on device power analysis across hardware security domains
play

On-Device Power Analysis Across Hardware Security Domains Colin - PowerPoint PPT Presentation

Dec 15, 2022 •233 likes •674 views

On-Device Power Analysis Across Hardware Security Domains Colin OFlynn , Alex Dewar Dalhousie University CHES 2019 - Atlanta, Georgia 1 What am I doing for next 17 mins (in 42 slides)? Introduction Remote & Cross-Domain Attacks

  1. On-Device Power Analysis Across Hardware Security Domains Colin O’Flynn , Alex Dewar Dalhousie University CHES 2019 - Atlanta, Georgia 1

  2. What am I doing for next 17 mins (in 42 slides)? • Introduction Remote & Cross-Domain Attacks • Attacker Model, TrustZone-M, and SAML11 • Basic CPA Attack on SAML11, bit depth / sample rate effect • Internal regulator attack experiments • Attacking a standard SAML11 development kit • Countermeasures CHES 2019 - Atlanta, Georgia 2

  3. On-Device Power Analysis CHES 2019 - Atlanta, Georgia 3

  4. Introducing… TrustZone-M CHES 2019 - Atlanta, Georgia 4

  5. On-Device Power Analysis across Hardware Security Boundaries CHES 2019 - Atlanta, Georgia 5

  6. Specific Implementation Example • SAML11  One of first M23 cores available on market (June 2018) • Original datasheet (since changed) made an interesting claim… CHES 2019 - Atlanta, Georgia 6

  7. Product Usage of TrustZone-M / SAML11 • When starting work no products on market used the SAML11 • Made some assumptions about design of products, backed up by datasheet examples: CHES 2019 - Atlanta, Georgia 7

  8. Assumptions / Attacker Powers • Attacker must have previously performed an attack to gain code execution on the non-secure space (or otherwise has such access). • Attacker can run considerable amount of tests / data recovery. • We can consider a remote attacker as in- scope… realistically we will look at “quasi - remote”. • Quasi-remote means not full system access (cannot do DPA at board-level), but perhaps has debugger/communication access. CHES 2019 - Atlanta, Georgia 8

  9. Example of “Quasi - Remote” Attacker Threat • Unlocking ECUs is big business. • Requiring tuners to solder to PCB & capture power traces is a large hurdle. • But requiring them to plug in a debug connector is very much “in - scope” for these attacks. • If DPA attack runs in reasonable time, allows tuners to perform such attacks even with unique keys. CHES 2019 - Atlanta, Georgia 9

  10. TrustZone-A Attacks 1. General remote attacks presented by Bernstein [Ber05]. 2. Arm Cache-timing attacks used to break TrustZone-A [LGS+16], [ZSS+16], [ZSS+18], [LW19], [NCC18]. 3. Remote fault attacks also demonstrated on TrustZone-A, such as RowHammer shown on TrustZone-A by [Car17] and CLKscrew [TSS17]. CHES 2019 - Atlanta, Georgia 10

  11. “Remote” Side -Channel Attacks • Cortex-M frequently lack a true cache, making cache-timing attacks difficult. • Previous work on side-channel power analysis done with a ‘remote’ threat model includes: 1. Building voltage-monitoring circuitry on a shared FPGA fabric ([SGMT18b] initially, [RPD+18] and [ZS18] show follow-on). 2. Using on-board ADC of a microcontroller [GKT19]. May require very large set of data transferred out! CHES 2019 - Atlanta, Georgia 11

  12. “Nearby” Side -Channel Attacks • Measuring voltage on I/O pin leaks information [SPK+10]. • Band-limited signal measured on switch- mode “line” side can be used for AES attack [SLT16]. • Band-limited radio signals have been previously used in attacking RSA/asymmetric [GST14], [GPPT15]. • Recently AES attacked with radio signal leakage [CPM+18]. CHES 2019 - Atlanta, Georgia 12

