{"title":"REVOLVER:一种用于减轻ARM64上功率侧信道攻击的零步执行仿真框架","authors":"Christos Zonios, V. Tenentes","doi":"10.1109/IOLTS56730.2022.9897425","DOIUrl":null,"url":null,"abstract":"Software and hardware vulnerabilities to power side-channel attacks (SCA) are hard to detect and mitigate in systems already deployed in-the-field, because they require specialized equipment and aligned power traces. In this paper, we present REVOLVER, a software-based framework that performs zero-step execution emulation and generates power traces with instruction-level resolution. REVOLVER is a hybrid emulator, because part of it runs on the system that it emulates, an actual ARM64 platform, and evaluates the power consumption of its emulated instructions using actual measurements from on-chip low-frequency power sensors. Such sensors are already present on many system-on-chips (SoCs). To improve the accuracy of the collected traces, REVOLVER repeats the execution of the instructions in a zero-step fashion. To demonstrate the capabilities of our framework, we show that AES keys can be recovered by Correlation Power Analysis (CPA) on traces acquired using REVOLVER, which proves experimentally that there is a leaking power side-channel in the examined system that could potentially be exploited by power SCAs. Moreover, we show how REVOLVER can be used by a security engineer not only to identify software and hardware vulnerabilities to power SCAs, but also to design and evaluate mitigation strategies.","PeriodicalId":274595,"journal":{"name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"REVOLVER: A Zero-Step Execution Emulation Framework for Mitigating Power Side-Channel Attacks on ARM64\",\"authors\":\"Christos Zonios, V. Tenentes\",\"doi\":\"10.1109/IOLTS56730.2022.9897425\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software and hardware vulnerabilities to power side-channel attacks (SCA) are hard to detect and mitigate in systems already deployed in-the-field, because they require specialized equipment and aligned power traces. In this paper, we present REVOLVER, a software-based framework that performs zero-step execution emulation and generates power traces with instruction-level resolution. REVOLVER is a hybrid emulator, because part of it runs on the system that it emulates, an actual ARM64 platform, and evaluates the power consumption of its emulated instructions using actual measurements from on-chip low-frequency power sensors. Such sensors are already present on many system-on-chips (SoCs). To improve the accuracy of the collected traces, REVOLVER repeats the execution of the instructions in a zero-step fashion. To demonstrate the capabilities of our framework, we show that AES keys can be recovered by Correlation Power Analysis (CPA) on traces acquired using REVOLVER, which proves experimentally that there is a leaking power side-channel in the examined system that could potentially be exploited by power SCAs. Moreover, we show how REVOLVER can be used by a security engineer not only to identify software and hardware vulnerabilities to power SCAs, but also to design and evaluate mitigation strategies.\",\"PeriodicalId\":274595,\"journal\":{\"name\":\"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IOLTS56730.2022.9897425\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IOLTS56730.2022.9897425","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
REVOLVER: A Zero-Step Execution Emulation Framework for Mitigating Power Side-Channel Attacks on ARM64
Software and hardware vulnerabilities to power side-channel attacks (SCA) are hard to detect and mitigate in systems already deployed in-the-field, because they require specialized equipment and aligned power traces. In this paper, we present REVOLVER, a software-based framework that performs zero-step execution emulation and generates power traces with instruction-level resolution. REVOLVER is a hybrid emulator, because part of it runs on the system that it emulates, an actual ARM64 platform, and evaluates the power consumption of its emulated instructions using actual measurements from on-chip low-frequency power sensors. Such sensors are already present on many system-on-chips (SoCs). To improve the accuracy of the collected traces, REVOLVER repeats the execution of the instructions in a zero-step fashion. To demonstrate the capabilities of our framework, we show that AES keys can be recovered by Correlation Power Analysis (CPA) on traces acquired using REVOLVER, which proves experimentally that there is a leaking power side-channel in the examined system that could potentially be exploited by power SCAs. Moreover, we show how REVOLVER can be used by a security engineer not only to identify software and hardware vulnerabilities to power SCAs, but also to design and evaluate mitigation strategies.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
