Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation

08/30/2019
by   Robert Buhren, et al.
0

Customers of cloud services have to trust the cloud providers, as they control the building blocks that form the cloud. This includes the hypervisor enabling the sharing of a single hardware platform among multiple tenants. AMD Secure Encrypted Virtualization (SEV) claims a new level of protection in cloud scenarios. AMD SEV encrypts the main memory of virtual machines with VM-specific keys, thereby denying the higher-privileged hypervisor access to a guest's memory. To enable the cloud customer to verify the correct deployment of his virtual machine, SEV additionally introduces a remote attestation protocol.This paper analyzes the firmware components that implement the SEV remote attestation protocol on the current AMD Epyc Naples CPU series. We demonstrate that it is possible to extract critical CPU-specific keys that are fundamental for the security of the remote attestation protocol.Building on the extracted keys, we propose attacks that allow a malicious cloud provider a complete circumvention of the SEV protection mechanisms. Although the underlying firmware issues were already fixed by AMD, we show that the current series of AMD Epyc CPUs, i.e., the Naples series, does not prevent the installation of previous firmware versions. We show that the severity of our proposed attacks is very high as no purely software-based mitigations are possible. This effectively renders the SEV technology on current AMD Epyc CPUs useless when confronted with an untrusted cloud provider.To overcome these issues, we also propose robust changes to the SEV design that allow future generations of the SEV technology to mitigate the proposed attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/28/2021

SEVerity: Code Injection Attacks against Encrypted Virtual Machines

Modern enterprises increasingly take advantage of cloud infrastructures....
research
08/10/2021

One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

AMD Secure Encrypted Virtualization (SEV) offers protection mechanisms f...
research
05/24/2018

SEVered: Subverting AMD's Virtual Machine Encryption

AMD SEV is a hardware feature designed for the secure encryption of virt...
research
06/29/2021

undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation

The ongoing trend of moving data and computation to the cloud is met wit...
research
06/25/2020

Snitches Get Stitches: On The Difficulty of Whistleblowing

One of the most critical security protocol problems for humans is when y...
research
04/23/2020

SEVurity: No Security Without Integrity – Breaking Integrity-Free Memory Encryption with Minimal Assumptions

One reason for not adopting cloud services is the required trust in the ...
research
03/27/2023

Intel TDX Demystified: A Top-Down Approach

Intel Trust Domain Extensions (TDX) is a new architectural extension in ...

Please sign up or login with your details

Forgot password? Click here to reset