Send email Copy Email Address

Tobias Ebelshäuser

PLATYPUS: New vulnerabilities discovered in Intel processors discovered by team including CISPA Faculty Michael Schwarz

An international team of security researchers including CISPA Faculty Michael Schwarz is presenting new side-channel attacks that use software-based power measurements to access sensitive data with unprecedented accuracy.

Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Since power measurements with a malware were previously too inaccurate, such attacks required physical access to the target device as well as special measurement devices such as an oscilloscope.

Researchers at the Institute for Applied Information Processing and Communication Technology at TU Graz have been working intensively with power-based side channels for almost 20 years. In 2017, they began to investigate software-based power attacks. Now CISPA Faculty Michael Schwarz, together with colleagues from TU Graz and the University of Birmingham, has succeeded in taking the final step. At they present PLATYPUS, a method that allows power side-channel attacks even without physical access. This affects desktop PCs, laptops and cloud computing servers from Intel and AMD. 

RAPL interface and SGX enclaves as key

On the one hand, the researchers use the RAPL interface (Running Average Power Limit), which is built into Intel and AMD CPUs. This interface monitors the energy consumption in the devices and ensures that they do not overheat or consume too much power. RAPL has been configured so that power consumption can be logged even without administrative rights. This means that the measured values can be read out without any authorization.

On the other hand, the group misuses Intel's security function Software Guard Extensions (SGX). This software moves data and critical programs to an isolated environment (so-called enclaves) where they are safe and can be executed even if the operating system is already compromised.

 Combination leads to (un)desired result

The researchers combined these two techniques in their methods of attack: Using a compromised operating system targeting Intel SGX, they made the processor execute certain instructions thousands of times within an SGX enclave. The RAPL interface was used to measure the power consumption of each of these instructions. The fluctuations in the measured values finally provided conclusions about data and the cryptographic key.

In further scenarios, the researchers also show that even attackers without administrative rights can attack the operating system and steal secret data from it.

New security updates eliminate the danger

As early as November 2019, CISPA Faculty Michael Schwarz and TU Graz computer scientists Daniel Gruss, Moritz Lipp and Andreas Kogler along with David Oswald from the University of Birmingham informed Intel about their discoveries. The company has now developed solutions that users absolutely should adopt. A security update allows access to the RAPL meter with administrator rights only. Further updates for the affected processors themselves ensure that the power consumption is returned in such a way that the subtle differences in the commands are no longer visible.     

The research presented in this paper was supported by the European Research Council (ERC) via the project "Sophia" (Securing Software against Physical Attacks) and by the Austrian Research Promotion Agency (FFG) via the projects DeSSnet and ESPRESSO. Furthermore it is partially funded by the Engineering and Physical Sciences Research Council (EPSRC) and by the Horizon2020 project FutureTPM, as well as by gifts from Intel, ARM, Amazon and Red Hat. 

Contact the researchers:


Dipl.-Ing. Dr.techn. Michael SCHWARZ, BSc:


Ass.Prof. Dipl.-Ing. Dr.techn. Daniel GRUSS, BSc:

Dipl.-Ing. Moritz LIPP, BSc:

Dipl.-Ing. Andreas KOGLER, BSc:

University of Birmingham, School of Computer Science

Dr. David OSWALD: