Skip to main content
SpringerLink
Log in

PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV

  • Conference paper
  • First Online:
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13959))

Abstract

An increasing number of Trusted Execution Environment (TEE) is adopting to a variety of commercial products for protecting data security on the cloud. However, TEEs are still exposed to various side-channel vulnerabilities, such as execution order-based, timing-based, and power-based vulnerabilities. While recent hardware is applying various techniques to mitigate order-based and timing-based side-channel vulnerabilities, power-based side-channel attacks remain a concern of hardware security, especially for the confidential computing settings where the server machines are beyond the control of cloud users. In this paper, we present PwrLeak, an attack framework that exploits AMD’s power reporting interfaces to build power side-channel attacks against AMD Secure Encrypted Virtualization (SEV)-protected VM. We design and implement the attack framework with three general steps: (1) identify the instruction running inside AMD SEV, (2) apply a power interpolator to amplify power consumption, including an emulation-based interpolator for analyzing purposes and a more general interrupt-based interpolator, and (3) infer secrets with various analysis approaches. A case study of using the emulation-based interpolator to infer the whole JPEG images processed by libjpeg demonstrates its ability to help analyze power consumption inside SEV VM. Our end-to-end attacks against Intel’s Integrated Performance Primitives (Intel IPP) library indicates that PwrLeak can be exploited to infer RSA private keys with over 80% accuracy using the interrupt-based interpolator.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Confidential computing: an AWS perspective (2021). https://aws.amazon.com/blogs/security/confidential-computing-an-aws-perspective/, 2021. Aug, 2021

  2. SEV Secure Nested Paging Firmware ABI Specification (2021). https://www.amd.com/system/files/TechDocs/56860.pdf

  3. Arm Confidential Compute Architecture (2022). https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture. 2022. Dec, 2022

  4. Intel trust domain extensions (2022). https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html. 2022. Dec, 2022

  5. Kuzu, E.A., Soysal, B., Şahinoğlu, M., Güvenç, U., Tangel, A.: New cross correlation attack methods on the montgomery ladder implementation of rsa. In: 2013 3rd IEEE International Advance Computing Conference (IACC), pp. 138–142 (2013)

    Google Scholar 

  6. AMD. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. White paper (2020)

    Google Scholar 

  7. AMD. AMD Secure Encryption Virtualization (SEV) Information Disclosure (Bulletin ID: AMD-SB-1013) (2021). https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013

  8. AMD. AMDSEV branch (2022). https://github.com/AMDESE/AMDSEV/

  9. Bottinelli, P., Bos, J.W.: Computational aspects of correlation power analysis. J. Cryptographic Eng. 7(3), 167–181 (2017)

    Google Scholar 

  10. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  11. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  12. Chen, Y., Jin, X., Sun, J., Zhang, R., Zhang, Y.: Powerful: mobile app fingerprinting via power analysis. In: IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE (2017)

    Google Scholar 

  13. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_4

    Chapter  Google Scholar 

  14. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25

    Chapter  Google Scholar 

  15. Du, Z.-H., et al.: Secure encrypted virtualization is unsecure. arXiv preprint arXiv:1712.05090 (2017)

  16. Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17499-5_4

    Chapter  Google Scholar 

  17. Google. Introducing google cloud confidential computing with confidential VMs (2020). https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms

  18. Hetzelt, F., Buhren, R.: Security analysis of encrypted virtual machines. ACM SIGPLAN Notices 52(7), 129–142 (2017)

    Article  Google Scholar 

  19. Intel integrated performance primitives. https://software.intel.com/content/www/us/en/develop/tools/oneapi/components/ipp.html

  20. Itoh, K., Yamamoto, D., Yajima, J., Ogata, W.: Collision-based power attack for RSA with small public exponent. IEICE Trans. Inf. Syst. 92(5), 897–908 (2009)

    Article  Google Scholar 

  21. Kaplan, D.: Protecting VM register state with SEV-ES. White paper (2017)

    Google Scholar 

  22. Kocher, P., Jaffe, J., Jun, B., et al.: Introduction to differential power analysis and related attacks (1998)

    Google Scholar 

  23. Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., Zhang, Y.: A systematic look at ciphertext side channels on AMD SEV-SNP. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1541–1541. IEEE Computer Society (2022)

    Google Scholar 

  24. Li, M., Zhang, Y., Lin, Z.: Crossline: Breaking “security-by-crash” based memory isolation in AMD SEV. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2937–2950 (2021)

    Google Scholar 

  25. Li, M., Zhang, Y., Lin, Z., Solihin, Y.: Exploiting unprotected I/O operations in AMD’s secure encrypted virtualization. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1257–1272 (2019)

    Google Scholar 

  26. Li, M., Zhang, Y., Wang, H., Li, K., Cheng, Y.: CIPHERLEAKS: breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 717–732 (2021)

    Google Scholar 

  27. Li, M., Zhang, Y., Wang, H., Li, K., Cheng, Y.: TLB Poisoning Attacks on AMD Secure Encrypted Virtualization. In: Annual Computer Security Applications Conference, pp. 609–619 (2021)

    Google Scholar 

  28. Libjpeg. Libjpeg version 6b Files. https://sourceforge.net/projects/libjpeg/files/libjpeg/6b/

  29. Lipp, M., Gruss, D., Schwarz, M.: AMD prefetch attacks through power and time. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 643–660 (2022)

