Thanks Ethan for your research. We've been discussing which mitigation
technique to use. In a virtualized context disabling c-states is only
possible from the host. Thats ok since all it means is we need to
package it for users to install it there.
We prefer the idea of not using the kernel
Hi,
Ethan White:
Ping latency decreases when CPU usage is high
an adversary can influence CPU usage to transmit data
I can confirm that disabling c-states does completely
prevent this attack.
Dope.
providing an option in Tails to disable c-states,
perhaps in the form of a GRUB entry
A recap (since this thread is about 2 weeks old): Ping latency decreases
when CPU usage is high. If an adversary can influence CPU usage (i.e.
JavaScript, GZIP decompression, expensive public-key crypto), then they
can use this as a covert channel to transmit data. (Imagine: someone
> With two computers connected via Ethernet through a switch, I would
> normally get ping timings of around 250 microseconds.
> However, when the computer being pinged was pegged at 100% CPU on all
> cores, _ping latency would drop to about 170 microseconds._
This is probably caused by power
Hi. Whonix collaborator here. We've given a lot of thought to many types
of clock based attacks including the one you are researching so we are
interested to know more about how this applies to our platform.
To run Whonix in KVM please see the relevant steps here [0]. Let me know
if you have
On Fri, Jul 15, 2016 at 11:18:38AM -0400, Ethan White wrote:
> Also, unfortunately, I'm going to be away from all things internet
> for the next week or so, and thus unable to answer many
> questions. Sorry for essentially commiting and leaving.
Neat! Hopefully that away-from-the-net part means
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also, forgot to add: I also posted this on my blog [1]. As well, PGP
signature so I can properly claim this later.
1. https://ethanwhite.xyz/cpu-correlation
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
I recently had an idea for using CPU load covert channels for practical
deanonymization attacks. After using them to
deanonymize myself multiple times, I conferred with some Tor Project
people, and they recommended I post it here.
*# Covert Channels*
A _covert channel_ is any technique that