Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Because power measurements with a malware were previously too inaccurate, such attacks required physical access to the target device and special measurement tools such as an oscilloscope.
Researchers at the Institute of Applied Information Processing and Communications at Graz University of Technology have been working intensively with power-based side channels for almost 20 years. In 2017, they began investigating software-based power attacks. Together with colleagues from the University of Birmingham and the Helmholtz Center for Information Security (CISPA), they have succeeded in taking the final step. At https://platypusattack.com they present PLATYPUS, a method that allows power side-channel attacks even without physical access. Affected devices include desktop PCs, laptops and cloud computing servers from Intel and AMD.
RAPL interface and SGX enclaves as key
The researchers used two key approaches. In the first, they used the RAPL interface (Running Average Power Limit), which is built into Intel and AMD CPUs. This interface monitors the energy consumption in the devices and ensures that they don’t overheat or consume too much power. RAPL has been configured so that power consumption can be logged even without administrative rights. This means that the measured values can be read out without any authorizations.
In the second approach, the group misuses Intel's security function Software Guard Extensions (SGX). This functionality moves data and critical programs to an isolated environment (called an enclave) where they are secure - even if the normal operating system is already compromised by malware.
Combination leads to (un)desired result
The researchers combined these two techniques in their methods of attack. Using a compromised operating system targeting Intel SGX, they made the processor execute certain instructions tens of thousands of times within an SGX enclave. The power consumption of each of these commands was measured via the RAPL interface. The fluctuations in the measured values finally allow to reconstruct data and cryptographic keys.
In further scenarios, the researchers also show that even attackers without administrative rights can attack the operating system and steal secret data from it.
New security updates resolve the threat
The TU Graz computer scientists Moritz Lipp, Andreas Kogler, Catherine Easdon, Claudio Canella and Daniel Gruss together with their ex-colleague Michael Schwarz (researching at CISPA in Saarbrücken since summer 2020) and with David Oswald from the University of Birmingham informed Intel and AMD about their discoveries in November 2019. The companies have now developed solutions that users should definitely adopt. A security update allows access to the RAPL measurement functions only with administrator rights. And further updates for the affected processors themselves ensure that the power consumption is returned in such a way that the subtle differences in the power consumption of programs are no longer visible.
This research is anchored in the Field of Expertise “Information, Communication & Computing”, one of the five research foci of Graz University of Technology.
The research presented in this paper was supported by the European Research Council (ERC) via the project SOPHIA (Securing Software against Physical Attacks) and by the Austrian Research Promotion Agency (FFG) via the projects DeSSnet and ESPRESSO. Furthermore it is partially funded by the Engineering and Physical Sciences Research Council (EPSRC) and by the Horizon2020 project FutureTPM, as well as by gifts from Intel, ARM, Amazon and Red Hat.