Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2306.16391 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866929528433016832 |
|---|---|
| author | Chawla, Nikhil Liu, Chen Chakraborty, Abhishek Chervatyuk, Igor Sun, Ke Hamasaki, Thais Moreira Kawakami, Henrique |
| author_facet | Chawla, Nikhil Liu, Chen Chakraborty, Abhishek Chervatyuk, Igor Sun, Ke Hamasaki, Thais Moreira Kawakami, Henrique |
| contents | Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode application successfully recovers bytes from an AES encryption key from a cryptographic service supported by a kernel mode driver in MacOS. We have also studied the feasibility of performing frequency throttling side-channel attack on Apple silicon. Furthermore, we discuss the impact of software-based power side-channels in the industry, possible countermeasures, and the overall implications of software interfaces for modern on-chip power management systems. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2306_16391 |
| institution | arXiv |
| publishDate | 2023 |
| record_format | arxiv |
| spellingShingle | Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems Chawla, Nikhil Liu, Chen Chakraborty, Abhishek Chervatyuk, Igor Sun, Ke Hamasaki, Thais Moreira Kawakami, Henrique Cryptography and Security Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode application successfully recovers bytes from an AES encryption key from a cryptographic service supported by a kernel mode driver in MacOS. We have also studied the feasibility of performing frequency throttling side-channel attack on Apple silicon. Furthermore, we discuss the impact of software-based power side-channels in the industry, possible countermeasures, and the overall implications of software interfaces for modern on-chip power management systems. |
| title | Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2306.16391 |