Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis
Abstract
The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop’s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7 min of measurements and under a minute of analysis time and an AES-256/GCM key with 40 min of measurements and 30 min of analysis.
Supplementary material
References
- 1.ARM. Building a secure System using TrustZone Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
- 2.ARM. ARM trustzone (2018). https://www.arm.com/products/security-on-arm/trustzone
- 3.Bernstein, D.J.: Cache-timing attacks on AES (2005). https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
- 4.Daemen, J., Rijmen, V.: AES proposal: Rijndael. In: AES submission document (1999). http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael-ammended.pdf
- 5.Dworkin, M.J.: SP 800–38D: recommendation for block cipher modes of operation: Galois/counter mode GCM and GMAC. National Institute of Standards & Technology (2007)Google Scholar
- 6.freddierice. Trident - temporary root for the Galaxy S7 active. https://github.com/freddierice/trident
- 7.Google. Android keymaster HAL. https://source.android.com/security/keystore/implementer-ref
- 8.Google. Android keystore. https://developer.android.com/training/articles/keystore.html
- 9.Google. Android keystore - source code. http://androidxref.com/6.0.0_r1/xref/system/security/keystore/keystore.cpp
- 10.Google. Android vold cryptfs. http://androidxref.com/6.0.0_r1/xref/system/vold/cryptfs.c
- 11.Green, M., Rodrigues-Lima, L., Zankl, A., Irazoqui, G., Heyszl, J., Eisenbarth, T.: AutoLock: why cache attacks on ARM are harder than you think. In: 26th USENIX Security Symposium, pp. 1075–1091 (2017)Google Scholar
- 12.Klöckner, A., Pinto, N., Lee, Y., Catanzaro, B., Ivanov, P., Fasih, A.: PyCUDA and PyOpenCL: a scripting-based approach to GPU run-time code generation. Parallel Comput. 38(3), 157–174 (2012)CrossRefGoogle Scholar
- 13.Lapid, B., Wool, A.: Navigating the Samsung TrustZone with applications to cache-attacks on AES-256 in the Keymaster trustlet. In: Proceedings of 23rd European Symposium on Research in Computer Security (ESORICS), Barcelona, September 2018, to appearGoogle Scholar
- 14.Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: USENIX Security Conference, pp. 549–564 (2016). https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf
- 15.nccgroup. Cachegrab. https://github.com/nccgroup/cachegrab
- 16.Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74462-7_11CrossRefGoogle Scholar
- 17.Neve, M., Tiri, K.: On the complexity of side-channel attacks on AES-256 - methodology and quantitative results on cache attacks. Technical report (2007). https://eprint.iacr.org/2007/318
- 18.OpenSSL. ARM AES implementation using cryptographic extensions. https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aesv8-armx.pl
- 19.OpenSSL. ARMv7 AES bit sliced implementation. https://github.com/openssl/openssl/blob/master/crypto/aes/asm/bsaes-armv7.pl
- 20.OpenSSL. OpenSSL FIPS. https://www.openssl.org/docs/fips.html
- 21.Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1CrossRefGoogle Scholar
- 22.Qualcomm. Snapdragon security (2018). https://www.qualcomm.com/solutions/mobile-computing/features/security
- 23.Samsung. Mobile processor: Exynos 7 Octa (7420) (2018). http://www.samsung.com/semiconductor/minisite/exynos/products/mobileprocessor/exynos-7-octa-7420/
- 24.Samsung. Platform security (2018). http://developer.samsung.com/tech-insights/knox/platform-security
- 25.Spreitzer, R., Plos, T.: Cache-access pattern attack on disaligned AES T-tables. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 200–214. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40026-1_13CrossRefGoogle Scholar
- 26.Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)MathSciNetCrossRefGoogle Scholar
- 27.Trustonic. Trustonic Kinibi technology. https://developer.trustonic.com/discover/technology
- 28.Xinjie, Z., Tao, W., Dong, M., Yuanyuan, Z., Zhaoyang, L.: Robust first two rounds access driven cache timing attack on AES. In: 2008 International Conference on Computer Science and Software Engineering, vol. 3, pp. 785–788. IEEE (2008)Google Scholar
- 29.Zhang, N., Sun, K., Shands, D., Lou, W., Hou, Y.T.: TruSpy: cache side-channel information leakage from the secure world on ARM devices. IACR Cryptology ePrint Archive, 2016/980 (2016)Google Scholar