Cache Side-Channel Attacks Through Electromagnetic Emanations of DRAM Accesses
Julien Maillard, Julien Maillard, Thomas Hiscock, Maxime Lecomte, Christophe Clavier
2024
Abstract
Remote side-channel attacks on processors exploit hardware and micro-architectural effects observable from software measurements. So far, the analysis of micro-architectural leakages over physical side-channels (power consumption, electromagnetic field) received little treatment. In this paper, we argue that those attacks are a serious threat, especially against systems such as smartphones and Internet-of-Things (IoT) devices which are physically exposed to the end-user. Namely, we show that the observation of Dynamic Random Access Memory (DRAM) accesses with an electromagnetic (EM) probe constitutes a reliable alternative to time measurements in cache side-channel attacks. We describe the EVICT+EM attack, that allows recovering a full AES key on a T-Tables implementation with similar number of encryptions than state-of-the-art EVICT+RELOAD attacks on the studied ARM platforms. This new attack paradigm removes the need for shared memory and exploits EM radiations instead of high precision timers. Then, we introduce PRIME+EM, which goal is to reverse-engineer cache usage patterns of applications. This attack allows to recover the layout of lookup tables within the cache. Finally, we present COLLISION+EM, a collision-based attack on a Systemon-chip (SoC) that does not require malicious code execution, and show its practical efficiency in recovering key material on an ARM TrustZone application. Those results show that physical observation of the microarchitecture can lead to improved attacks.
DownloadPaper Citation
in Harvard Style
Maillard J., Hiscock T., Lecomte M. and Clavier C. (2024). Cache Side-Channel Attacks Through Electromagnetic Emanations of DRAM Accesses. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 262-273. DOI: 10.5220/0012813200003767
in Bibtex Style
@conference{secrypt24,
author={Julien Maillard and Thomas Hiscock and Maxime Lecomte and Christophe Clavier},
title={Cache Side-Channel Attacks Through Electromagnetic Emanations of DRAM Accesses},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={262-273},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012813200003767},
isbn={978-989-758-709-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Cache Side-Channel Attacks Through Electromagnetic Emanations of DRAM Accesses
SN - 978-989-758-709-2
AU - Maillard J.
AU - Hiscock T.
AU - Lecomte M.
AU - Clavier C.
PY - 2024
SP - 262
EP - 273
DO - 10.5220/0012813200003767
PB - SciTePress