Abstract
An increasing number of Trusted Execution Environment (TEE) is adopting to a variety of commercial products for protecting data security on the cloud. However, TEEs are still exposed to various side-channel vulnerabilities, such as execution order-based, timing-based, and power-based vulnerabilities. While recent hardware is applying various techniques to mitigate order-based and timing-based side-channel vulnerabilities, power-based side-channel attacks remain a concern of hardware security, especially for the confidential computing settings where the server machines are beyond the control of cloud users. In this paper, we present PwrLeak, an attack framework that exploits AMD’s power reporting interfaces to build power side-channel attacks against AMD Secure Encrypted Virtualization (SEV)-protected VM. We design and implement the attack framework with three general steps: (1) identify the instruction running inside AMD SEV, (2) apply a power interpolator to amplify power consumption, including an emulation-based interpolator for analyzing purposes and a more general interrupt-based interpolator, and (3) infer secrets with various analysis approaches. A case study of using the emulation-based interpolator to infer the whole JPEG images processed by libjpeg demonstrates its ability to help analyze power consumption inside SEV VM. Our end-to-end attacks against Intel’s Integrated Performance Primitives (Intel IPP) library indicates that PwrLeak can be exploited to infer RSA private keys with over 80% accuracy using the interrupt-based interpolator.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Confidential computing: an AWS perspective (2021). https://aws.amazon.com/blogs/security/confidential-computing-an-aws-perspective/, 2021. Aug, 2021
SEV Secure Nested Paging Firmware ABI Specification (2021). https://www.amd.com/system/files/TechDocs/56860.pdf
Arm Confidential Compute Architecture (2022). https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture. 2022. Dec, 2022
Intel trust domain extensions (2022). https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html. 2022. Dec, 2022
Kuzu, E.A., Soysal, B., Şahinoğlu, M., Güvenç, U., Tangel, A.: New cross correlation attack methods on the montgomery ladder implementation of rsa. In: 2013 3rd IEEE International Advance Computing Conference (IACC), pp. 138–142 (2013)
AMD. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. White paper (2020)
AMD. AMD Secure Encryption Virtualization (SEV) Information Disclosure (Bulletin ID: AMD-SB-1013) (2021). https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
AMD. AMDSEV branch (2022). https://github.com/AMDESE/AMDSEV/
Bottinelli, P., Bos, J.W.: Computational aspects of correlation power analysis. J. Cryptographic Eng. 7(3), 167–181 (2017)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Chen, Y., Jin, X., Sun, J., Zhang, R., Zhang, Y.: Powerful: mobile app fingerprinting via power analysis. In: IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE (2017)
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_4
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25
Du, Z.-H., et al.: Secure encrypted virtualization is unsecure. arXiv preprint arXiv:1712.05090 (2017)
Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17499-5_4
Google. Introducing google cloud confidential computing with confidential VMs (2020). https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms
Hetzelt, F., Buhren, R.: Security analysis of encrypted virtual machines. ACM SIGPLAN Notices 52(7), 129–142 (2017)
Intel integrated performance primitives. https://software.intel.com/content/www/us/en/develop/tools/oneapi/components/ipp.html
Itoh, K., Yamamoto, D., Yajima, J., Ogata, W.: Collision-based power attack for RSA with small public exponent. IEICE Trans. Inf. Syst. 92(5), 897–908 (2009)
Kaplan, D.: Protecting VM register state with SEV-ES. White paper (2017)
Kocher, P., Jaffe, J., Jun, B., et al.: Introduction to differential power analysis and related attacks (1998)
Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., Zhang, Y.: A systematic look at ciphertext side channels on AMD SEV-SNP. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1541–1541. IEEE Computer Society (2022)
Li, M., Zhang, Y., Lin, Z.: Crossline: Breaking “security-by-crash” based memory isolation in AMD SEV. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2937–2950 (2021)
Li, M., Zhang, Y., Lin, Z., Solihin, Y.: Exploiting unprotected I/O operations in AMD’s secure encrypted virtualization. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1257–1272 (2019)
Li, M., Zhang, Y., Wang, H., Li, K., Cheng, Y.: CIPHERLEAKS: breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 717–732 (2021)
Li, M., Zhang, Y., Wang, H., Li, K., Cheng, Y.: TLB Poisoning Attacks on AMD Secure Encrypted Virtualization. In: Annual Computer Security Applications Conference, pp. 609–619 (2021)
