PLATYPUS: software-based power side-channel attacks on x86

Moritz Lipp; Andreas Kogler; David Oswald; Michael Schwarz; Catherine Easdon; Claudio Canella; Daniel Gruss

doi:10.1109/SP40001.2021.00063.

PLATYPUS: software-based power side-channel attacks on x86

Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

524 Downloads (Pure)

Abstract

Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope. In this paper, we present novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel. We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.

Original language	English
Title of host publication	2021 IEEE Symposium on Security and Privacy (SP)
Publisher	IEEE Computer Society Press
Pages	355-371
Number of pages	17
ISBN (Electronic)	9781728189345
ISBN (Print)	9781728189352 (PoD)
DOIs	https://doi.org/10.1109/SP40001.2021.00063.
Publication status	Published - 26 Aug 2021
Event	42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021) - virtual event Duration: 24 May 2021 → 27 May 2021

Publication series

Name	Proceedings of the IEEE Symposium on Security and Privacy
Publisher	IEEE
ISSN (Print)	1081-6011
ISSN (Electronic)	2375-1207

Conference

Conference	42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021)
City	virtual event
Period	24/05/21 → 27/05/21

Keywords

Energy consumption
Privacy
Power demand
Portable computers
Side-channel attacks
Thermal management
Servers

Access to Document

10.1109/SP40001.2021.00063.

LippM2021PLATYPUS
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. M. Lipp et al., "PLATYPUS: Software-based Power Side-Channel Attacks on x86," 2021 IEEE Symposium on Security and Privacy (SP), 2021, pp. 355-371, doi: 10.1109/SP40001.2021.00063.
Accepted author manuscript, 557 KBLicence: Other (please specify with Rights Statement)

Cite this

@inproceedings{5f302f8988a7407c86100fecb57a27b5,

title = "PLATYPUS: software-based power side-channel attacks on x86",

abstract = "Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope. In this paper, we present novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel. We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.",

keywords = "Energy consumption, Privacy, Power demand, Portable computers, Side-channel attacks, Thermal management, Servers",

author = "Moritz Lipp and Andreas Kogler and David Oswald and Michael Schwarz and Catherine Easdon and Claudio Canella and Daniel Gruss",

year = "2021",

month = aug,

day = "26",

doi = "10.1109/SP40001.2021.00063.",

language = "English",

isbn = "9781728189352 (PoD)",

series = "Proceedings of the IEEE Symposium on Security and Privacy",

publisher = "IEEE Computer Society Press",

pages = "355--371",

booktitle = "2021 IEEE Symposium on Security and Privacy (SP)",

note = "42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021) ; Conference date: 24-05-2021 Through 27-05-2021",

}

Lipp, M, Kogler, A, Oswald, D, Schwarz, M, Easdon, C, Canella, C & Gruss, D 2021, PLATYPUS: software-based power side-channel attacks on x86. in 2021 IEEE Symposium on Security and Privacy (SP). Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 355-371, 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021), virtual event, 24/05/21. https://doi.org/10.1109/SP40001.2021.00063.

TY - GEN

T1 - PLATYPUS

T2 - 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021)

AU - Lipp, Moritz

AU - Kogler, Andreas

AU - Oswald, David

AU - Schwarz, Michael

AU - Easdon, Catherine

AU - Canella, Claudio

AU - Gruss, Daniel

PY - 2021/8/26

Y1 - 2021/8/26

N2 - Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope. In this paper, we present novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel. We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.

AB - Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope. In this paper, we present novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel. We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.

KW - Energy consumption

KW - Privacy

KW - Power demand

KW - Portable computers

KW - Side-channel attacks

KW - Thermal management

KW - Servers

U2 - 10.1109/SP40001.2021.00063.

DO - 10.1109/SP40001.2021.00063.

M3 - Conference contribution

SN - 9781728189352 (PoD)

T3 - Proceedings of the IEEE Symposium on Security and Privacy

SP - 355

EP - 371

BT - 2021 IEEE Symposium on Security and Privacy (SP)

PB - IEEE Computer Society Press

Y2 - 24 May 2021 through 27 May 2021

ER -

PLATYPUS: software-based power side-channel attacks on x86

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this