    Google Scholar 

  30. Lipp, M., et al.: Platypus: software-based power side-channel attacks on x86. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 355–371. IEEE (2021)

    Google Scholar 

  31. Lo, O., Buchanan, W.J., Carson, D.: Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). J. Cyber Secur. Technol. 1(2), 88–107 (2017)

    Google Scholar 

  32. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards, vol. 31. Springer Science & Business Media (2008)

    Google Scholar 

  33. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_14

    Chapter  Google Scholar 

  34. Larabel, M.: AMD Energy Driver Booted From The Linux 5.13 Kernel. https://www.phoronix.com/news/Linux-5.13-AMD-Energy-Removed (2021)

  35. Michalevsky, Y., Schulman, A., Veerapandian, G.A., Boneh, D., Nakibly, G.: PowerSpy: location tracking using mobile device power analysis. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 785–800 (2015)

    Google Scholar 

  36. Microsoft. Azure and AMD announce landmark in confidential computing evolution (2021). https://azure.microsoft.com/en-us/blog/azure-and-amd-enable-lift-and-shift-confidential-computing/

  37. Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_9

    Chapter  Google Scholar 

  38. Morbitzer, M., Huber, M., Horsch, J.: Extracting secrets from encrypted virtual machines. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 221–230 (2019)

    Google Scholar 

  39. Morbitzer, M., Huber, M., Horsch, J., Wessel, S.: Severed: subverting AMD’s virtual machine encryption. In: Proceedings of the 11th European Workshop on Systems Security, pp. 1–6 (2018)

    Google Scholar 

  40. Niu, Y., Zhang, J., Wang, A., Chen, C.: An efficient collision power attack on AES encryption in edge computing. IEEE Access 7, 18734–18748 (2019)

    Article  Google Scholar 

  41. Park, J., Xu, X., Jin, Y., Forte, D., Tehranipoor, M.: Power-based side-channel instruction-level disassembler. In: 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2018)

    Google Scholar 

  42. Strobel, D., Bache, F., Oswald, D., Schellenberg, F., Paar, C.: Scandalee: a side-channel-based disassembler using local electromagnetic emanations. In: 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 139–144. IEEE (2015)

    Google Scholar 

  43. Sung-Ming, Y., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45861-1_31

    Chapter  Google Scholar 

  44. Van Bulck, J., Piessens, F., Strackx, R.: SGX-step: a practical attack framework for precise enclave execution control. In: Proceedings of the 2Nd Workshop on System Software for Trusted Execution, (SysTEX’17) (2017)

    Google Scholar 

  45. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering Java Card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72354-7_12

    Chapter  Google Scholar 

  46. Wan, W., Yang, W., Chen, J.: An optimized cross correlation power attack of message blinding exponentiation algorithms. China Commun. 12(6), 22–32 (2015)

    Article  Google Scholar 

  47. Werner, J., Mason, J., Antonakakis, M., Polychronakis, M., Monrose, F.: The SEVerESt of them all: inference attacks against secure virtual enclaves. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 73–85 (2019)

    Google Scholar 

  48. Wilke, L., Wichelmann, J., Morbitzer, M., Eisenbarth, T.: Sevurity: No security without integrity: breaking integrity-free memory encryption with minimal assumptions. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1483–1496. IEEE (2020)

    Google Scholar 

  49. Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_6

    Chapter  MATH  Google Scholar 

  50. Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP’15). IEEE (2015)

    Google Scholar 

  51. Yang, S., Wolf, W., Vijaykrishnan, N., Serpanos, D.N., Xie, Y.: Power attack resistant cryptosystem design: A dynamic voltage and frequency switching approach. In: Design, Automation and Test in Europe, pp. 64–69. IEEE (2005)

    Google Scholar 

  52. Zeichick, A.: Security Ahoy! Flying the NX Flag on Windows and AMD64 To Stop Attacks. Advanced Micro Devices, March 2007

    Google Scholar 

  53. Zhao, B., Wang, L., Jiang, K., Liang, X., Shan, W., Liu, J.: An improved power attack on small RSA public exponent. In: 2016 12th International Conference on Computational Intelligence and Security (CIS), pp. 578–581. IEEE (2016)

    Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers and the shepherd Moritz Lipp for their very helpful comments and feedback during revision, which have significantly improved the quality and clarity of the work. This research was partially supported by NSF award 2207202. Any opinions, findings, and conclusions or recommendations in this paper are those of the authors and do not necessarily reflect the views of the NSF.

Author information

Authors and Affiliations

  1. The Ohio State University, Columbus, OH, 43210, USA

    Wubing Wang, Mengyuan Li & Zhiqiang Lin

  2. Southern University of Science and Technology, Shenzhen, 518055, Guangdong, China

    Yinqian Zhang

Authors
  1. Wubing Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mengyuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yinqian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhiqiang Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiqiang Lin .

Editor information

Editors and Affiliations

  1. Graz University of Technology, Graz, Austria

    Daniel Gruss

  2. AWS Italy, Milan, Italy

    Federico Maggi

  3. Universität Hamburg, Hamburg, Germany

    Mathias Fischer

  4. Politecnico di Milano, Milan, Italy

    Michele Carminati

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, W., Li, M., Zhang, Y., Lin, Z. (2023). PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV. In: Gruss, D., Maggi, F., Fischer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2023. Lecture Notes in Computer Science, vol 13959. Springer, Cham. https://doi.org/10.1007/978-3-031-35504-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35504-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35503-5

  • Online ISBN: 978-3-031-35504-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation