problem can be exploited in many ways, with each iteration of an attack becoming faster and more efficient.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1813
PUBLISHED: 2022-05-22
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
CVE-2022-1809
PUBLISHED: 2022-05-21
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267
PUBLISHED: 2022-05-21
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268
PUBLISHED: 2022-05-21
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264
PUBLISHED: 2022-05-21
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.