Abstract
To meet the ever-growing need for performance in silicon devices, SoC providers have been increasingly relying on software-hardware cooperation. By controlling hardware resources such as power or clock management from the software, developers earn the possibility to build more flexible and power efficient applications. Despite the benefits, these hardware components are now exposed to software code and can potentially be misused as open-doors to new kind of attacks. In this work, we introduce SideLine, a novel side-channel vector based on delay-line components widely implemented in high-end SoCs. We demonstrate that these entities can be used to perform remote power side-channel attacks and we detail several attack scenarios in which an adversary process located in one processor core aims at eavesdropping the activity of a victim process located in another core. For each scenario, we demonstrate the adversary ability to fully recover the secret key of an AES algorithm running in the victim core. Even more detrimental, we show that these attacks are still practicable when a rich operating system is used.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdulrazzaq, B.I., Halin, I.A., Kawahito, S., Sidek, R.M., Shafie, S., Yunus, N.A.M.: A review on high-resolution CMOS delay lines towards sub-picosecond jitter performance. SpringerPlus, 5, 434 (2016). https://doi.org/10.1186/s40064-016-2090-z
Limited ARM. ARM PrimeCell MultiPort Memory Controller (PL176) Technical Reference Manual. Technical report (2003)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Bukasa, S.K., Lashermes, R., Le Bouder, H., Lanet, J.L., Legay, A.: How TrustZone could be bypassed: side-channel attacks on a modern system-on-chip. In: Hancke, G., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 93–109. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93524-9_6
Canella, C., et al.: Fallout: leaking data on meltdown-resistant CPUs. In: Proceedings of the ACM Conference on Computer and Communications Security (2019)
Chen, F., et al.: Enabling FPGAs in the cloud. In: ACM Computing Frontiers (2014)
Chung, C.C., Chen, P.L., Lee, C.Y.: An all-digital delay-locked loop for DDR SDRAM controller applications. In: International Symposium on VLSI Design, Automation and Test (2007)
Daemen, J., Rijmen, V.: The Rijndael Block Cipher (1999)
Dutertre, J.-M., Robisson, B., Tria, A., Zussa, L.: Investigation of timing constraints violation as a fault injection means. In: Design of Circuits and Integrated Systems (2012)
Gnad, D.R., Krautter, J., Tahoori, M.B.: Leaky noise : new side-channel attack vectors in mixed-signal IoT devices. In: IACR Transactions on Cryptographic Hardware and Embedded Systems (2019)
Gravellier, J., Dutertre, J.-M., Teglia, Y., Moundi, P.L., Olivier, F.: Remote side-channel attacks on heterogeneous SoC. In: 18th Smart Card Research and Advanced Application Conference (2019)
Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in Javascript. In: Caballero, J., Zurutuza, U., RodrÃguez, R. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15
Kenjar, Z., Frassetto, T., Gens, D., Franz, M., Sadeghi, A.R.: V0LTpwn: Attacking x86 Processor Integrity from Software. CoRR (2019)
Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), pp. 361–372, June 2014
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP), May 2019
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (eds.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Kurmus, A., Ioannou, N., Neugschwandtner, M., Papandreou, N., Parnell, T.: From random block corruption to privilege escalation: a filesystem attack vector for Rowhammer-like attacks. In: 11th USENIX Workshop on Offensive Technologies (2017)
Lipp, M., et al.: PLATYPUS: software-based power side-channel attacks on x86. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE (2021)
Lipp, M., et al.: Meltdown. CoRR, January 2018
ST Microelectronics. STM32MP1 Reference manual (2019)
Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D., Piessens, F.: Plundervolt: software-based fault injection attacks against Intel SGX. In: 41st IEEE Symposium on Security and Privacy (2020)
O’Flynn, C., Dewar, A.: On-device power analysis across hardware security domains: stop hitting yourself. In: IACR Transactions on Cryptographic Hardware and Embedded Systems (2019)
