Saved in:
Bibliographic Details
Main Authors: Chawla, Nikhil, Liu, Chen, Chakraborty, Abhishek, Chervatyuk, Igor, Sun, Ke, Hamasaki, Thais Moreira, Kawakami, Henrique
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2306.16391
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929528433016832
author Chawla, Nikhil
Liu, Chen
Chakraborty, Abhishek
Chervatyuk, Igor
Sun, Ke
Hamasaki, Thais Moreira
Kawakami, Henrique
author_facet Chawla, Nikhil
Liu, Chen
Chakraborty, Abhishek
Chervatyuk, Igor
Sun, Ke
Hamasaki, Thais Moreira
Kawakami, Henrique
contents Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode application successfully recovers bytes from an AES encryption key from a cryptographic service supported by a kernel mode driver in MacOS. We have also studied the feasibility of performing frequency throttling side-channel attack on Apple silicon. Furthermore, we discuss the impact of software-based power side-channels in the industry, possible countermeasures, and the overall implications of software interfaces for modern on-chip power management systems.
format Preprint
id arxiv_https___arxiv_org_abs_2306_16391
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems
Chawla, Nikhil
Liu, Chen
Chakraborty, Abhishek
Chervatyuk, Igor
Sun, Ke
Hamasaki, Thais Moreira
Kawakami, Henrique
Cryptography and Security
Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode application successfully recovers bytes from an AES encryption key from a cryptographic service supported by a kernel mode driver in MacOS. We have also studied the feasibility of performing frequency throttling side-channel attack on Apple silicon. Furthermore, we discuss the impact of software-based power side-channels in the industry, possible countermeasures, and the overall implications of software interfaces for modern on-chip power management systems.
title Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems
topic Cryptography and Security
url https://arxiv.org/abs/2306.16391