on device power analysis across hardware security domains
play

On-Device Power Analysis Across Hardware Security Domains Colin - PowerPoint PPT Presentation

Dec 15, 2022 •233 likes •674 views

On-Device Power Analysis Across Hardware Security Domains Colin OFlynn , Alex Dewar Dalhousie University CHES 2019 - Atlanta, Georgia 1 What am I doing for next 17 mins (in 42 slides)? Introduction Remote & Cross-Domain Attacks

  1. On-Device Power Analysis Across Hardware Security Domains Colin O’Flynn , Alex Dewar Dalhousie University CHES 2019 - Atlanta, Georgia 1

  2. What am I doing for next 17 mins (in 42 slides)? • Introduction Remote & Cross-Domain Attacks • Attacker Model, TrustZone-M, and SAML11 • Basic CPA Attack on SAML11, bit depth / sample rate effect • Internal regulator attack experiments • Attacking a standard SAML11 development kit • Countermeasures CHES 2019 - Atlanta, Georgia 2

  3. On-Device Power Analysis CHES 2019 - Atlanta, Georgia 3

  4. Introducing… TrustZone-M CHES 2019 - Atlanta, Georgia 4

  5. On-Device Power Analysis across Hardware Security Boundaries CHES 2019 - Atlanta, Georgia 5

  6. Specific Implementation Example • SAML11  One of first M23 cores available on market (June 2018) • Original datasheet (since changed) made an interesting claim… CHES 2019 - Atlanta, Georgia 6

  7. Product Usage of TrustZone-M / SAML11 • When starting work no products on market used the SAML11 • Made some assumptions about design of products, backed up by datasheet examples: CHES 2019 - Atlanta, Georgia 7

  8. Assumptions / Attacker Powers • Attacker must have previously performed an attack to gain code execution on the non-secure space (or otherwise has such access). • Attacker can run considerable amount of tests / data recovery. • We can consider a remote attacker as in- scope… realistically we will look at “quasi - remote”. • Quasi-remote means not full system access (cannot do DPA at board-level), but perhaps has debugger/communication access. CHES 2019 - Atlanta, Georgia 8

  9. Example of “Quasi - Remote” Attacker Threat • Unlocking ECUs is big business. • Requiring tuners to solder to PCB & capture power traces is a large hurdle. • But requiring them to plug in a debug connector is very much “in - scope” for these attacks. • If DPA attack runs in reasonable time, allows tuners to perform such attacks even with unique keys. CHES 2019 - Atlanta, Georgia 9

  10. TrustZone-A Attacks 1. General remote attacks presented by Bernstein [Ber05]. 2. Arm Cache-timing attacks used to break TrustZone-A [LGS+16], [ZSS+16], [ZSS+18], [LW19], [NCC18]. 3. Remote fault attacks also demonstrated on TrustZone-A, such as RowHammer shown on TrustZone-A by [Car17] and CLKscrew [TSS17]. CHES 2019 - Atlanta, Georgia 10

  11. “Remote” Side -Channel Attacks • Cortex-M frequently lack a true cache, making cache-timing attacks difficult. • Previous work on side-channel power analysis done with a ‘remote’ threat model includes: 1. Building voltage-monitoring circuitry on a shared FPGA fabric ([SGMT18b] initially, [RPD+18] and [ZS18] show follow-on). 2. Using on-board ADC of a microcontroller [GKT19]. May require very large set of data transferred out! CHES 2019 - Atlanta, Georgia 11

  12. “Nearby” Side -Channel Attacks • Measuring voltage on I/O pin leaks information [SPK+10]. • Band-limited signal measured on switch- mode “line” side can be used for AES attack [SLT16]. • Band-limited radio signals have been previously used in attacking RSA/asymmetric [GST14], [GPPT15]. • Recently AES attacked with radio signal leakage [CPM+18]. CHES 2019 - Atlanta, Georgia 12

  13. Part 1 – External CPA Attack CHES 2019 - Atlanta, Georgia 13

  14. AES Accelerator Attack CHES 2019 - Atlanta, Georgia 14

  15. CHES 2019 - Atlanta, Georgia 15

  16. AES Accelerator Attack CHES 2019 - Atlanta, Georgia 16

  17. Effective Bit Depth of Samples? CHES 2019 - Atlanta, Georgia 17

  18. Adjusting Bit Depth CHES 2019 - Atlanta, Georgia 18

  19. Sample Rate Reduction due to Internal ADC CLKcore Busy State Sample CHES 2019 - Atlanta, Georgia 19

  20. Synchronous Sampling Mode ADC clock (even when under sampling) is still fully synchronous. Sample point does not have time jitter relative to clock edge. Similar sample rate measured without clock synchronization will have very substantial jitter due to minor frequency mismatches. CHES 2019 - Atlanta, Georgia 20

  21. Adjusting Sample Rate CHES 2019 - Atlanta, Georgia 21

  22. Part 2 – On-Board Attack Segger RTT (JTAG data transfer) ~1100 traces/second CHES 2019 - Atlanta, Georgia 22

  23. Test Boards Expected reduction of SNR from A  D CHES 2019 - Atlanta, Georgia 23

  24. Test A – Highest SNR CHES 2019 - Atlanta, Georgia 24

  25. Sidenote about Internal Regulators Does not react to fast transients, external decoupling capacitor required in most devices. CHES 2019 - Atlanta, Georgia 25

  26. Sidenote about Internal Regulators Majority of high-freq currents flowing from capacitor. CHES 2019 - Atlanta, Georgia 26

  27. Sidenote about Internal Regulators Regulator recharges capacitor (shows up as noise). CHES 2019 - Atlanta, Georgia 27

