CISPA
Browse
- No file added yet -

Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

Download (395.05 kB)
conference contribution
posted on 2023-11-29, 18:24 authored by Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas GerlachLukas Gerlach, Martin Schwarzl, Michael SchwarzMichael Schwarz, Daniel Gruss, Stefan Mangard
Differential Power Analysis (DPA) measures single-bit differences between data values used in computer systems by statistical analysis of power traces. In this paper, we show that the mere co-location of data values, e.g., attacker and victim data in the same buffers and caches, leads to power leakage in modern CPUs that depends on a combination of both values, resulting in a novel attack, Collide+Power. We systematically analyze the power leakage of the CPU's memory hierarchy to derive precise leakage models enabling practical end-to-end attacks. These attacks can be conducted in software with any signal related to power consumption, e.g., power consumption interfaces or throttling-induced timing variations. Leakage due to throttling requires 133.3 times more samples than direct power measurements. We develop a novel differential measurement technique amplifying the exploitable leakage by a factor of 8.778 on average, compared to a straightforward DPA approach. We demonstrate that Collide+Power leaks single-bit differences from the CPU's memory hierarchy with fewer than 23000 measurements. Collide+Power varies attacker-controlled data in our end-to-end DPA attacks. We present a Meltdown-style attack, leaking from attacker-chosen memory locations, and a faster MDS-style attack, which leaks 4.82 bit/h. Collide+Power is a generic attack applicable to any modern CPU, arbitrary memory locations, and victim applications and data. However, the Meltdown-style attack is not yet practical, as it is limited by the state of the art of prefetching victim data into the cache, leading to an unrealistic real-world attack runtime with throttling of more than a year for a single bit. Given the different variants and potentially more practical prefetching methods, we consider Collide+Power a relevant threat that is challenging to mitigate.

History

Preferred Citation

Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss and Stefan Mangard. Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels. In: Usenix Security Symposium (USENIX-Security). 2023.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2023-08-01

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3999, title = "Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels", author = "Kogler, Andreas and Juffinger, Jonas and Giner, Lukas and Gerlach, Lukas and Schwarzl, Martin and Schwarz, Michael and Gruss, Daniel and Mangard, Stefan", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC