A Software Approach Towards Defeating Power Management Side Channel Leakage

Hardware Trojans are malicious, undesired, intentional modifications introduced in an Integrated Circuit (IC) which can be leveraged by a knowledgeable adversary to compromise the security of the IC. Trojans might be designed to modify the functionality of an IC, disable the security of a chip, access secret information or even destroy a system. In this paper, we propose PMU-Trojan, a hardware Trojan for leaking confidential information, such as, cryptographic secret key covertly to an adversary. For information leakage by hardware Trojan, we exploit a backdoor created by Power Management Unit (PMU) in Multi Processor System on Chip (MPSoC). PMU is a system block that initiates the voltage and the frequency changes to facilitate flexible power management and energy efficiency. It transmits voltage level change request to power supply. In this paper, we leverage this facility as an information side-channel to leak information to power-supply co-tenants. While the proposed approach can be generalized for any kind of secret information leakage, for the purpose of illustration, in this work, we focus on leaking Advanced Encryption Standard (AES) key. We demonstrate the working principle in Linux environment where a co-tenant thread monitors the change in voltage level and receives side-channel information from a thread affected by PMU-Trojan. The proposed Trojan defeats the traditional Trojan detection and suppression methods due to low information bit rate spread over long duration by a Trojan unit dissipating power at mere pico-Watts level. We propose a novel technique to defeat power management side channel by dynamically tuning processor power limit. The proposed software based solution towards suppressing PMU-Trojan is demonstrated on Intel computing platform using RAPL (Running Average Power Limit) interface.