  13. Part 1 – External CPA Attack CHES 2019 - Atlanta, Georgia 13

  14. AES Accelerator Attack CHES 2019 - Atlanta, Georgia 14

  15. CHES 2019 - Atlanta, Georgia 15

  16. AES Accelerator Attack CHES 2019 - Atlanta, Georgia 16

  17. Effective Bit Depth of Samples? CHES 2019 - Atlanta, Georgia 17

  18. Adjusting Bit Depth CHES 2019 - Atlanta, Georgia 18

  19. Sample Rate Reduction due to Internal ADC CLKcore Busy State Sample CHES 2019 - Atlanta, Georgia 19

  20. Synchronous Sampling Mode ADC clock (even when under sampling) is still fully synchronous. Sample point does not have time jitter relative to clock edge. Similar sample rate measured without clock synchronization will have very substantial jitter due to minor frequency mismatches. CHES 2019 - Atlanta, Georgia 20

  21. Adjusting Sample Rate CHES 2019 - Atlanta, Georgia 21

  22. Part 2 – On-Board Attack Segger RTT (JTAG data transfer) ~1100 traces/second CHES 2019 - Atlanta, Georgia 22

  23. Test Boards Expected reduction of SNR from A  D CHES 2019 - Atlanta, Georgia 23

  24. Test A – Highest SNR CHES 2019 - Atlanta, Georgia 24

  25. Sidenote about Internal Regulators Does not react to fast transients, external decoupling capacitor required in most devices. CHES 2019 - Atlanta, Georgia 25

  26. Sidenote about Internal Regulators Majority of high-freq currents flowing from capacitor. CHES 2019 - Atlanta, Georgia 26

  27. Sidenote about Internal Regulators Regulator recharges capacitor (shows up as noise). CHES 2019 - Atlanta, Georgia 27

  28. CHES 2019 - Atlanta, Georgia 28

  29. Clock Cycle Offset for AES to Measurement CLKcore Busy State Sample CHES 2019 - Atlanta, Georgia 29

  30. Guessing Entropy & Cycle Offset Cycle offset from AES call to start of sampling. PGE of byte after 200K samples (considering all output samples, not selecting best leakage points). CHES 2019 - Atlanta, Georgia 30

  31. Board ‘B’ CHES 2019 - Atlanta, Georgia 31

  32. CHES 2019 - Atlanta, Georgia 32

  33. Board C/D  Dev Kit CHES 2019 - Atlanta, Georgia 33

  34. Part 3 - Development Kit Attack CHES 2019 - Atlanta, Georgia 34

  35. CHES 2019 - Atlanta, Georgia 35

  36. Finding Leakage – TVLA Testing Aligns with peak from CPA results Caveat: Due to strong down-sampling, hard to focus T-Test on middle 1/3 of AES only CHES 2019 - Atlanta, Georgia 36

  37. Switching Power Supply Mode CHES 2019 - Atlanta, Georgia 37

  38. Switching Power Supply Mode High Pass Filter CHES 2019 - Atlanta, Georgia 38

  39. TVLA of Switching Regulator CHES 2019 - Atlanta, Georgia 39

  40. CHES 2019 - Atlanta, Georgia 40

  41. Cross-Domain Attacks • Cross-domain attack uses availability of peripherals in non-secure world to attack secure world. • A remote exploit in non-secure world could be used to recover data from secure world. • Requires lots of data (~160 000 000 traces, 5GB). • Is ‘remote’ plausible  Not convinced. • Is ‘nearby’ plausible  Yes. • Countermeasures include: • Moving peripherals to secure world (caveat – we don’t want some libs in non -secure). • Validating environment (caveat – secure code cannot touch non-secure). CHES 2019 - Atlanta, Georgia 41

  42. Availability of Datasets, Code, Etc https://github.com/colinoflynn/xdomain-dpa-m23 • 520M+ trace sets • 285GB of data files… CHES 2019 - Atlanta, Georgia 42

  43. Thank-You and Questions https://github.com/colinoflynn/xdomain-dpa-m23 Email: colin@oflynn.com (Colin) adewar@dal.ca (Alex) Twitter: @colinoflynn Thank you to many reviews & notes from those that wished to remain anonymous. CHES 2019 - Atlanta, Georgia 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Outline Faculty of Computer Science Institute for System Architecture, Operating Systems Group What's so different about device drivers? Hardware access Writing device drivers on L4 Reuse of legacy drivers Hardware and Device

619 views • 12 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017 Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage,

763 views • 63 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different about device drivers? Hardware access Writing device

634 views • 45 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device Programs Windows Engineering Guidance Focused on documenting guidance to build products that deliver best in class user experience WEG Hardware

