Pengfei Qiu,Qiang Gao,Dongsheng Wang,Yongqiang Lyu,Chang Liu,Xiaoyong Li,Chunlu Wang,Gang Qu

DOI: https://doi.org/10.1109/asianhost56390.2022.10022280

2022-01-01

Abstract:The processor's Performance Monitor Unit (PMU) allows the recording of architectural and microarchitectural events for profiling purposes. In this study, we reveal a security issue caused by the fact that current PMU implementations are capable of recording some events that happened during transient executions. We propose the PMU -Spill attack, a new kind of attack that enables attackers to maliciously leak the secret data in transient executions. We demonstrate on real hardware that PMU -Spill attack can leak the secret data stored in Intel Software Guard Extensions (SGX). In addition, we perform a thorough study to reveal all the vulnerable PMU counters and find that 20 of them can be used to achieve PMU -Spill attack. Our experiments suggest that the throughput of PMU -Spill attack is up to 575.3 bytes per second (Bps) with an average error rate of 1.89% when leaking the SGX-protected secret data.

Pengfei Qiu,Qiang Gao,Chang Liu,Dongsheng Wang,Yongqiang Lyu,Xiaoyong Li,Chunlu Wang,Gang Qu

DOI: https://doi.org/10.1109/TCSI.2023.3298913

2023-01-01

Abstract:Performance Monitor Unit (PMU) is an important hardware module in mainstream processors, which counts various architectural and microarchitectural events during the run-time of the processor. Theoretically, if an instruction is executed but doesn’t successfully retire (this is called transient execution), the events it triggers needn’t be recorded by PMU. However, in this study, we discover that current PMU implementations are capable of recording some events that are triggered in transient executions, which is a hardware vulnerability. Based on this vulnerability, we propose the PMU-Spill attack, a new kind of side channel attack that enables attackers to maliciously leak secret data in transient executions. We perform a thorough study of PMU counters on five Intel processors and find that they all have vulnerable PMU counters that will measure transient execution events (there are 162 vulnerable PMU counters among all the 383 PMU counters). We demonstrate on real hardware that 112 vulnerable PMU counters can be utilized in PMU-Spill attack to leak the secret data protected by Intel Software Guard Extensions (SGX). Besides, our experiments suggest that the throughput of PMU-Spill attack is up to 291.2 bytes per second (Bps) with an error rate of 2.45% on average. This discovery and the corresponding mitigation methods can be helpful for microarchitecture designers to reevaluate the security risks induced by the PMU module.

Pengfei Qiu,Yongqiang Lyu,Haixia Wang,Dongsheng Wang,Chang Liu,Qiang Gao,Chunlu Wang,Rihui Sun,Gang Qu

DOI: https://doi.org/10.48550/arxiv.2207.11689

2022-01-01

Abstract: Performance Monitor Unit (PMU) is a significant hardware module on the current processors, which counts the events launched by processor into a set of PMU counters. Ideally, the events triggered by instructions that are executed but the results are not successfully committed (transient execution) should not be recorded. However, in this study, we discover that some PMU events triggered by the transient execution instructions will actually be recorded by PMU. Based on this, we propose the PMUSpill attack, which enables attackers to maliciously leak the secret data that are loaded during transient executions. The biggest challenge is how to encode the secret data into PMU events. We construct an instruction gadget to solve this challenge, whose execution path that can be identified by PMU counters represents what values the secret data are. We successfully implement the PMUSpill attack to leak the secret data stored in Intel Software Guard Extensions (SGX) (a Trusted Execution Environment (TEE) in the Intel's processors) through real experiments. Besides, we locate the vulnerable PMU counters and their trigger instructions by iterating all the valid PMU counters and instructions. The experiment results demonstrate that there are up to 20 PMU counters available to implement the PMUSpill attack. We also provide some possible hardware and software-based countermeasures for addressing the PMUSpill attack, which can be utilized to enhance the security of processors in future.

