Comparison of side-channel leakage on Rich and Trusted Execution Environments

Leignac, Paul; Potin, Olivier; Rigaud, Jean-Baptiste; Dutertre, Jean-Max; Pontié, S.

doi:10.1145/3304080.3304084

Cited by 10 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…So as to Leignac et al [37], the Trusted Execution Environment (TEE) was created to improve security within the SoC based on the ARM architecture. It offers a compromise between the functionality of the Rich Operating System (Rich OS), such as Android, and the safety of a Secure Element (SE).…”

Section: Using Encryption On Androidmentioning

confidence: 99%

Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware

et al. 2020

View full text Add to dashboard Cite

This paper proposes a new forensic analysis methodology that combines processes, techniques, and tools for physical and logical data acquisition from mobile devices. The proposed methodology allows an overview of the use of the In-System Programming (ISP) technique with the usage of Combination Firmware, aligned with specific collection and analysis processes. The carried out experiments show that the proposed methodology is convenient and practical and provides new possibilities for data acquisition on devices that run the Android Operating System with advanced protection mechanisms. The methodology is also feasible in devices compatible with the usage of Joint Test Action Group (JTAG) techniques and which use Embedded Multimedia Card (eMMC) or Embedded Multi-Chip Package (eMCP) as main memory. The techniques included in the methodology are effective on encrypted devices, in which the JTAG and Chip-Off techniques prove to be ineffective, especially on those that have an unauthorized access protection mechanism enabled, such as lock screen password, blocked bootloader, and Factory Reset Protection (FRP) active. Studies also demonstrate that data preservation and integrity are maintained, which is critical to a digital forensic process.

show abstract

Section: Using Encryption On Androidmentioning

confidence: 99%

Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware

et al. 2020

View full text Add to dashboard Cite

show abstract

“…non-secure OS). SideLine may break this isolation by accessing delay-lines from the non-secure world and eavesdropping secure-world activity leakage [23]. The rise of connected devices and cloud services strengthens this threat as SideLine can be launched remotely.…”

Section: Additional Attack Scenariosmentioning

confidence: 99%

SideLine: How Delay-Lines (May) Leak Secrets from your SoC

Gravellier,

Dutertre,

Teglia

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

To meet the ever-growing need for performance in silicon devices, SoC providers have been increasingly relying on software-hardware cooperation. By controlling hardware resources such as power or clock management from the software, developers earn the possibility to build more flexible and power efficient applications. Despite the benefits, these hardware components are now exposed to software code and can potentially be misused as open-doors to jeopardize trusted environments, perform privilege escalation or steal cryptographic secrets. In this work, we introduce SideLine, a novel side-channel vector based on delay-line components widely implemented in high-end SoCs. After providing a detailed method on how to access and convert delay-line data into power consumption information, we demonstrate that these entities can be used to perform remote power side-channel attacks. We report experiments carried out on two SoCs from distinct vendors and we recount several core-vs-core attack scenarios in which an adversary process located in one processor core aims at eavesdropping the activity of a victim process located in another core. For each scenario, we demonstrate the adversary ability to fully recover the secret key of an OpenSSL AES running in the victim core. Even more detrimental, we show that these attacks are still practicable if the victim or the attacker program runs over an operating system.

show abstract

“…These are called covert channels. Previous research has shown that covert channels can be constructed with a variety of existing system resources [ 1 , 2 , 3 , 4 , 5 ].…”

Section: Introductionmentioning

confidence: 99%

Cross-World Covert Channel on ARM Trustzone through PMU

Tyagi

2022

Sensors

View full text Add to dashboard Cite

The TrustZone technology is incorporated in a majority of recent ARM Cortex A and Cortex M processors widely deployed in the IoT world. Security critical code execution inside a so-called secure world is isolated from the rest of the application execution within a normal world. It provides hardware-isolated area called a trusted execution environment (TEE) in the processor for sensitive data and code. This paper demonstrates a vulnerability in the secure world in the form of a cross-world, secure world to normal world, covert channel. Performance counters or Performance Monitoring Unit (PMU) events are used to convey the information from the secure world to the normal world. An encoding program generates appropriate PMU event footprint given a secret S. A corresponding decoding program reads the PMU footprint and infers S using machine learning (ML). The machine learning model can be trained entirely from the data collected from the PMU in user space. Lack of synchronization between PMU start and PMU read adds noise to the encoding/decoding ML models. In order to account for this noise, this study proposes three different synchronization capabilities between the client and trusted applications in the covert channel. These are synchronous, semi-synchronous, and asynchronous. Previously proposed PMU based covert channels deploy L1 and LLC cache PMU events. The latency of these events tends to be 100–1000 cycles limiting the bandwidth of these covert channels. We propose to use microarchitecture level events with latency of 10–100 cycles captured through PMU for covert channel encoding leading to a potential 100× higher bandwidth. This study conducts a series of experiments to evaluate the proposed covert channels under various synchronization models on a TrustZone supported Cortex-A processor using OP-TEE framework. As stated earlier, switch from signaling based on PMU cache events to PMU microarchitectural events leads to approximately 15× higher covert channel bandwidth. This proposed finer-grained microarchitecture event encoding covert channel can achieve throughput of the order of 11 Kbits/s as opposed to previous work’s throughput of the order of 760 bits/s.

show abstract

Comparison of side-channel leakage on Rich and Trusted Execution Environments

Cited by 10 publications

References 11 publications

Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware

Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware

SideLine: How Delay-Lines (May) Leak Secrets from your SoC

Cross-World Covert Channel on ARM Trustzone through PMU

Contact Info

Product

Resources

About