  28. CHES 2019 - Atlanta, Georgia 28

  29. Clock Cycle Offset for AES to Measurement CLKcore Busy State Sample CHES 2019 - Atlanta, Georgia 29

  30. Guessing Entropy & Cycle Offset Cycle offset from AES call to start of sampling. PGE of byte after 200K samples (considering all output samples, not selecting best leakage points). CHES 2019 - Atlanta, Georgia 30

  31. Board ‘B’ CHES 2019 - Atlanta, Georgia 31

  32. CHES 2019 - Atlanta, Georgia 32

  33. Board C/D  Dev Kit CHES 2019 - Atlanta, Georgia 33

  34. Part 3 - Development Kit Attack CHES 2019 - Atlanta, Georgia 34

  35. CHES 2019 - Atlanta, Georgia 35

  36. Finding Leakage – TVLA Testing Aligns with peak from CPA results Caveat: Due to strong down-sampling, hard to focus T-Test on middle 1/3 of AES only CHES 2019 - Atlanta, Georgia 36

  37. Switching Power Supply Mode CHES 2019 - Atlanta, Georgia 37

  38. Switching Power Supply Mode High Pass Filter CHES 2019 - Atlanta, Georgia 38

  39. TVLA of Switching Regulator CHES 2019 - Atlanta, Georgia 39

  40. CHES 2019 - Atlanta, Georgia 40

  41. Cross-Domain Attacks • Cross-domain attack uses availability of peripherals in non-secure world to attack secure world. • A remote exploit in non-secure world could be used to recover data from secure world. • Requires lots of data (~160 000 000 traces, 5GB). • Is ‘remote’ plausible  Not convinced. • Is ‘nearby’ plausible  Yes. • Countermeasures include: • Moving peripherals to secure world (caveat – we don’t want some libs in non -secure). • Validating environment (caveat – secure code cannot touch non-secure). CHES 2019 - Atlanta, Georgia 41

  42. Availability of Datasets, Code, Etc https://github.com/colinoflynn/xdomain-dpa-m23 • 520M+ trace sets • 285GB of data files… CHES 2019 - Atlanta, Georgia 42

  43. Thank-You and Questions https://github.com/colinoflynn/xdomain-dpa-m23 Email: colin@oflynn.com (Colin) adewar@dal.ca (Alex) Twitter: @colinoflynn Thank you to many reviews & notes from those that wished to remain anonymous. CHES 2019 - Atlanta, Georgia 43

Recommend

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Outline Faculty of Computer Science Institute for System Architecture, Operating Systems Group What's so different about device drivers? Hardware access Writing device drivers on L4 Reuse of legacy drivers Hardware and Device

619 views • 12 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017 Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage,

763 views • 63 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different about device drivers? Hardware access Writing device

634 views • 45 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device Programs Windows Engineering Guidance Focused on documenting guidance to build products that deliver best in class user experience WEG Hardware

790 views • 55 slides
CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar Associate Professor Department of Electronics & Communication Engineering Overview 2 Introduction Computation of mutual inductance for square

967 views • 65 slides
Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: @eshardNews Tools: Side Channel / Code Analysis Consultancy https://www.eshard.com Audit contact@eshard.com Training

752 views • 54 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation

Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation

Power Device Physics Revealed TCAD for Power Device Technologies 2D and 3D TCAD Simulation Silvaco TCAD Background TCAD simulation leader since 1987 Power device 2D TCAD simulation leader since 1992 Power device 3D TCAD simulation

1.16k views • 72 slides
Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us) Tradeoffs: Power vs performance vs reliability (Also: thermals & variability) Need models to reason about designs at many levels:

431 views • 10 slides
Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1

Input/Output 1 Range of I/O Hardware Some typical device, network, and data base rates 2 1 How do we talk to Hardware? Through Device Controllers I/O devices have components: mechanical component electronic component The

494 views • 24 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

LECTURE IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE Program Runtime Attacks Wireless Security Side Channels CONNECTED DEVICES Thread Intelligence Secure Group Communication

1.04k views • 6 slides
How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What

How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What

How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What is a device driver? Software that handles or manages a hardware controller for a particular device! What is a Controller? Is a piece of hardware

624 views • 31 slides
www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
Exploring the Effect of Device Aging on Static Power Analysis Attacks Naghmeh Karimi 1 , Thorben

Exploring the Effect of Device Aging on Static Power Analysis Attacks Naghmeh Karimi 1 , Thorben

RUHR-UNIVERSITT BOCHUM Exploring the Effect of Device Aging on Static Power Analysis Attacks Naghmeh Karimi 1 , Thorben Moos 2 and Amir Moradi 2 1 University of Maryland, Baltimore County, USA 2 Ruhr University Bochum, Horst Grtz Institute for

506 views • 50 slides
MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso

MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso

MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso Mascareas Gonzlez Youcef Bouchebaba Luca Santinelli GEN-F178-3 (GEN-SCI-029) PLAN 1. Objectives 2. Background 3. Multicore device 4.

491 views • 21 slides
Power Aware low-power systems Techniques: In the last few years, hardware was largely

Power Aware low-power systems Techniques: In the last few years, hardware was largely

Introduction: The decade of Universidade do Minho Departamento de Informtica Power Aware A wide range of current and new technologies employ Power Aware low-power systems Techniques: In the last few years, hardware was largely

188 views • 5 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

Attacker Models for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1 Security-sensitive hardware: examples 2 Naive attacker model Attacks on communication channels exploiting lousy crypto or insecure

904 views • 45 slides

More recommend