Yihao Yang,Pengfei Qiu,Chunlu Wang,Yu Jin,Dongsheng Wang,Gang Qu

2023-04-24

Abstract:Performance Monitoring Unit (PMU) is a common hardware module in Intel CPUs. It can be used to record various CPU behaviors therefore it is often used for performance analysis and optimization. Of the 65536 event spaces, Intel has officially published only 200 or so. In this paper, we design a hidden PMU event collection method. And we found a large number of undocumented PMU events in CPUs of Skylake, Kabylake, and Alderlake microarchitectures. We further demonstrate the existence of these events by using them for transient execution attack detection and build-side channel attacks. This also implies that these hidden PMU events have huge exploitation potential and security threats.

Cryptography and Security

Chang Liu,Yongqiang Lyu,Haixia Wang,Pengfei Qiu,Dapeng Ju,Gang Qu,Dongsheng Wang

DOI: https://doi.org/10.1109/DAC56929.2023.10247985

2023-01-01

Abstract:Memory Disambiguation Unit (MDU) is widely used on modern processors to speculatively execute load instructions and improve pipeline performance. Given that the MDU design details on ARM processors are not available to the public, it is unclear whether there are any security vulnerabilities associated with its MDU. In this paper, we first reverse engineer the undocumented features of ARM MDU, then we discover three potential user-privilege attacks to leak secret data via MDU: cross-process attack that allows users to communicate through a convert channel, cross-domain attack that leaks kernel information and a new variant of inner-process and inter-processes Spectre attacks. These attacks pose serious security challenges as they can bypass both all the known countermeasures against cache side-channel attacks and those against transient execution attacks. Potential mitigation against the proposed MDU-based attacks are also discussed.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.

Yu Jin,Pengfei Qiu,Chunlu Wang,Yihao Yang,Dongsheng Wang,Xiaoyong Li,Qian Wang,Gang Qu

DOI: https://doi.org/10.1109/AsianHOST59942.2023.10409342

2023-01-01

Abstract:In early 2018, the Meltdown attack was reported, which steals secret data by loading and then encoding them into the cache covert channel during the invisible transient executions. After that, a set of Meltdown-type attacks are proposed; those attacks largely threaten the security of modern processors. In this study, we review Intel's x86-64 Instruction Set Architecture (ISA) and find two vulnerable instructions (CMPSB and SCASB) that can be exploited to achieve the Meltdown-type attacks with few instructions. Especially, the CMPSB instruction itself is enough to implement the core part of the Meltdowntype attacks. We design a special cache-based and Performance Monitor Unit (PMU)-based covert channel to recover the secret data for the two instructions. In our experiments, we demonstrate the availability of the two instructions by implementing the Meltdown and ZombieLoad attacks with them. Compared to the original Meltdown-type attacks, the proposed attack can be considered as an attack that does not rely on the transient executions from the perspective of the macro instruction level because no more macro instruction is executed after triggering the exception. Therefore, we name our attacks Overtake. Our experiments indicate that the average data leakage speed of Overtake attack could reach 770.1 KB/s with an error rate of 0.4 %.

Yu Jin,Pengfei Qiu,Chunlu Wang,Yihao Yang,Dongsheng Wang,Gang Qu

2023-04-21

Abstract:The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data. In this work, we discover a vulnerability that the change of the EFLAGS register in transient execution may have a side effect on the Jcc (jump on condition code) instruction after it in Intel CPUs. Based on our discovery, we propose a new side-channel attack that leverages the timing of both transient execution and Jcc instructions to deliver data. This attack encodes secret data to the change of register which makes the execution time of context slightly slower, which can be measured by the attacker to decode data. This attack doesn't rely on the cache system and doesn't need to reset the EFLAGS register manually to its initial state before the attack, which may make it more difficult to detect or mitigate. We implemented this side-channel on machines with Intel Core i7-6700, i7-7700, and i9-10980XE CPUs. In the first two processors, we combined it as the side-channel of the Meltdown attack, which could achieve 100\% success leaking rate. We evaluate and discuss potential defenses against the attack. Our contributions include discovering security vulnerabilities in the implementation of Jcc instructions and EFLAGS register and proposing a new side-channel attack that does not rely on the cache system.

