Hertzbleed: Turning Power Side-Channel Attacks into Remote Timing Attacks on x86

Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher, David Kohlbrenner

Research output: Contribution to journalArticlepeer-review

Abstract

Power side-channel attacks exploit data-dependent variations in a CPU's power consumption to leak secrets. In this article, we show that on modern CPUs, power side-channel attacks can be turned into timing attacks that can be mounted without access to any power measurement interface. This discovery exploits how, under certain circumstances, the dynamic frequency scaling of modern x86 CPU depends on the current power consumption (and hence, data). We demonstrate that this "frequency side channela"is a real threat to the security of cryptographic software. First, we reverse engineer the dependency between data, power, and frequency on a modern x86 CPUa-finding, among other things, that differences as small as a set bit's position in a word can be distinguished through frequency changes. Second, we describe a novel chosen-ciphertext attack against (constant-time implementations of) supersingular isogeny key encapsulation that allows full key extraction via remote timing.

Original languageEnglish (US)
Pages (from-to)19-27
Number of pages9
JournalIEEE Micro
Volume43
Issue number4
DOIs
StatePublished - Jul 1 2023

ASJC Scopus subject areas

  • Software
  • Electrical and Electronic Engineering
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Hertzbleed: Turning Power Side-Channel Attacks into Remote Timing Attacks on x86'. Together they form a unique fingerprint.

Cite this