Application Profiling Using Register-Instruction Hardware Performance Counters

Abstract

Kleptographic attacks are a type of security threat that involve weakening a cryptographic implementation in order to extract sensitive information from a computer system. These attacks can be particularly harmful when they target cryptographic keys or other security-critical information. Since software-based defenses are not robust, to address these threats, prior studies have explored the use of trusted hardware-based solutions, involving tailor-made Hardware Performance Counters (HPCs). However, these tailor-made HPCs lack the fine-grained characterization necessary to correctly differentiate between individual applications. As a result, a large number of HPCs are required to monitor the application, which incurs high overhead on the system. To this end, we propose the development of Register-Instruction Hardware Performance Counters (RIHPCs), a bespoke set of special-purpose registers designed to characterize applications, and thus detect Kleptographic attacks, with low granularity and low performance overhead. To assess the performance of RIHPCs against Kleptographic attacks, we profile NIST’s Post Quantum Cryptographic Key Encapsulation Mechanism (PQC-KEM) algorithms. Our results show that RIHPC traces can distinguish between PQC algorithms with an accuracy of over 99%, while furnishing up to 67% reduction in performance overhead in comparison to tailor-made HPCs.