Cryptography and Security

Daniel Weber,Fabian Thomas,Lukas Gerlach,Ruiyi Zhang,Michael Schwarz

2023-10-06

Abstract:The transient-execution attack Meltdown leaks sensitive information by transiently accessing inaccessible data during out-of-order execution. Although Meltdown is fixed in hardware for recent CPU generations, most currently-deployed CPUs have to rely on software mitigations, such as KPTI. Still, Meltdown is considered non-exploitable on current systems. In this paper, we show that adding another layer of indirection to Meltdown transforms a transient-execution attack into a side-channel attack, leaking metadata instead of data. We show that despite software mitigations, attackers can still leak metadata from other security domains by observing the success rate of Meltdown on non-secret data. With LeakIDT, we present the first cache-line granular monitoring of kernel addresses. LeakIDT allows an attacker to obtain cycle-accurate timestamps for attacker-chosen interrupts. We use our attack to get accurate inter-keystroke timings and fingerprint visited websites. While we propose a low-overhead software mitigation to prevent the exploitation of LeakIDT, we emphasize that the side-channel aspect of transient-execution attacks should not be underestimated.

Cryptography and Security

Junpeng Wan,Yanxiang Bi,Zhe Zhou,Zhou Li

DOI: https://doi.org/10.1109/sp46214.2022.9833794

2022-01-01

Abstract:Cache side-channel attacks lead to severe security threats to the settings where a CPU is shared across users, e.g., in the cloud. The majority of attacks rely on sensing the micro-architectural state changes made by victims, but this assumption can be invalidated by combining spatial (e.g., Intel CAT) and temporal isolation. In this work, we advance the state of cache side-channel attacks by showing stateless cache side-channel attacks on server-grade CPUs, that can bypass both spatial and temporal isolation. Unlike stateful cache side-channel attacks that rely on the timing difference between a cache hit or miss, our attack exploits the timing difference caused by the interconnect congestion. Specifically, to complete cache transactions, for Intel server CPUs, which use non-inclusive and mesh interconnect, cache lines would travel across cores via the CPU mesh and UPI interconnects. Nonetheless, the interconnects are shared by all cores, and cache isolation does not segregate the traffic. An attacker can generate traffic to contend with a victim on a link, measure the extra delay, deduce the memory access pattern of the victim’s program, and infer its sensitive data. Based on this idea, we implement MESHUP, a stateless cache side-channel against mesh interconnect, and test it against the existing RSA implementations of JDK for the cross-core attack and application fingerprinting for the the cross-CPU attack. We found the RSA private key used by a victim process can be partially recovered and the co-running application can be inferred at high accuracy.

Chang Liu,Dongsheng Wang,Yongqiang Lyu,Pengfei Qiu,Yu Jin,Zhuoyuan Lu,Yinqian Zhang,Gang Qu

DOI: https://doi.org/10.1109/hpca57654.2024.00014

2024-01-01

Abstract:This paper presents a comprehensive investigation into the security vulnerabilities associated with speculative memory access on AMD processors. Firstly, employing novel reverse engineering techniques, our study uncovers two key predictors, namely the Predictive Store Forwarding Predictor (PSFP) and the Speculative Store Bypass Predictor (SSBP), along with elucidating their internal structures and state machine designs. Secondly, our research empirically confirms that these predictors can be deliberately manipulated and altered during transient execution, resulting in secret leakage across security domains. Leveraging these discoveries, we propose innovative attacks targeting these predictors, including an out-of-place variant of Spectre-STL and an entirely new form of Spectre attack named Spectre-CTL. Finally, we establish experimentally that enabling Speculative Store Bypass Disable alleviates the vulnerabilities. However, this comes at the expense of significant performance degradation.

