Two novel attack methods targeting high-performance Intel CPUs have been discovered by researchers. These methods could be used for a key recovery attack against the Advanced Encryption Standard (AES) algorithm.
Referred to collectively as Pathfinder, these techniques were identified by a group of academics from various institutions including the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.
“Pathfinder enables attackers to read and modify key components of the branch predictor, allowing for reconstructing program control flow history and launching high-resolution Spectre attacks,” explained Hosein Yavarzadeh, the lead author of the paper.
“This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction.”
The attack method exploits the Path History Register (PHR) in the branch predictor to induce branch mispredictions and execute unintended code paths in a victim program, thereby revealing confidential data.
These new primitives allow for manipulation of the PHR and prediction history tables (PHTs) to leak historical execution data and potentially trigger a Spectre-style exploit.
Tests conducted as part of the study demonstrated the efficacy of this approach in extracting the AES encryption key and leaking secret images processed by the popular libjpeg image library.
Intel, following responsible disclosure in November 2023, stated in a recent advisory that previous mitigations for Spectre v1 attacks also mitigate the Pathfinder attacks. There is no impact on AMD CPUs.
The researchers emphasized the vulnerabilities in the PHR and the broader attack surface it exposes, noting that existing mitigation techniques are ineffective against these new attack methods.
