TY - GEN
T1 - DVFS Frequently Leaks Secrets
T2 - 44th IEEE Symposium on Security and Privacy, SP 2023
AU - Wang, Yingchen
AU - Paccagnella, Riccardo
AU - Wandke, Alan
AU - Gang, Zhao
AU - Garrett-Grossman, Grant
AU - Fletcher, Christopher W.
AU - Kohlbrenner, David
AU - Shacham, Hovav
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The recent Hertzbleed disclosure demonstrates how remote-timing analysis can reveal secret information previously only accessible to local-power analysis. At worst, this constitutes a fundamental break in the constant-time programming principles and the many deployed programs that rely on them. But all hope is not lost. Hertzbleed relies on a coarse-grained, noisy channel that is difficult to exploit. Indeed, the Hertzbleed paper required a bespoke cryptanalysis to attack a specific cryptosystem (SIKE). Thus, it remains unclear if Hertzbleed represents a threat to the broader security ecosystem.In this paper, we demonstrate that Hertzbleed's effects are wide ranging, not only affecting cryptosystems beyond SIKE, but also programs beyond cryptography, and even computations occurring outside the CPU cores. First, we demonstrate how latent gadgets in other cryptosystem implementations - specifically "constant-time"ECDSA and Classic McEliece - can be combined with existing cryptanalysis to bootstrap Hertzbleed attacks on those cryptosystems. Second, we demonstrate how power consumption on the integrated GPU influences frequency on the CPU - and how this can be used to perform the first cross-origin pixel stealing attacks leveraging "constant-time"SVG filters on Google Chrome.
AB - The recent Hertzbleed disclosure demonstrates how remote-timing analysis can reveal secret information previously only accessible to local-power analysis. At worst, this constitutes a fundamental break in the constant-time programming principles and the many deployed programs that rely on them. But all hope is not lost. Hertzbleed relies on a coarse-grained, noisy channel that is difficult to exploit. Indeed, the Hertzbleed paper required a bespoke cryptanalysis to attack a specific cryptosystem (SIKE). Thus, it remains unclear if Hertzbleed represents a threat to the broader security ecosystem.In this paper, we demonstrate that Hertzbleed's effects are wide ranging, not only affecting cryptosystems beyond SIKE, but also programs beyond cryptography, and even computations occurring outside the CPU cores. First, we demonstrate how latent gadgets in other cryptosystem implementations - specifically "constant-time"ECDSA and Classic McEliece - can be combined with existing cryptanalysis to bootstrap Hertzbleed attacks on those cryptosystems. Second, we demonstrate how power consumption on the integrated GPU influences frequency on the CPU - and how this can be used to perform the first cross-origin pixel stealing attacks leveraging "constant-time"SVG filters on Google Chrome.
UR - http://www.scopus.com/inward/record.url?scp=85166482820&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85166482820&partnerID=8YFLogxK
U2 - 10.1109/SP46215.2023.10179326
DO - 10.1109/SP46215.2023.10179326
M3 - Conference contribution
AN - SCOPUS:85166482820
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 2306
EP - 2320
BT - Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 May 2023 through 25 May 2023
ER -