Yanan Guo,Andrew Zigerelli,Youtao Zhang,Jun Yang

DOI: https://doi.org/10.48550/arXiv.2110.12340

2022-08-17

Abstract:Modern x86 processors have many prefetch instructions that can be used by programmers to boost performance. However, these instructions may also cause security problems. In particular, we found that on Intel processors, there are two security flaws in the implementation of PREFETCHW, an instruction for accelerating future writes. First, this instruction can execute on data with read-only permission. Second, the execution time of this instruction leaks the current coherence state of the target data. Based on these two design issues, we build two cross-core private cache attacks that work with both inclusive and non-inclusive LLCs, named Prefetch+Reload and Prefetch+Prefetch. We demonstrate the significance of our attacks in different scenarios. First, in the covert channel case, Prefetch+Reload and Prefetch+Prefetch achieve 782 KB/s and 822 KB/s channel capacities, when using only one shared cache line between the sender and receiver, the largest-to-date single-line capacities for CPU cache covert channels. Further, in the side channel case, our attacks can monitor the access pattern of the victim on the same processor, with almost zero error rate. We show that they can be used to leak private information of real-world applications such as cryptographic keys. Finally, our attacks can be used in transient execution attacks in order to leak more secrets within the transient window than prior work. From the experimental results, our attacks allow leaking about 2 times as many secret bytes, compared to Flush+Reload, which is widely used in transient execution attacks.

Cryptography and Security

Jaehyuk Lee,Fan Sang,Taesoo Kim

2024-02-24

Abstract:Caches on the modern commodity CPUs have become one of the major sources of side-channel leakages and been abused as a new attack vector. To thwart the cache-based side-channel attacks, two types of countermeasures have been proposed: detection-based ones that limit the amount of microarchitectural traces an attacker can leave, and cache prefetching-and-locking techniques that claim to prevent such leakage by disallowing evictions on sensitive data. In this paper, we present the Prime+Retouch attack that completely bypasses these defense schemes by accurately inferring the cache activities with the metadata of the cache replacement policy. Prime+Retouch has three noticeable properties: 1) it incurs no eviction on the victim's data, allowing us to bypass the two known mitigation schemes, 2) it requires minimal synchronization of only one memory access to the attacker's pre-primed cache lines, and 3) it leaks data via non-shared memory, yet because underlying eviction metadata is shared. We demonstrate Prime+Retouch in two architectures: predominant Intel x86 and emerging Apple M1. We elucidate how Prime+Retouch can break the T-table implementation of AES with robust cache side-channel mitigations such as Cloak, under both normal and SGX-protected environments. We also manifest feasibility of the Prime+Retouch attack on the M1 platform imposing more restrictions where the precise measurement tools such as core clock cycle timer and performance counters are inaccessible to the attacker. Furthermore, we first demystify undisclosed cache architecture and its eviction policy of L1 data cache on Apple M1 architecture. We also devise a user-space noise-free cache monitoring tool by repurposing Intel TSX.

Cryptography and Security,Hardware Architecture

Stephan van Schaik,Marina Minkin,Andrew Kwong,Daniel Genkin,Yuval Yarom

DOI: https://doi.org/10.48550/arXiv.2006.13353

2020-06-24

Abstract:Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated that attackers can leak information while it transits through microarchitectural buffers. Named Microarchitectural Data Sampling (MDS) by Intel, these attacks are likened to "drinking from the firehose", as the attacker has little control over what data is observed and from what origin. Unable to prevent the buffers from leaking, Intel issued countermeasures via microcode updates that overwrite the buffers when the CPU changes security domains. In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel's buffer overwrite countermeasures. We observe that as data is being evicted from the CPU's L1 cache, it is often transferred back to the leaky CPU buffers where it can be recovered by the attacker. CacheOut improves over previous MDS attacks by allowing the attacker to choose which data to leak from the CPU's L1 cache, as well as which part of a cache line to leak. We demonstrate that CacheOut can leak information across multiple security boundaries, including those between processes, virtual machines, user and kernel space, and from SGX enclaves.

