SideLine: How Delay-Lines (May) Leak Secrets from your SoC

by   Joseph Gravellier, et al.

To meet the ever-growing need for performance in silicon devices, SoC providers have been increasingly relying on software-hardware cooperation. By controlling hardware resources such as power or clock management from the software, developers earn the possibility to build more flexible and power efficient applications. Despite the benefits, these hardware components are now exposed to software code and can potentially be misused as open-doors to jeopardize trusted environments, perform privilege escalation or steal cryptographic secrets. In this work, we introduce SideLine, a novel side-channel vector based on delay-line components widely implemented in high-end SoCs. After providing a detailed method on how to access and convert delay-line data into power consumption information, we demonstrate that these entities can be used to perform remote power side-channel attacks. We report experiments carried out on two SoCs from distinct vendors and we recount several core-vs-core attack scenarios in which an adversary process located in one processor core aims at eavesdropping the activity of a victim process located in another core. For each scenario, we demonstrate the adversary ability to fully recover the secret key of an OpenSSL AES running in the victim core. Even more detrimental, we show that these attacks are still practicable if the victim or the attacker program runs over an operating system.


The Power of Telemetry: Uncovering Software-Based Side-Channel Attacks on Apple M1/M2 Systems

Power analysis is a class of side-channel attacks, where power consumpti...

Monitoring Performance Metrics is not Enough to Detect Side-Channel Attacks on Intel SGX

Side-channel vulnerabilities of Intel SGX is driving the research commun...

V0LTpwn: Attacking x86 Processor Integrity from Software

Fault-injection attacks have been proven in the past to be a reliable wa...

PARAM: A Microprocessor Hardened for Power Side-Channel Attack Resistance

The power consumption of a microprocessor is a huge channel for informat...

Frequency Throttling Side-Channel Attack

Modern processors dynamically control their operating frequency to optim...

SafeBet: Secure, Simple, and Fast Speculative Execution

Spectre attacks exploit microprocessor speculative execution to read and...

Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model

Due to its sound theoretical basis and practical efficiency, masking has...

Please sign up or login with your details

Forgot password? Click here to reset