clkscrew
play

ClkScrew Aaron Zhang Outline Introduction to DVFS and background - PowerPoint PPT Presentation

Aug 22, 2023 •154 likes •499 views

ClkScrew Aaron Zhang Outline Introduction to DVFS and background information. What makes CLKSCREW unique? Challenges to CLKSCREW Attacks and Results Conclusion Voltage Energy + = Usage Frequency HARDWARE DVFS (Dynamic

  1. ClkScrew Aaron Zhang

  2. Outline • Introduction to DVFS and background information. • What makes CLKSCREW unique? • Challenges to CLKSCREW • Attacks and Results • Conclusion

  3. Voltage Energy + = Usage Frequency

  4. HARDWARE DVFS (Dynamic Voltage and Frequency Scaling) SOFTWARE

  7. Outline • Introduction to DVFS and background information. • What makes CLKSCREW unique? • Challenges to CLKSCREW • Attacks and Results • Conclusion

  9. 1 1 1 FLIP FLOP FLIP FLOP

  10. Less time for number to go through Flip-Flop 0 0 1 FLIP FLOP FLIP FLOP

  11. NON- TRUSTZONE TRUSTZONE DVFS

  12. Steps 1. Clear Residual States 2. Profile for Anchor 3. Pre-fault Delaying 4. Deliver the fault.

  13. Outline • Introduction to DVFS and background information. • What makes CLKSCREW unique? • Challenges to CLKSCREW • Attacks and Results • Conclusion

  14. Do phones allow for overclocking/ under-volting?

  16. How do you make sure the flip-flops do not damage the injected code?

  17. Attacker Code CPU CORE 1 Victim Thread CPU CORE 2

  18. How do you get the timing precise enough? How do we make sure the attack occurs where we want it to occur?

  19. Outline • Introduction to DVFS and background information. • What makes CLKSCREW unique? • Challenges to CLKSCREW • Attacks and Results • Conclusion

  20. Inferring AES Keys AES Attacking Decryption Code NON- TRUSTZONE TRUSTZONE DVFS

  23. Loading Apps into Trust Zone Attacker’s Attacking App Code NON- TRUSTZONE TRUSTZONE DVFS

  24. • Each App has 4 Signatures • One signature takes 270 Million clock cycles to App validate. 1. Signature 1 2. Signature 2 • In order for CLKSCREW to 3. Signature 3 4. Signature 4 corrupt data it needs to change just 65 thousand clock cycles within the entire process

  25. 65000/1080000000 = 0.0000601%

  26. Cache Profiling • Pick a memory address of the area of interest • Run dummy instructions and time the amount it takes for these instructions to be removed • Patterns for removing will tell you the pattern of the actual code. Timing Anchor • Track duration of consecutive cache instructions

  27. One instance of Desired Fault out of 65

  28. Outline • Introduction to DVFS and background information. • What makes CLKSCREW unique? • Challenges to CLKSCREW • Attacks and Results • Conclusion

  29. Defenses

  30. Hardware Limits regarding Voltage and Frequency • Make it unable for users to overclock and under- volt their phones • Difficulties include having to remake hardware chips from scratch and having every phone and chipmaker adhere to regulation.

  31. Separate DVFS for Trustzone • Create a separate DVFS for Trustzone itself • Separate DVFS’ for cores on the same chip can cause massive overhead.

  32. Randomization • Randomize clock cycles so that attackers do not know what to expect. • Useless when run-time time-anchors are used.

  33. Conclusions • CLKSCREW is a side-channel attack that utilizes voltage and frequency of devices to induce faults. • Exploiting faults that cannot be easily changed.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Flipping the classroom in Rutgers Mathematics Courses Rutgers Active Learning Conference 2019

Flipping the classroom in Rutgers Mathematics Courses Rutgers Active Learning Conference 2019

Flipping the classroom in Rutgers Mathematics Courses Rutgers Active Learning Conference 2019 Michael Weingart Rutgers Dept. of Mathematics What is a flipped math course? Students work through video lectures on their own time, before each

480 views • 33 slides
Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11:

Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11:

Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11: Flip-Flops define edge-triggered flip-flops. clock period discuss parameters of flip-flops: setup time, hold time, 1 Computer Structure pulse width

408 views • 8 slides
CS 4100: Artificial Intelligence Informed Search Instructor: Jan-Willem van de Meent [Adapted

CS 4100: Artificial Intelligence Informed Search Instructor: Jan-Willem van de Meent [Adapted

CS 4100: Artificial Intelligence Informed Search Instructor: Jan-Willem van de Meent [Adapted from slides by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley (ai.berkeley.edu).] Announcements Homework k 1: Search (lead TA:

735 views • 71 slides
On the mixing time of the flip walk on triangulations of the sphere Thomas Budzinski ENS Paris

On the mixing time of the flip walk on triangulations of the sphere Thomas Budzinski ENS Paris

On the mixing time of the flip walk on triangulations of the sphere Thomas Budzinski ENS Paris Journes de lANR GRAAL, Nancy 6 Dcembre 2016 Thomas Budzinski Flips on triangulations of the sphere Planar maps Definitions A planar map is

1.24k views • 81 slides
BBM406 Fundamentals of Machine Learning Lecture 7: Probability Review (contd.) Maximum

BBM406 Fundamentals of Machine Learning Lecture 7: Probability Review (contd.) Maximum

photo: Chessex Borealis Aquerple Polyhedral BBM406 Fundamentals of Machine Learning Lecture 7: Probability Review (contd.) Maximum Likelihood Estimation (MLE) Aykut Erdem // Hacettepe University // Fall 2019 Administrative Project

