Differential Power Analysis (DPA) measures single-bit differences between data values used in computer systems by statistical analysis of power traces. In this paper, we show that the mere co-location of data values, e.g., attacker and victim data in the same buffers and caches, leads to power leakage in modern CPUs that depends on a combination of both values, resulting in a novel attack, Collide+Power. We systematically analyze the power leakage of the CPU's memory hierarchy to derive precise leakage models enabling practical end-to-end attacks. These attacks can be conducted in software with any signal related to power consumption, e.g., power consumption interfaces or throttling-induced timing variations. Leakage due to throttling requires 133.3 times more samples than direct power measurements. We develop a novel differential measurement technique amplifying the exploitable leakage by a factor of 8.778 on average, compared to a straightforward DPA approach. We demonstrate that Collide+Power leaks single-bit differences from the CPU's memory hierarchy with fewer than 23000 measurements. Collide+Power varies attacker-controlled data in our end-to-end DPA attacks. We present a Meltdown-style attack, leaking from attacker-chosen memory locations, and a faster MDS-style attack, which leaks 4.82 bit/h. Collide+Power is a generic attack applicable to any modern CPU, arbitrary memory locations, and victim applications and data. However, the Meltdown-style attack is not yet practical, as it is limited by the state of the art of prefetching victim data into the cache, leading to an unrealistic real-world attack runtime with throttling of more than a year for a single bit. Given the different variants and potentially more practical prefetching methods, we consider Collide+Power a relevant threat that is challenging to mitigate.
History
Preferred Citation
Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss and Stefan Mangard. Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels. In: Usenix Security Symposium (USENIX-Security). 2023.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
Usenix Security Symposium (USENIX-Security)
Legacy Posted Date
2023-08-01
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3999,
title = "Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels",
author = "Kogler, Andreas and Juffinger, Jonas and Giner, Lukas and Gerlach, Lukas and Schwarzl, Martin and Schwarz, Michael and Gruss, Daniel and Mangard, Stefan",
booktitle="{Usenix Security Symposium (USENIX-Security)}",
year="2023",
}