SoS Musings #76 - Side-Channel Attacks Continue Emerging

SoS Musings #76 -

Side-Channel Attacks Continue Emerging

A side-channel attack is a security exploit aimed at gathering information from a chip or system, which is accomplished by measuring or analyzing physical properties. According to the National Institute of Standards and Technology (NIST), timing, power consumption, electromagnetic emissions, acoustic emissions, and other observable effects are exploited in these types of attacks. Multiple factors have made side-channel attacks more prevalent. The increasing sensitivity of measuring equipment has made collecting detailed information about a functioning system possible. The growth in computing power and Machine Learning (ML) has also enabled attackers to gain greater meaning from extracted raw data. This increased understanding of the targeted system allows attackers to exploit subtle system changes more effectively. Several side-channel attacks have been discovered and demonstrated in recent years, thus calling for more advanced approaches to blocking such attacks.

A team of researchers developed a "deep learning-based acoustic side-channel attack" with an accuracy rate of over 90 percent in classifying laptop keystrokes recorded by a nearby phone. According to the researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, when trained on keystrokes recorded with the video conferencing software Zoom, an accuracy of 93 percent was reached, which is a new best for the medium. The researchers explained that the ubiquity of keyboard acoustic emanations makes them a readily available attack vector and causes victims to underestimate, and thus not try to hide their output. For example, when typing a password, especially in public, users will typically hide their screen but will do little to mask the sound of their keyboard. To execute the attack, the researchers first conducted experiments with 36 of the Apple MacBook Pro's keys (0-9, a-z), pressing each key 25 times in a row, varying in pressure and the finger used. This information was recorded using both Zoom and a phone in close proximity to the laptop. The next step involved isolating the individual keystrokes and converting them into a mel-spectrogram, on which CoAtNet, a deep learning model, was run to classify the keystroke images.

Researchers from the Ben-Gurion University of the Negev and Cornell University discovered the possibility of recovering secret keys from a device by analyzing video footage of its power LED in a clever side-channel attack. They found that cryptographic computations conducted by the CPU alter the device's power consumption, which impacts the power LED’s brightness. Through this observation, threat actors can use video camera devices such as an iPhone 13 or an Internet-connected surveillance camera to extract the cryptographic keys from a smart card reader. Video-based cryptanalysis is achieved by getting video footage of rapid changes in an LED's brightness and using the rolling shutter effect of the video camera to capture the physical emanations. In a simulated test, the method enabled the recovery of a 256-bit ECDSA key from a smart card by analyzing video footage of the power LED flickering using a compromised Internet-connected security camera.

Researchers from Tsinghua University, the University of Maryland, and a computer lab (BUPT) operated by the Chinese Ministry of Education discovered a new side-channel attack affecting multiple generations of Intel CPUs that allows data to be leaked via the EFLAGS register. The attack differs from most other side-channel attacks because it exploits a vulnerability in transient execution that makes it possible to extract secret data from user memory space using timing analysis, as opposed to relying on the cache system. The side-channel attack involves a flaw in the change of the EFLAGS register in transient execution, which affects the timing of JCC (jump on condition code) instructions. The EFLAGS register is a CPU register containing flags related to the processor's state, whereas the JCC instruction, a CPU instruction, enables conditional branching based on the content of the EFLAGS register. The attack is conducted in two phases: first, to initiate transient execution and encode secret data via the EFLAGS register, and second, to measure the execution time of the JCC instruction in order to decode the data. The experimental data revealed that the attack had a 100 percent data retrieval (leak) rate for the Intel i7-6700 and Intel i7-7700 CPUs and had some success against the newer Intel i9-10980XE CPU.

By monitoring chip temperature, power, and frequency during normal operation, a team of security researchers, with funding from the Defense Advanced Research Projects Agency (DARPA) and the US Air Force, was able to steal data from Arm CPUs from Apple and Qualcomm, discrete GPUs from Nvidia and AMD, and integrated graphics in Intel and Apple chips. The attack requires data from the PC's internal power, temperature, and frequency sensors. This information can be accessed from local user accounts that do not have administrator access. The team's current attack method serves as a Proof-of-Concept (PoC). Data exfiltration rates are extremely low with the current method, and if a user had direct access to the system, as is required in this instance, they would likely go after easier attack surfaces. However, the researchers acknowledge that additional work could accelerate the process. In their paper titled "Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs," the researchers demonstrate the side-channel attack. 

Through the analysis of the processor's energy consumption, researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel technique named "Collide+Power" that enables attackers to read data from the memory of CPUs. The adversary stores a data package on a CPU segment in this attack. In the second phase, malicious code causes the attacker's data to be overwritten with the targeted data. This overwriting consumes power, and the greater the difference between the two data packages, the more power is consumed. The process is repeated thousands of times, each time with minimally different attacker data packages to be overwritten. The targeted data package can be derived from the variations in power consumption that occur throughout this process.

Approaches to security that completely block side-channel attacks are so computationally costly that they are impractical for many real-world systems. Therefore, engineers often use obfuscation schemes that aim to limit, but not eliminate, an attacker's ability to learn secret information. In order to help engineers and scientists gain greater insight into the effectiveness of various obfuscation schemes, MIT researchers developed a framework called “Metior” to quantitatively evaluate how much information an attacker could learn from a victim program with an implemented obfuscation scheme. Their framework helps examine how different victim programs, attacker strategies, and obfuscation scheme configurations impact how much sensitive information is leaked. Engineers developing microprocessors could use the framework to evaluate the effectiveness of multiple security schemes and determine the most promising architecture early in the design process. Metior is considered a simulation sandbox where chip designers and other engineers can determine, based on their use case, what combination of defenses maximizes their protection against side-channel attacks.

Side-channel attacks are notoriously difficult to defend against as they are difficult to detect in action and typically do not leave behind any traces. Therefore, it is essential to continue researching and devising preventative measures.