Projekte pro Jahr
Abstract
Differential Power Analysis (DPA) measures single-bit differences between data values used in computer systems by statistical analysis of power traces. In this paper, we show that the mere co-location of data values, e.g., attacker and victim data in the same buffers and caches, leads to power leakage in modern CPUs that depends on a combination of both values, resulting in a novel attack, Collide+Power. We systematically analyze the power leakage of the CPU's memory hierarchy to derive precise leakage models enabling practical end-to-end attacks. These attacks can be conducted in software with any signal related to power consumption, e.g., power consumption interfaces or throttling-induced timing variations. Leakage due to throttling requires 133.3 times more samples than direct power measurements. We develop a novel differential measurement technique amplifying the exploitable leakage by a factor of 8.778 on average, compared to a straightforward DPA approach. We demonstrate that Collide+Power leaks single-bit differences from the CPU's memory hierarchy with fewer than 23000 measurements. Collide+Power varies attacker-controlled data in our end-to-end DPA attacks. We present a Meltdown-style attack, leaking from attacker-chosen memory locations, and a faster MDS-style attack, which leaks 4.82 bit/h. Collide+Power is a generic attack applicable to any modern CPU, arbitrary memory locations, and victim applications and data. However, the Meltdown-style attack is not yet practical, as it is limited by the state of the art of prefetching victim data into the cache, leading to an unrealistic real-world attack runtime with throttling of more than a year for a single bit. Given the different variants and potentially more practical prefetching methods, we consider Collide+Power a relevant threat that is challenging to mitigate.
Originalsprache | englisch |
---|---|
Titel | 32nd USENIX Security Symposium, USENIX Security 2023 |
Herausgeber (Verlag) | USENIX Association |
Seiten | 7285-7302 |
Seitenumfang | 18 |
ISBN (elektronisch) | 9781713879497 |
ISBN (Print) | 978-1-939133-37-3 |
Publikationsstatus | Veröffentlicht - 9 Aug. 2023 |
Veranstaltung | 32nd USENIX Security Symposium: USENIX Security 2023 - Anaheim, USA / Vereinigte Staaten Dauer: 9 Aug. 2023 → 11 Aug. 2023 |
Konferenz
Konferenz | 32nd USENIX Security Symposium |
---|---|
Kurztitel | USENIX Security '23 |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Anaheim |
Zeitraum | 9/08/23 → 11/08/23 |
ASJC Scopus subject areas
- Information systems
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 2 Laufend
-
EU - FSSec - Grundlagen für nachhaltige Sicherheit
Gruss, D. (Teilnehmer (Co-Investigator))
1/03/23 → 29/02/28
Projekt: Forschungsprojekt
-
Spezialforschungsbereich (SFB) F85 Semantische und kryptographische Grundlagen von Sicherheit und Datenschutz durch Compositional Design
Mangard, S. (Teilnehmer (Co-Investigator))
1/01/23 → 31/12/26
Projekt: Forschungsprojekt