790 views • 55 slides
CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar Associate Professor Department of Electronics & Communication Engineering Overview 2 Introduction Computation of mutual inductance for square

967 views • 65 slides
Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: @eshardNews Tools: Side Channel / Code Analysis Consultancy https://www.eshard.com Audit contact@eshard.com Training

752 views • 54 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation

Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation

Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation Silvaco TCAD Background TCAD simulation leader since 1987 Power device 2D TCAD simulation leader since 1992 Power device 3D TCAD simulation

1.16k views • 72 slides
Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us) Tradeoffs: Power vs performance vs reliability (Also: thermals & variability) Need models to reason about designs at many levels:

431 views • 10 slides
Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1 How do we talk to Hardware? Through Device Controllers I/O devices have components: mechanical component electronic component The

494 views • 24 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
New CP (and T) Tests in Low-Energy Hadronic Processes Susan Gardner Department of Physics and

New CP (and T) Tests in Low-Energy Hadronic Processes Susan Gardner Department of Physics and

New CP (and T) Tests in Low-Energy Hadronic Processes Susan Gardner Department of Physics and Astronomy University of Kentucky Lexington, KY 40506 gardner@pa.uky.edu Known Flavor and CP Violation are CKM-like [ 2013 update (th+exp) of Laiho,

367 views • 36 slides
Cryptography: an Efficiency and Security Analysis http://eprint.iacr.org/2014/130.pdf Craig

Cryptography: an Efficiency and Security Analysis http://eprint.iacr.org/2014/130.pdf Craig

Selecting Elliptic Curves for Cryptography: an Efficiency and Security Analysis http://eprint.iacr.org/2014/130.pdf Craig Costello ECC2014 Chennai, India Joint work with Joppe Bos (NXP), Patrick Longa (MSR), Michael Naehrig (MSR) June 2013

1.04k views • 56 slides
40th Anniversary Midwest Representation Theory Conference University of Chicago September 5-7,

40th Anniversary Midwest Representation Theory Conference University of Chicago September 5-7,

40th Anniversary Midwest Representation Theory Conference University of Chicago September 5-7, 2014 ON UNITARIZABILITY AND REDUCIBILITY MARKO TADI C To the 65 th birthday of Rebecca A. Herb, and the memory of Paul J. Sally, Jr. The work of

512 views • 17 slides
Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische Universiteit Eindhoven Radboud University 08 September 2016 Cryptography Motivation #1: Communication channels are spying on our data.

1.34k views • 117 slides
Instructional Webinar: What, how, and where to enter the RAMP Competition William (Bill)

Instructional Webinar: What, how, and where to enter the RAMP Competition William (Bill)

Instructional Webinar: What, how, and where to enter the RAMP Competition William (Bill) Bernstein, PhD Mohan Krishnamoorthy wzb@nist.gov PhD Candidate Systems Integration Division Department of Computer Science National Institute of

335 views • 31 slides
The image shows horseshoe crabs (HSCs) being bled in a biomedical laboratory. Notice that the

The image shows horseshoe crabs (HSCs) being bled in a biomedical laboratory. Notice that the

The image shows horseshoe crabs (HSCs) being bled in a biomedical laboratory. Notice that the needle has been inserted through the middle (hinge) area of the HSC and into its heart. 1 Note: The HSC heart doesnt pump like a human heart, so

629 views • 34 slides
Software Engineering Writing Intensive Dr. Barry Wittman Not Dr. Barry Whitman

Software Engineering Writing Intensive Dr. Barry Wittman Not Dr. Barry Whitman

Software Engineering Writing Intensive Dr. Barry Wittman Not Dr. Barry Whitman Education: PhD and MS in Computer Science, Purdue University BS in Computer Science, Morehouse College Hobbies: Reading, writing

590 views • 47 slides
Defending your DNS in a post-Kaminsky world Paul Wouters <paul@xelerance.com> Vendor and

Defending your DNS in a post-Kaminsky world Paul Wouters <paul@xelerance.com> Vendor and

Defending your DNS in a post-Kaminsky world Paul Wouters <paul@xelerance.com> Vendor and NGO's involved Two phase deployment First release a generic fix for the Kaminsky attack that does not leak information to the bad guys (source

819 views • 81 slides

More recommend