926 views • 53 slides
Flip Flops Lecture 10 CAP 3103 06-18-2014 Uses for State Elements 1. As a place to store

Flip Flops Lecture 10 CAP 3103 06-18-2014 Uses for State Elements 1. As a place to store

Flip Flops Lecture 10 CAP 3103 06-18-2014 Uses for State Elements 1. As a place to store values for some indeterminate amount of time: Register files (like $1-$31 on the MIPS) Memory (caches, and main memory) 2. Help control the

397 views • 23 slides
Arguing a Research Project CS 197 | Stanford University | Michael Bernstein

Arguing a Research Project CS 197 | Stanford University | Michael Bernstein

Arguing a Research Project CS 197 | Stanford University | Michael Bernstein cs197.stanford.edu Administrivia You all have projects and groups at this point. Let us know if thats not the case. Assignment 3 Project Introduction is

741 views • 39 slides
Slides for Lecture 24 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Slides for Lecture 24 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Slides for Lecture 24 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng Electrical & Computer Engineering Schulich School of Engineering University of Calgary 4 November, 2013 slide 2/17 ENEL 353 F13 Section 02 Slides

509 views • 17 slides
Real World Example Big Picture Computer Overview (Chapter 1) Buzzer Feature for a

Real World Example Big Picture Computer Overview (Chapter 1) Buzzer Feature for a

ADMIN Project 1 due Wed Feb 8 No collaboration this time start early & see instructor for help READING SI232 Appendix: Read B.7,B.8,B.9, B.10, and B.12. (skip the Verilog details). Slide Set #8: Digital Logic Finale

455 views • 12 slides
EE 201: Latchtes and fl ip- fl ops Steven Bell 12 February 2019 By the end of class today, you

EE 201: Latchtes and fl ip- fl ops Steven Bell 12 February 2019 By the end of class today, you

EE 201: Latchtes and fl ip- fl ops Steven Bell 12 February 2019 By the end of class today, you should be able to: Compare and contrast an SR latch , D latch , and D fl ip- fl op Given a circuit containing a latch or fl ip- fl op, draw a timing

524 views • 18 slides
Stealthy Attacks In many scenarios, attackers want to keep successful security compromises

Stealthy Attacks In many scenarios, attackers want to keep successful security compromises

FlipThem : Modeling Targeted Attacks with FlipIt for Multiple Resources Aron Laszka 1 , Gabor Horvath 2 , Mark Felegyhazi 2 , and Levente Buttyan 2 1 : Vanderbilt University, Institute for Software Integrated Systems 2 : Budapest University of

547 views • 23 slides
Introduction to 4 Easy Steps That Will Transform Challenging Behavior in Your Early Childhood

Introduction to 4 Easy Steps That Will Transform Challenging Behavior in Your Early Childhood

11/1/2019 Introduction to 4 Easy Steps That Will Transform Challenging Behavior in Your Early Childhood Program www.MoreFLIPIT.org 1 Agenda 1. The story of how FLIP IT began 2. FLIP IT Overview 3. Closer Look at Feelings 4. Quick view

622 views • 18 slides
Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a

Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a

Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a sequence of choices: n i possibilitities for i th choice. Uncertainty does not mean nothing is known Modeling Uncertainty: Probability Space

622 views • 7 slides
The state with the field H perpendicular to the easy magnetization the two sublattices is more

The state with the field H perpendicular to the easy magnetization the two sublattices is more

Spin flop and Spin flop two examples of metamagnetic transitions For and antiferromagnetic compound T N T Zeeman energy in an applied field H , E = - 0HM = - 0H 2 , The state with the field H

408 views • 5 slides
Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I Remember Q Chapter 5 Edge-Triggered 1 3 CSc 314 T W Bennet Mississippi College CSc 314 T W Bennet Mississippi College State

660 views • 14 slides
Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin Heule & Hunt (UT Austin) Local Search Techniques 1 / 8 Local Search: Generic structure Generic structure of local search Sat solvers 1: for i

759 views • 16 slides
SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of:

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of:

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of: Christoph Dobraunig, Maria Eichlseder, Hannes Gro, Thomas Korak, Stefan Mangard, Florian Mendel, Robert Primas Are Protected Implementations Hard to

413 views • 17 slides
Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of

Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of

An Improved Hardware Implementation of the Grain-128a Stream Cipher Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se Overview Motivation

556 views • 24 slides
A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea of Bakers algorithm Dont let the mutator see a white object Cannot disrupt collect During collection each mutator read from

392 views • 16 slides
FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio (UCLouvain) stefano.vissicchio@uclouvain.be INFOCOM 13th April 2016 Joint work with Luca Cittadini (Roma Tre University) SDN controller Operators

812 views • 70 slides
Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Objectives Understand the relationship between Boolean logic and digital computer circuits. Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work together to Boolean Algebra and form

448 views • 19 slides
State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon, Bala, Bracy, and Sirer] Goals for Today State How do we store one bit? Attempts at storing (and changing) one bit - Set-Reset Latch - D Latch

736 views • 38 slides
Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic

Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic

Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic MIPS implementation We examine implementation of the following instructions o The memory-reference instructions load word (lw) and store word

885 views • 19 slides
Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops

Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops

Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops ! Analysis of Clocked Sequential Circuits ! State Reduction and Assignment ! Design Procedure 5-2 1 Sequential Circuits ! Consist of a

595 views • 30 slides

More recommend