In a significant blow to hardware-based security, newly published research reveals that Intel and AMD’s trusted execution enclaves—fundamental components of modern network security—fall victim to practical physical attacks. The chipmakers’ stance that physical attacks aren’t in their threat model has left many users exposed, creating what security researchers call a “significant gap between assurances and real-world vulnerabilities.”
The Vulnerabilities: Battering RAM and Wiretap
Two independent research teams have unveiled separate attack methods that further demonstrate the limitations of Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). These attacks, dubbed “Battering RAM” and “Wiretap,” exploit critical weaknesses in the deterministic encryption mechanisms used by both chipmakers’ security implementations.
How the Attacks Work
Both attacks utilize a small piece of hardware called an interposer, positioned between the CPU silicon and memory module. This strategic placement allows the device to observe data as it passes between these critical components. The key vulnerability lies in both Intel’s and AMD’s use of deterministic encryption—which produces the same ciphertext each time the same plaintext is encrypted with a given key.
As lead author Jesse De Meulemeester of the Battering RAM paper explains, “Intel and AMD opted for deterministic encryption without integrity or freshness to keep encryption scalable and reduce overhead. That choice enables low-cost physical attacks like ours.” While suitable for full disk encryption where data rarely changes, deterministic encryption proves problematic for protecting data flowing between CPU and memory chips.
Battering RAM allows attackers not only to view encrypted data but also to actively manipulate it, potentially introducing software backdoors or corrupting data. Wiretap, on the other hand, passively decrypts sensitive data protected by SGX while remaining completely invisible.
Technical Design Trade-offs
The vulnerabilities stem from design decisions made for performance and scalability. When Intel moved SGX from client machines to server processors about five years ago, they had to revamp the encryption to scale for terabytes of RAM rather than the previous 256 MB limit. This transition required changes that prioritized performance over security.
Daniel Genkin, one of the researchers behind Wiretap, notes: “It’s a design choice made by Intel when SGX moved from client machines to server. It offers better performance at the expense of security.” AMD’s SEV-SNP implementation faces similar challenges, using a single encryption key to produce all ciphertext on a given virtual machine.
Implications for Cloud Security and Blockchain
These vulnerabilities have far-reaching implications for cloud security providers and blockchain services that rely heavily on Trusted Execution Environments (TEEs) for data protection and secure computation. TEEs have become essential for ensuring confidential data and sensitive operations can’t be viewed or manipulated by attackers who compromise servers in data centers.
In fact, all major cloud providers recommend their customers use these hardware-based protections. They are essential for safeguarding secrets stored in the cloud by services such as Signal Messenger and WhatsApp. The compromise of these security mechanisms fundamentally undermines trust in widely-deployed hardware-based security that many organizations depend upon for sensitive operations.
Why Probabilistic Encryption Matters
The researchers point to probabilistic encryption as a more secure alternative. Unlike deterministic encryption, probabilistic encryption produces varied ciphertexts even when encrypting the same plaintext multiple times. This approach resists the types of replay attacks that make Battering RAM and Wiretap possible.
However, the transition to probabilistic encryption would require significant hardware changes. As De Meulemeester notes, “The only way to fix this likely requires hardware changes, e.g., by providing freshness and integrity in the memory encryption.”
Industry Response and Future Outlook
The research highlights a fundamental tension between performance and security in hardware design. While Intel and AMD have successfully created scalable encryption solutions for their server processors, these solutions come with inherent security trade-offs that the companies explicitly exclude from their threat models.
According to researchers, addressing these vulnerabilities will likely require substantial hardware modifications that provide “freshness and integrity in the memory encryption.” Until such changes are implemented, organizations relying on these security mechanisms remain vulnerable to physical attacks that can be executed with relatively modest hardware—an interposer device that costs less than $50 in components.
The timing of these revelations is particularly concerning given the widespread adoption of TEEs in cloud computing environments. The fact that both major chipmakers have made similar design choices that prioritize performance over security raises questions about the future of hardware-based security mechanisms.
Conclusion
The discovery of these vulnerabilities in Intel SGX and AMD SEV-SNP represents a significant setback for hardware-based security. While the attacks require physical access to the hardware—a limitation that chipmakers have used to justify their exclusion from threat models—the practical execution requirements are surprisingly modest.
As organizations increasingly rely on cloud-based services and confidential computing, the security of these underlying hardware mechanisms becomes ever more critical. The Battering RAM and Wiretap attacks demonstrate that even well-established security architectures can harbor fundamental design flaws that undermine their effectiveness.
Moving forward, the industry must grapple with difficult questions about the balance between performance and security in hardware design. The current approach of excluding physical attacks from threat models may no longer be tenable as attackers develop increasingly sophisticated methods to exploit hardware vulnerabilities. For now, organizations that depend on TEEs for protecting sensitive data should carefully evaluate their exposure to these newly revealed risks.
Leave a Reply