Cryptography and Security

Mengming Li,Chenlu Miao,Yilong Yang,Kai Bu

DOI: https://doi.org/10.1109/HPCA53966.2022.00016

2022-01-01

Abstract:Speculative execution attacks exploiting speculative execution to leak secrets have aroused significant concerns in both industry and academia. They mainly exploit covert or side channels over microarchitectural states left by mis-speculated and squashed instructions (i.e., transient instructions). Most such attacks target cache states. Existing cache-based defenses against speculative execution attacks fall into two categories, Invisible and Undo. Most Invisible defenses buffer execution metadata of speculative instructions and place them into the cache only if the speculatively executed instructions become determined. Motivated by the fact that mis-speculations are rare cases, Undo defenses allow speculative instructions to modify cache states. Upon a mis-speculation, they rollback cache states to the ones prior to the execution of transient instructions. However, Invisible defenses have been recently found insecure by the speculative interference attack. This calls for a deep security inspection of Undo defenses against speculative execution attacks. In this paper, we present unXpec as the first attack against Undo-based safe speculation. It exploits the secret-dependent timing channel exhibited through the rollback operations of Undo defenses. Specifically, the rollback process requires both invalidating cache lines brought into the cache by transient instructions and restoring evicted cache lines from the cache by transiently loaded data. This opens up a channel that encodes secret via the timing difference between when rollback involves much invalidation and restoration or not. We further leverage eviction sets to enforce more restoration operations. This yields a longer rollback time and thus a larger secret-dependent timing difference. We demonstrate the timing channel over the open-source CleanupSpec, a representative Undo solution. A single transient load can trigger a secret-dependent timing difference of 22 cycles (without eviction sets) of 32 cycles (with eviction sets), which is sufficiently exploitable for constructing a covert channel for speculative execution attacks. We run unXpec on the gem5 simulator with CleanupSpec enabled. The results show that unXpec can leak secrets at a high rate of 140 Kbps with an accuracy over 90%. Simply enforcing constant-time rollback to mitigate unXpec may induce an over 70% performance overhead.

Anirban Chakraborty,Nimish Mishra,Debdeep Mukhopadhyay

2024-06-15

Abstract:Transient execution attacks have been one of the widely explored microarchitectural side channels since the discovery of Spectre and Meltdown. However, much of the research has been driven by manual discovery of new transient paths through well-known speculative events. Although a few attempts exist in literature on automating transient leakage discovery, such tools focus on finding variants of known transient attacks and explore a small subset of instruction set. Further, they take a random fuzzing approach that does not scale as the complexity of search space increases. In this work, we identify that the search space of bad speculation is disjointedly fragmented into equivalence classes, and then use this observation to develop a framework named Shesha, inspired by Particle Swarm Optimization, which exhibits faster convergence rates than state-of-the-art fuzzing techniques for automatic discovery of transient execution attacks. We then use Shesha to explore the vast search space of extensions to the x86 Instruction Set Architecture (ISAs), thereby focusing on previously unexplored avenues of bad speculation. As such, we report five previously unreported transient execution paths in Instruction Set Extensions (ISEs) on new generation of Intel processors. We then perform extensive reverse engineering of each of the transient execution paths and provide root-cause analysis. Using the discovered transient execution paths, we develop attack building blocks to exhibit exploitable transient windows. Finally, we demonstrate data leakage from Fused Multiply-Add instructions through SIMD buffer and extract victim data from various cryptographic implementations.

Cryptography and Security

Konstantinos Kanellopoulos,F. Nisa Bostanci,Ataberk Olgun,A. Giray Yaglikci,Ismail Emir Yuksel,Nika Mansouri Ghiasi,Zulal Bingol,Mohammad Sadrosadati,Onur Mutlu

2024-10-11

Abstract:The adoption of processing-in-memory (PiM) architectures has been gaining momentum because they provide high performance and low energy consumption by alleviating the data movement bottleneck. Yet, the security of such architectures has not been thoroughly explored. The adoption of PiM solutions provides a new way to directly access main memory, which malicious user applications can exploit. We show that this new way to access main memory opens opportunities for high-throughput timing attacks that are hard-to-mitigate without significant performance overhead. We introduce IMPACT, a set of high-throughput main memory-based timing attacks that leverage characteristics of PiM architectures to establish covert and side channels. IMPACT enables high-throughput communication and private information leakage by exploiting the shared DRAM row buffer. To achieve high throughput, IMPACT (i) eliminates cache bypassing steps required by processor-centric main memory and cache-based timing attacks and (ii) leverages the intrinsic parallelism of PiM operations. We showcase two applications of IMPACT. First, we build two covert-channel attacks that run on the host CPU and leverage different PiM approaches to gain direct and fast access to main memory and establish high-throughput communication covert channels. Second, we showcase a side-channel attack that leaks private information of concurrently running victim applications that are accelerated with PiM. Our results demonstrate that (i) our covert channels achieve 12.87 Mb/s and 14.16 Mb/s communication throughput, respectively, which is up to 4.91x and 5.41x faster than the state-of-the-art main memory-based covert channels, and (ii) our side-channel attack allows the attacker to leak secrets with a low error rate. To avoid such covert and side channels in emerging PiM systems, we propose and evaluate three defenses.