Libjpeg. Libjpeg version 6b Files. https://sourceforge.net/projects/libjpeg/files/libjpeg/6b/
Lipp, M., Gruss, D., Schwarz, M.: AMD prefetch attacks through power and time. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 643–660 (2022)
Lipp, M., et al.: Platypus: software-based power side-channel attacks on x86. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 355–371. IEEE (2021)
Lo, O., Buchanan, W.J., Carson, D.: Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). J. Cyber Secur. Technol. 1(2), 88–107 (2017)
Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards, vol. 31. Springer Science & Business Media (2008)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_14
Larabel, M.: AMD Energy Driver Booted From The Linux 5.13 Kernel. https://www.phoronix.com/news/Linux-5.13-AMD-Energy-Removed (2021)
Michalevsky, Y., Schulman, A., Veerapandian, G.A., Boneh, D., Nakibly, G.: PowerSpy: location tracking using mobile device power analysis. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 785–800 (2015)
Microsoft. Azure and AMD announce landmark in confidential computing evolution (2021). https://azure.microsoft.com/en-us/blog/azure-and-amd-enable-lift-and-shift-confidential-computing/
Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_9
Morbitzer, M., Huber, M., Horsch, J.: Extracting secrets from encrypted virtual machines. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 221–230 (2019)
Morbitzer, M., Huber, M., Horsch, J., Wessel, S.: Severed: subverting AMD’s virtual machine encryption. In: Proceedings of the 11th European Workshop on Systems Security, pp. 1–6 (2018)
Niu, Y., Zhang, J., Wang, A., Chen, C.: An efficient collision power attack on AES encryption in edge computing. IEEE Access 7, 18734–18748 (2019)
Park, J., Xu, X., Jin, Y., Forte, D., Tehranipoor, M.: Power-based side-channel instruction-level disassembler. In: 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2018)
Strobel, D., Bache, F., Oswald, D., Schellenberg, F., Paar, C.: Scandalee: a side-channel-based disassembler using local electromagnetic emanations. In: 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 139–144. IEEE (2015)
Sung-Ming, Y., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45861-1_31
Van Bulck, J., Piessens, F., Strackx, R.: SGX-step: a practical attack framework for precise enclave execution control. In: Proceedings of the 2Nd Workshop on System Software for Trusted Execution, (SysTEX’17) (2017)
Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering Java Card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72354-7_12
Wan, W., Yang, W., Chen, J.: An optimized cross correlation power attack of message blinding exponentiation algorithms. China Commun. 12(6), 22–32 (2015)
Werner, J., Mason, J., Antonakakis, M., Polychronakis, M., Monrose, F.: The SEVerESt of them all: inference attacks against secure virtual enclaves. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 73–85 (2019)
Wilke, L., Wichelmann, J., Morbitzer, M., Eisenbarth, T.: Sevurity: No security without integrity: breaking integrity-free memory encryption with minimal assumptions. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1483–1496. IEEE (2020)
Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_6
Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP’15). IEEE (2015)
Yang, S., Wolf, W., Vijaykrishnan, N., Serpanos, D.N., Xie, Y.: Power attack resistant cryptosystem design: A dynamic voltage and frequency switching approach. In: Design, Automation and Test in Europe, pp. 64–69. IEEE (2005)
Zeichick, A.: Security Ahoy! Flying the NX Flag on Windows and AMD64 To Stop Attacks. Advanced Micro Devices, March 2007
Zhao, B., Wang, L., Jiang, K., Liang, X., Shan, W., Liu, J.: An improved power attack on small RSA public exponent. In: 2016 12th International Conference on Computational Intelligence and Security (CIS), pp. 578–581. IEEE (2016)
Acknowledgments
We would like to thank the anonymous reviewers and the shepherd Moritz Lipp for their very helpful comments and feedback during revision, which have significantly improved the quality and clarity of the work. This research was partially supported by NSF award 2207202. Any opinions, findings, and conclusions or recommendations in this paper are those of the authors and do not necessarily reflect the views of the NSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, W., Li, M., Zhang, Y., Lin, Z. (2023). PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV. In: Gruss, D., Maggi, F., Fischer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2023. Lecture Notes in Computer Science, vol 13959. Springer, Cham. https://doi.org/10.1007/978-3-031-35504-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-35504-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35503-5
Online ISBN: 978-3-031-35504-2
eBook Packages: Computer ScienceComputer Science (R0)