A Practical Methodology for Measuring the Side- Channel Signal Available to the Attacker for Instruction- Level Events Robert Callan, Alenka Zajic, and Milos Prvulovic @ MICRO’14 (Paper #48) EECS 573 Sung Kim and Siying Feng 6/7/2017 1 1
Outline • Motivation • Contributions • Technical Details • Experiments • Conclusions • Q&A 6/7/2017 2 2
Motivation Side-channel vulnerabilities are abundant, but badness is unquantified Electromagnetic (EM) Aural Electronic 6/7/2017 3 3
Contributions SAVAT: S ignal Av ailable to At tacker • A definition and measurement methodology for side-channel vulnerability Side-channel Measurement SAVAT System A System B 6/7/2017 4 4
Aside - Differential Power Analysis (DPA) Biases in power data can stem from: • Data-dependent variability • Conditionally-executed code segments Guesses Crypto routine Statistical test about secret data (e.g., private key) 6/7/2017 5 5
Aside - Differential Power Analysis (DPA) E.g., attack on first byte of an AES key [*] One example incorrect hypothesis Correct hypothesis [*] T. Popp, S. Mangard and E. Oswald, "Power Analysis Attacks and Countermeasures," IEEE Design & Test of Computers , 2007. 6/7/2017 6 6
Technical Details 1/3 - SAVAT Definition SAVAT := Difference in signal caused by instruction A versus instruction B 6/7/2017 7 7
Technical Details 2/3 - Implementation Naive implementation 1. Execute code containing instr. A 2. Execute code containing instr. B 3. Compare diff. caused by A v.s. B Problems • Signal strength/noise • Alignment in time • Sampling rate [*] Figure from R. Callan et al., 2014 6/7/2017 8 8
Technical Details 3/3 - Practical Implementation Idea: construct periodic signal based on alternating inst. A and inst. B: [*] Figure from R. Callan et al., 2014 6/7/2017 9 9
Technical Details 3/3 - Practical Implementation Low-freq. signal at “alternation frequency” of instruction loops - low sampling rate Implementation Idea while(1) { for( … ) { Do inst. A } for( … ) { Do inst. B } } [*] Figure from R. Callan et al., 2014 6/7/2017 10 10
Experimental Setup • Single-threaded user mode applications • EM signal measured using • Magnetic loop antenna • Spectrum analyzer • A/B alternation frequency of 80 kHz • Measurement distance of 10 cm • Additional measurements for Core 2 Duo laptop at 50 cm and 100 cm 6/7/2017 11 11 [*] Figure from R. Callan et al., 2014
Experimental Setup • Measure the total received signal power in the frequency band 80 KHz ± 1 KHz • Actual alternation frequency is slightly different • Same-instruction alternation measurements are good estimates of the experimental error 6/7/2017 12 12 [*] Figure from R. Callan et al., 2014
RESULT - SAVAT (zJ) for Core 2 Duo Laptop • SAVAT values extremely small (1 zJ = 10 -21 J) • Many instructions worth of differences are needed for attackers • Large variation in SAVAT among instruction pairs • Some instruction pairs are easier to identify • Average stdev-to-mean ratio is 5% • Experiments are repeatable 6/7/2017 13 13 [*] Figure from R. Callan et al., 2014
RESULT - SAVAT (zJ) for Core 2 Duo Laptop • Four groups of instructions having low intra-group and high inter-group SAVATs • The off-chip access group, the L2 hit group, the arithmetic/L1 group, DIV • L2 store hit more distinguishable than L2 load hit • Off-chip memory access and L2 hits have similar SAVAT 6/7/2017 14 14 [*] Figure from R. Callan et al., 2014
RESULT - SAVAT (zJ) for Pentium 3 M Laptop • Several processor generations older • DIV easier to distinguish from other arithmetic instructions • SAVAT for ADD/DIV 10x higher than Core 2 Duo Core 2 Duo Pentium 3 M • Off-chip access have higher SAVAT than L2 access (LDM > STM) • High-SAVAT of DIV and off-chip • Reduced for Core 2 Duo design 6/7/2017 15 15 [*] Figure from R. Callan et al., 2014
RESULT - SAVAT (zJ) at 50 cm and 100 cm • Significantly lower SAVAT values • Off-chip events have higher SAVAT values than on-chip events 50 cm 100 cm 10 cm 6/7/2017 16 16 [*] Figure from R. Callan et al., 2014
Conclusion • SAVAT • A metric that measures the side channel created by a specific single-instruction difference in program execution • Practical methodology • Only user-level permission and realistic measurement equipments required • Results • Confirm intuitive expectations, e.g. off-chip vs. on-chip • At short distance • DIV has higher SAVAT • LDM/SDM has similar SAVAT as LDL2/STL2 6/7/2017 17 17
Questions? 6/7/2017 18 18
Discussion • Is SAVAT useful? (yes v.s. no) • e.g., codes are usually a combination of different instructions • Is their practical measurement methodology valid? (advantages v.s. pitfalls) • i.e., alternating between loops of inst. A and inst. B • Is SAVAT compatible with multicore systems? Bonus • Is SAVAT practical for modern ISAs? • The number of instructions in x86 ISA is in the order of thousands • Does SAVAT catch data-dependent differences in power? 6/7/2017 19 19
Recommend
More recommend