Cryptography and Security,Hardware Architecture

Linke Song,Zixuan Pang,Wenhao Wang,Zihao Wang,XiaoFeng Wang,Hongbo Chen,Wei Song,Yier Jin,Dan Meng,Rui Hou

2024-09-30

Abstract:The wide deployment of Large Language Models (LLMs) has given rise to strong demands for optimizing their inference performance. Today's techniques serving this purpose primarily focus on reducing latency and improving throughput through algorithmic and hardware enhancements, while largely overlooking their privacy side effects, particularly in a multi-user environment. In our research, for the first time, we discovered a set of new timing side channels in LLM systems, arising from shared caches and GPU memory allocations, which can be exploited to infer both confidential system prompts and those issued by other users. These vulnerabilities echo security challenges observed in traditional computing systems, highlighting an urgent need to address potential information leakage in LLM serving infrastructures. In this paper, we report novel attack strategies designed to exploit such timing side channels inherent in LLM deployments, specifically targeting the Key-Value (KV) cache and semantic cache widely used to enhance LLM inference performance. Our approach leverages timing measurements and classification models to detect cache hits, allowing an adversary to infer private prompts with high accuracy. We also propose a token-by-token search algorithm to efficiently recover shared prompt prefixes in the caches, showing the feasibility of stealing system prompts and those produced by peer users. Our experimental studies on black-box testing of popular online LLM services demonstrate that such privacy risks are completely realistic, with significant consequences. Our findings underscore the need for robust mitigation to protect LLM systems against such emerging threats.

Cryptography and Security

Jiliang Zhang,Congcong Chen,Jinhua Cui,Keqin Li

DOI: https://doi.org/10.1145/3645109

IF: 16.6

2024-02-07

ACM Computing Surveys

Abstract:Microarchitectural vulnerabilities, such as Meltdown and Spectre, exploit subtle microarchitecture state to steal the user’s secret data and even compromise the operating systems (OSes). In recent years, considerable discussion lies in understanding the attack-defense mechanisms and exploitability of such vulnerabilities. Unfortunately, there have been few investigations into a systematic elaboration of threat models, attack scenarios and requirements, and defense targets of the resulting attacks. In this article, we fill this gap and make the following contributions. We first propose two sets of taxonomies for classifying microarchitectural timing side-channel attacks (MTSCAs) and their countermeasures according to various attack conditions. Based on the taxonomies proposed, we then review published attacks and existing defenses and systematically analyze their internals. In particular, we also provide a comprehensive analysis of the similarities and differences among those attacks, uncovering the corresponding practicality and severity by identifying the attack targets/platforms and the security boundaries that can be bypassed to reveal information. We further examine the scalability of those defenses through specifying expected defense goals and costs. We also discuss corresponding detection methods based on different classifications. Finally, we propose several key challenges of existing countermeasures and the attack trends, and discuss directions for future research.

computer science, theory & methods

J. Longo,E. De Mulder,D. Page,M. Tunstall

DOI: https://doi.org/10.1007/978-3-662-48324-4_31

2015-01-01

Abstract:Increased complexity in modern embedded systems has presented various important challenges with regard to side-channel attacks. In particular, it is common to deploy SoC-based target devices with high clock frequencies in security-critical scenarios; understanding how such features align with techniques more often deployed against simpler devices is vital from both destructive (i.e., attack) and constructive (i.e., evaluation and/or countermeasure) perspectives. In this paper, we investigate electromagnetic-based leakage from three different means of executing cryptographic workloads (including the general purpose ARM core, an on-chip co-processor, and the NEON core) on the AM335x SoC. Our conclusion is that addressing challenges of the type above is feasible, and that key recovery attacks can be conducted with modest resources.