Encryption Keys

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.

"Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks," Hosein Yavarzadeh, the lead author of the paper, said in a statement shared with The Hacker News.


"This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction."

Spectre is the name given to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR) – which keeps a record of the last taken branches -- to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.

Specifically, it introduces new primitives that make it possible to manipulate PHR as well as the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit.

In a set of demonstrations outlined in the study, the method has been found effective in extracting the secret AES encryption key as well as leaking secret images during processing by the widely-used libjpeg image library.

Following responsible disclosure in November 2023, Intel, in an advisory released last month, said Pathfinder builds on Spectre v1 attacks and that previously deployed mitigations for Spectre v1 and traditional side-channels mitigate the reported exploits. There is no evidence that it impacts AMD CPUs.

"[This research] demonstrates that the PHR is vulnerable to leakage, reveals data unavailable through the PHTs (ordered outcomes of repeated branches, global ordering of all branch outcomes), exposes a far greater set of branching code as potential attack surfaces, and cannot be mitigated (cleared, obfuscated) using techniques proposed for the PHTs," the researchers said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.