A Practical Methodology for Measuring the Side- Channel Signal - - PowerPoint PPT Presentation

a practical methodology for measuring the side channel
SMART_READER_LITE
LIVE PREVIEW

A Practical Methodology for Measuring the Side- Channel Signal - - PowerPoint PPT Presentation

Oct 29, 2023 155 likes •354 views

A Practical Methodology for Measuring the Side- Channel Signal Available to the Attacker for Instruction- Level Events Robert Callan, Alenka Zajic, and Milos Prvulovic @ MICRO14 (Paper #48) EECS 573 Sung Kim and Siying Feng 6/7/2017 1 1

slide-1
SLIDE 1

6/7/2017 1

A Practical Methodology for Measuring the Side- Channel Signal Available to the Attacker for Instruction- Level Events

Robert Callan, Alenka Zajic, and Milos Prvulovic @ MICRO’14 (Paper #48) EECS 573 Sung Kim and Siying Feng

1

slide-2
SLIDE 2

6/7/2017 2

Outline

  • Motivation
  • Contributions
  • Technical Details
  • Experiments
  • Conclusions
  • Q&A

2

slide-3
SLIDE 3

6/7/2017 3

Motivation

Side-channel vulnerabilities are abundant, but badness is unquantified Electromagnetic (EM) Aural Electronic

3

slide-4
SLIDE 4

6/7/2017 4

Contributions

SAVAT: Signal Available to Attacker

  • A definition and measurement methodology for side-channel vulnerability

System A System B Measurement SAVAT Side-channel

4

slide-5
SLIDE 5

6/7/2017 5

Aside - Differential Power Analysis (DPA)

Biases in power data can stem from:

  • Data-dependent variability
  • Conditionally-executed code segments

Crypto routine Guesses about secret data (e.g., private key) Statistical test

5

slide-6
SLIDE 6

6/7/2017 6

Aside - Differential Power Analysis (DPA)

E.g., attack on first byte of an AES key [*]

[*] T. Popp, S. Mangard and E. Oswald, "Power Analysis Attacks and Countermeasures," IEEE Design & Test of Computers, 2007.

One example incorrect hypothesis Correct hypothesis

6

slide-7
SLIDE 7

6/7/2017 7

SAVAT := Difference in signal caused by instruction A versus instruction B Technical Details 1/3 - SAVAT Definition

7

slide-8
SLIDE 8

6/7/2017 8

Technical Details 2/3 - Implementation

Naive implementation

  • 1. Execute code containing instr. A
  • 2. Execute code containing instr. B
  • 3. Compare diff. caused by A v.s. B

[*] Figure from R. Callan et al., 2014

8

Problems

  • Signal strength/noise
  • Alignment in time
  • Sampling rate
slide-9
SLIDE 9

6/7/2017 9

Technical Details 3/3 - Practical Implementation

Idea: construct periodic signal based on alternating inst. A and inst. B:

[*] Figure from R. Callan et al., 2014

9

slide-10
SLIDE 10

6/7/2017 10

Technical Details 3/3 - Practical Implementation

Low-freq. signal at “alternation frequency” of instruction loops - low sampling rate

[*] Figure from R. Callan et al., 2014 while(1) { for( … ) { Do inst. A } for( … ) { Do inst. B } }

Implementation Idea

10

slide-11
SLIDE 11

6/7/2017 11

Experimental Setup

  • Single-threaded user mode applications
  • EM signal measured using
  • Magnetic loop antenna
  • Spectrum analyzer
  • A/B alternation frequency of 80 kHz
  • Measurement distance of 10 cm
  • Additional measurements for Core 2 Duo

laptop at 50 cm and 100 cm

11

[*] Figure from R. Callan et al., 2014

slide-12
SLIDE 12

6/7/2017 12

Experimental Setup

  • Measure the total received signal power in the

frequency band 80 KHz ± 1 KHz

  • Actual alternation frequency is slightly different
  • Same-instruction alternation measurements

are good estimates of the experimental error

12

[*] Figure from R. Callan et al., 2014

slide-13
SLIDE 13

6/7/2017 13

RESULT - SAVAT (zJ) for Core 2 Duo Laptop

  • SAVAT values extremely small (1 zJ = 10-21J)
  • Many instructions worth of differences are needed for attackers
  • Large variation in SAVAT among instruction pairs
  • Some instruction pairs are easier to identify
  • Average stdev-to-mean ratio is 5%
  • Experiments are repeatable

13

[*] Figure from R. Callan et al., 2014

slide-14
SLIDE 14

6/7/2017 14

RESULT - SAVAT (zJ) for Core 2 Duo Laptop

  • Four groups of instructions having low

intra-group and high inter-group SAVATs

  • The off-chip access group, the L2 hit group,

the arithmetic/L1 group, DIV

  • L2 store hit more distinguishable than L2

load hit

  • Off-chip memory access and L2 hits have

similar SAVAT

14

[*] Figure from R. Callan et al., 2014

slide-15
SLIDE 15

6/7/2017 15

RESULT - SAVAT (zJ) for Pentium 3 M Laptop

  • Several processor generations older
  • DIV easier to distinguish from other arithmetic

instructions

  • SAVAT for ADD/DIV 10x higher than Core 2 Duo
  • Off-chip access have higher SAVAT than L2

access (LDM > STM)

  • High-SAVAT of DIV and off-chip
  • Reduced for Core 2 Duo design

[*] Figure from R. Callan et al., 2014

15

Core 2 Duo Pentium 3 M

slide-16
SLIDE 16

6/7/2017 16

RESULT - SAVAT (zJ) at 50 cm and 100 cm

  • Significantly lower SAVAT values
  • Off-chip events have higher SAVAT values

than on-chip events

16

10 cm 50 cm 100 cm

[*] Figure from R. Callan et al., 2014

slide-17
SLIDE 17

6/7/2017 17

Conclusion

  • SAVAT
  • A metric that measures the side channel created by a specific single-instruction difference in

program execution

  • Practical methodology
  • Only user-level permission and realistic measurement equipments required
  • Results
  • Confirm intuitive expectations, e.g. off-chip vs. on-chip
  • At short distance
  • DIV has higher SAVAT
  • LDM/SDM has similar SAVAT as LDL2/STL2

17

slide-18
SLIDE 18

6/7/2017 18

Questions?

18

slide-19
SLIDE 19

6/7/2017 19

Discussion

  • Is SAVAT useful? (yes v.s. no)
  • e.g., codes are usually a combination of different instructions
  • Is their practical measurement methodology valid? (advantages v.s. pitfalls)
  • i.e., alternating between loops of inst. A and inst. B
  • Is SAVAT compatible with multicore systems?

Bonus

  • Is SAVAT practical for modern ISAs?
  • The number of instructions in x86 ISA is in the order of thousands
  • Does SAVAT catch data-dependent differences in power?

19