OpenSSL Software Foundation (2002). https://www.openssl.org/
Qiu, P., Wang, D., Lyu, Y., Qu, G.: VoltJockey: breaching trustzone by software-controlled voltage manipulation over multi-core frequencies. In: Proceedings of the ACM Conference on Computer and Communications Security (2019)
Romo, J.: DDR Memories Comparison and overview
Schellenberg, F., Gnad, D.R., Moradi, A., Tahoori, M.B.: An inside job: remote power analysis attacks on FPGAs. In: Design, Automation & Test in Europe Conference & Exhibition (2018)
Schellenberg, F., Gnad, D.R., Moradi, A., Tahoori, M.B.: Remote inter-chip power analysis side-channel attacks at board-level. In: Proceedings of the International Conference on Computer-Aided Design, New York, NY, USA. ACM, November 2018
Tang, A., Sethumadhavan, S., Stolfo, S.: CLKSCREW: exposing the perils of security-oblivious energy management. In: 26th USENIX Security Symposium (USENIX Security 2017) (2017)
Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Proceedings of the 27th USENIX Conference on Security Symposium, SEC 2018, USA. USENIX Association (2018)
van Schaik, S., et al.: RIDL: rogue in-flight data load. In: 2019 IEEE Symposium on Security and Privacy (SP) (2019)
Walter, C.D.: Simple power analysis of unified code for ECC double and add. In: Joye, M., Quisquater, J.J. (eds) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_14
Weissman, Z., Tiemann, T., Moghimi, D., Custodio, E., Eisenbarth, T., Sunar, B.: JackHammer: efficient Rowhammer on heterogeneous FPGA-CPU platforms. In: IACR Transactions on Cryptographic Hardware and Embedded Systems, December 2020
Xilinx: Zynq-7000 SoC Data Sheet 190, 1–25 (2012)
Zhang, L., Gutierrez, L.Z., Taylor, M.B.: Power Side Channels in Security ICs: Hardware Countermeasures. CoRR (2016)
Zhao, M., Edward Suh, G.: FPGA-based remote power side-channel attacks. In: IEEE Symposium on Security and Privacy (2018)
Zhou, Y., Feng, D.G.: Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptology ePrint Archive (2005)
Zick, K.M., Hayes, J.P.: Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans. Reconfigurable Technol. Syst. 5, 1–26 (2012)
Zick, K.M., Srivastav, M., Zhang, W., French, M.: Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In: ACM/SIGDA (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
AES traces acquisition, CPA computation and GTK display (implemented for demonstration) are all embedded in the same application running within the STM32MP157-DK2 board.
ZYNQ AP-vs-AP attack scenario - The CPA progression (y-axis) over the number of traces (x-axis) is represented for the first 8 AES key bytes. Bytes 7th and 9th which never emerged from the incorrect key candidates are also represented. These CPA results were obtained over 20 million AES encryptions, the correlation rates are provided in the summary table.
STM32MP1 AP-vs-MCU attack scenario - The CPA progression (y-axis) over the number of traces (x-axis) is represented for the last 8 AES key bytes. The 1st AES key byte is also represented as it provided the best correlation rate. These CPA results were obtained over 10 million AES encryptions, the correlation rates are provided in the summary table.
STM32MP1 MCU-vs-AP attack scenario - The CPA progression (y-axis) over the number of traces (x-axis) is represented for the first 8 AES key bytes. Bytes 13th which never emerged from the incorrect key candidates is also represented. These CPA results were obtained over 40 million AES encryptions, the correlation rates are provided in the summary table.
STM32MP1 MCU-vs-AP attack scenario: This figure illustrates the delay-block resolution limitation when a single AES encryption is acquired (a). This resolution can be virtually increased by averaging a higher number of traces: 5 (b), 10 (c) and 100 (d) traces.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Gravellier, J., Dutertre, JM., Teglia, Y., Moundi, P.L. (2021). SideLine: How Delay-Lines (May) Leak Secrets from Your SoC. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-89915-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89914-1
Online ISBN: 978-3-030-89915-8
eBook Packages: Computer ScienceComputer Science (R0)