How TrustZone Could Be Bypassed: Side-Channel Attacks on a Modern System-on-Chip

  • Sebanjila Kevin BukasaEmail author
  • Ronan Lashermes
  • Hélène Le Bouder
  • Jean-Louis Lanet
  • Axel Legay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10741)


Side-channel attacks (SCA) exploit the reification of a computation through its physical dimensions (current consumption, EM emission, ...). Focusing on Electromagnetic analyses (EMA), such analyses have mostly been considered on low-end devices: smartcards and microcontrollers. In the wake of recent works, we propose to analyze the effects of a modern microarchitecture on the efficiency of EMA (here Correlation Power Analysis and template attacks). We show that despite the difficulty to synchronize the measurements, the speed of the targeted core and the activity of other cores on the same chip can still be accommodated. Finally, we confirm that enabling the secure mode of TrustZone (a hardware-assisted software countermeasure) has no effect whatsoever on the EMA efficiency. Therefore, critical applications in TrustZone are not more secure than in the normal world with respect to EMA, in accordance with the fact that it is not a countermeasure against physical attacks. For the best of our knowledge this is the first application of EMA against TrustZone.


ARM TrustZone Side-Channel Analysis (SCA) Raspberry Pi 2 


  1. 1.
  2. 2.
    Aboulkassimi, D., Agoyan, M., Freund, L., Fournier, J., Robisson, B., Tria, A.: Electromagnetic analysis (EMA) of software AES on Java mobile phones. In: 2011 IEEE International Workshop on Information Forensics and Security, pp. 1–6, November 2011Google Scholar
  3. 3.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). Scholar
  4. 4.
    Balasch, J., Gierlichs, B., Reparaz, O., Verbauwhede, I.: DPA, bitslicing and masking at 1 GHz. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015, pp. 599–619. Springer, Heidelberg (2015). Scholar
  5. 5.
    Betters, E.: Apple pay: How it works (2016). Accessed 14 Feb 2017
  6. 6.
    Bouder, H.L., Barry, T., Couroussé, D., Lashermes, R., Lanet, J.L.: A template attack against VERIFY PIN algorithms. In: Secrypt (2016)Google Scholar
  7. 7.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). Scholar
  8. 8.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). Scholar
  9. 9.
    Clavier, C.: An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: McDaniel, P., Gupta, S.K. (eds.) Information Systems Security, pp. 143–155. Springer, Heidelberg (2007).
  10. 10.
    Corpuz, J.: Mobile password managers (2017). Accessed 14 Feb 2017
  11. 11.
    Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive, Report 2016/086 (2016).
  12. 12.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 207–228. Springer, Heidelberg (2015). Scholar
  13. 13.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1626–1638. ACM, New York (2016).
  14. 14.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). Scholar
  15. 15.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  16. 16.
    Koeune, F., Standaert, F.-X.: A tutorial on physical security and side-channel attacks. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2004-2005. LNCS, vol. 3655, pp. 78–108. Springer, Heidelberg (2005). Scholar
  17. 17.
    Foo Kune, D., Kim, Y.: Timing attacks on pin input devices. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 678–680. ACM (2010)Google Scholar
  18. 18.
    Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: Armageddon: cache attacks on mobile devices. In: USENIX Security Symposium, pp. 549–564 (2016)Google Scholar
  19. 19.
    Longo, J., De Mulder, E., Page, D., Tunstall, M.: SoC It to EM: electromagnetic side-channel attacks on a complex system-on-chip. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 620–640. Springer, Heidelberg (2015). Scholar
  20. 20.
    Mangard, S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 343–358. Springer, Heidelberg (2003). Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31. Springer, Heidelberg (2008).
  22. 22.
    Marsaglia, G., et al.: Xorshift RNGs. J. Stat. Softw. 8(14), 1–6 (2003)CrossRefGoogle Scholar
  23. 23.
    Nguyen, L.: Samsung pay: How it works (2016). Accessed 14 Feb 2017
  24. 24.
    NIST: Specification for the Advanced Encryption Standard. FIPS PUB 197 197, November 2001Google Scholar
  25. 25.
    Oswald, E.: Enhancing simple power-analysis attacks on elliptic curve cryptosystems. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003). Scholar
  26. 26.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  27. 27.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). Scholar
  28. 28.
    Riviere, L.: Sécurité des implémentations logicielles face aux attaques par injection de faute sur systemes embarqués. Ph.D. thesis, Telecom Paris Tech (2015)Google Scholar
  29. 29.
    Uno, H., Endo, S., Hayashi, Y.I., Homma, N., Aoki, T.: Chosen-message electromagnetic analysis against cryptographic software on embedded OS. In: 2014 International Symposium on Electromagnetic Compatibility, Tokyo, pp. 314–317, May 2014Google Scholar
  30. 30.
    Zhang, N., Sun, K., Shands, D., Lou, W., Hou, Y.T.: Truspy: cache side-channel information leakage from the secure world on arm devices (2016)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Sebanjila Kevin Bukasa
    • 1
    • 2
    Email author
  • Ronan Lashermes
    • 1
    • 2
  • Hélène Le Bouder
    • 3
  • Jean-Louis Lanet
    • 1
    • 2
  • Axel Legay
    • 2
  1. 1.LHS-PECRennesFrance
  2. 2.TAMIS INRIARennesFrance
  3. 3.IMT AtlantiqueRennesFrance

Personalised recommendations