Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Differential Power Analysis (DPA) measures single-bit differences between data values used in computer systems by statistical analysis of power traces. In this paper, we show that the mere co-location of data values, e.g., attacker and victim data in the same buffers and caches, leads to power leakage in modern CPUs that depends on a combination of both values, resulting in a novel attack, Collide+Power. We systematically analyze the power leakage of the CPU's memory hierarchy to derive precise leakage models enabling practical end-to-end attacks. These attacks can be conducted in software with any signal related to power consumption, e.g., power consumption interfaces or throttling-induced timing variations. Leakage due to throttling requires 133.3 times more samples than direct power measurements. We develop a novel differential measurement technique amplifying the exploitable leakage by a factor of 8.778 on average, compared to a straightforward DPA approach. We demonstrate that Collide+Power leaks single-bit differences from the CPU's memory hierarchy with fewer than 23000 measurements. Collide+Power varies attacker-controlled data in our end-to-end DPA attacks. We present a Meltdown-style attack, leaking from attacker-chosen memory locations, and a faster MDS-style attack, which leaks 4.82 bit/h. Collide+Power is a generic attack applicable to any modern CPU, arbitrary memory locations, and victim applications and data. However, the Meltdown-style attack is not yet practical, as it is limited by the state of the art of prefetching victim data into the cache, leading to an unrealistic real-world attack runtime with throttling of more than a year for a single bit. Given the different variants and potentially more practical prefetching methods, we consider Collide+Power a relevant threat that is challenging to mitigate.
Originalspracheenglisch
Titel32nd USENIX Security Symposium, USENIX Security 2023
Herausgeber (Verlag)USENIX Association
Seiten7285-7302
Seitenumfang18
ISBN (elektronisch)9781713879497
ISBN (Print)978-1-939133-37-3
PublikationsstatusVeröffentlicht - 9 Aug. 2023
Veranstaltung32nd USENIX Security Symposium: USENIX Security 2023 - Anaheim, USA / Vereinigte Staaten
Dauer: 9 Aug. 202311 Aug. 2023

Konferenz

Konferenz32nd USENIX Security Symposium
KurztitelUSENIX Security '23
Land/GebietUSA / Vereinigte Staaten
OrtAnaheim
Zeitraum9/08/2311/08/23

ASJC Scopus subject areas

  • Information systems
  • Sicherheit, Risiko, Zuverlässigkeit und Qualität
  • Computernetzwerke und -kommunikation

Fingerprint

Untersuchen Sie die Forschungsthemen von „Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren