{"title":"滥用处理器电压打破手臂的信任区","authors":"Pengfei Qiu, Dongsheng Wang, Yongqiang Lyu, G. Qu","doi":"10.1145/3427384.3427394","DOIUrl":null,"url":null,"abstract":"30 Based on the concept of hardware separation, ARM introduced TrustZone to build a trusted execution environment for applications. It has been quite successful in defending against various software attacks and forcing attackers to explore vulnerabilities in interface designs and side channels. In this article, we propose an innovative software-controlled hardware fault-based attack, VoltJockey, on multi-core processors that adopt dynamic voltage and frequency scaling (DVFS) techniques for energy efficiency. We deliberately manipulate the processor voltage via DVFS to induce hardware faults into the victim cores, and therefore breaking TrustZone. The entire attack process is based on software without any involvement of hardware, which makes VoltJockey stealthy and hard to prevent. We implement VoltJockey on an ARMbased processor from a commodity Android phone and demonstrate how to reveal the AES key from TrustZone and how to breach the RSA-based TrustZone authentication. These results suggest that VoltJockey has a comparable efficiency to side channels in obtaining TrustZone-guarded credentials, as well as the potential of bypassing the RSA-based verification to load untrusted applications into TrustZone. [HIGHLIGHTS]","PeriodicalId":213775,"journal":{"name":"GetMobile Mob. Comput. Commun.","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"VoltJockey: Abusing the Processor Voltage to Break Arm TrustZone\",\"authors\":\"Pengfei Qiu, Dongsheng Wang, Yongqiang Lyu, G. Qu\",\"doi\":\"10.1145/3427384.3427394\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"30 Based on the concept of hardware separation, ARM introduced TrustZone to build a trusted execution environment for applications. It has been quite successful in defending against various software attacks and forcing attackers to explore vulnerabilities in interface designs and side channels. In this article, we propose an innovative software-controlled hardware fault-based attack, VoltJockey, on multi-core processors that adopt dynamic voltage and frequency scaling (DVFS) techniques for energy efficiency. We deliberately manipulate the processor voltage via DVFS to induce hardware faults into the victim cores, and therefore breaking TrustZone. The entire attack process is based on software without any involvement of hardware, which makes VoltJockey stealthy and hard to prevent. We implement VoltJockey on an ARMbased processor from a commodity Android phone and demonstrate how to reveal the AES key from TrustZone and how to breach the RSA-based TrustZone authentication. These results suggest that VoltJockey has a comparable efficiency to side channels in obtaining TrustZone-guarded credentials, as well as the potential of bypassing the RSA-based verification to load untrusted applications into TrustZone. [HIGHLIGHTS]\",\"PeriodicalId\":213775,\"journal\":{\"name\":\"GetMobile Mob. Comput. Commun.\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"GetMobile Mob. Comput. Commun.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3427384.3427394\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"GetMobile Mob. Comput. Commun.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3427384.3427394","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
VoltJockey: Abusing the Processor Voltage to Break Arm TrustZone
30 Based on the concept of hardware separation, ARM introduced TrustZone to build a trusted execution environment for applications. It has been quite successful in defending against various software attacks and forcing attackers to explore vulnerabilities in interface designs and side channels. In this article, we propose an innovative software-controlled hardware fault-based attack, VoltJockey, on multi-core processors that adopt dynamic voltage and frequency scaling (DVFS) techniques for energy efficiency. We deliberately manipulate the processor voltage via DVFS to induce hardware faults into the victim cores, and therefore breaking TrustZone. The entire attack process is based on software without any involvement of hardware, which makes VoltJockey stealthy and hard to prevent. We implement VoltJockey on an ARMbased processor from a commodity Android phone and demonstrate how to reveal the AES key from TrustZone and how to breach the RSA-based TrustZone authentication. These results suggest that VoltJockey has a comparable efficiency to side channels in obtaining TrustZone-guarded credentials, as well as the potential of bypassing the RSA-based verification to load untrusted applications into TrustZone. [HIGHLIGHTS]
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
