MCU-Wide Timing Side Channels and Their Detection

• URL: http://arxiv.org/abs/2309.12925v2
• Date: Thu, 18 Jul 2024 09:06:00 GMT
• Title: MCU-Wide Timing Side Channels and Their Detection
• Authors: Johannes Müller, Anna Lena Duque Antón, Lucas Deutschmann, Dino Mehmedagić, Cristiano Rodrigues, Daniel Oliveira, Keerthikumara Devarajegowda, Mohammad Rahmani Fadiheh, Sandro Pinto, Dominik Stoffel, Wolfgang Kunz,
• Abstract summary: Microarchitectural timing side channels have been thoroughly investigated as a security threat. Recent activities demonstrate that this threat is real even in microcontrollers without such features. We present a new formal method to close this gap.
• Score: 5.504422513647801
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide timing side channels previously neglected by security analysis and present a new formal method to close this gap. In a case study on the RISC-V Pulpissimo SoC, our method detected a vulnerability to a previously unknown attack variant that allows an attacker to obtain information about a victim's memory access behavior. After implementing a conservative fix, we were able to verify that the SoC is now secure w.r.t. the considered class of timing side channels.

Related papers

• Shield Bash: Abusing Defensive Coherence State Retrieval to Break Timing Obfuscation [2.03921019862868]
  We study an interaction between two state-of-the art defenses in this paper. TORC mitigates cache-hit based attacks and DSRC mitigates speculative coherence state change attacks. We demonstrate a new covert channel attack is possible using this vulnerability.
  arXiv  Detail & Related papers  (2025-04-14T15:27:32Z)
• Unveiling ECC Vulnerabilities: LSTM Networks for Operation Recognition in Side-Channel Attacks [6.373405051241682]
  We propose a novel approach for performing side-channel attacks on elliptic curve cryptography. We adopt a long-short-term memory (LSTM) neural network to analyze a power trace and identify patterns of operation. We show that current countermeasures, specifically the coordinate randomization technique, are not sufficient to protect against side channels.
  arXiv  Detail & Related papers  (2025-02-24T17:02:40Z)
• Hybrid Deep Learning Model for Multiple Cache Side Channel Attacks Detection: A Comparative Analysis [0.0]
  Cache side channel attacks leverage weaknesses in shared computational resources. This study focuses on a specific class of these threats: fingerprinting attacks. A hybrid deep learning model is proposed for detecting cache side channel attacks.
  arXiv  Detail & Related papers  (2025-01-28T18:14:43Z)
• Deep-learning-based continuous attacks on quantum key distribution protocols [0.0]
  We design a new attack scheme that exploits continuous measurement together with the powerful pattern recognition capacities of deep recurrent neural networks. We show that, when applied to the BB84 protocol, our attack can be difficult to notice while still allowing the spy to extract significant information about the states of the qubits sent in the quantum communication channel.
  arXiv  Detail & Related papers  (2024-08-22T17:39:26Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• Bridging the Gap: Automated Analysis of Sancus [2.045495982086173]
  We propose a new method to reduce this gap in the Sancus embedded security architecture. Our method either finds attacks in the given threat model or gives probabilistic guarantees on the security of the system.
  arXiv  Detail & Related papers  (2024-04-15T07:26:36Z)
• A Survey of Side-Channel Attacks in Context of Cache -- Taxonomies, Analysis and Mitigation [0.12289361708127873]
  Cache side-channel attacks are leading as there has been an enormous growth in cache memory size in last decade. This paper covers the detailed study of cache side-channel attacks and compares different microarchitectures in the context of side-channel attacks.
  arXiv  Detail & Related papers  (2023-12-18T10:46:23Z)
• The Adversarial Implications of Variable-Time Inference [47.44631666803983]
  We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
  arXiv  Detail & Related papers  (2023-09-05T11:53:17Z)
• On Borrowed Time -- Preventing Static Side-Channel Analysis [13.896152066919036]
  adversaries exploit leakage or response behaviour of integrated circuits in a static state. Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA)
  arXiv  Detail & Related papers  (2023-07-18T06:36:04Z)
• State-Blocking Side-Channel Attacks and Autonomous Fault Detection in Quantum Key Distribution [0.0]
  Side-channel attacks allow an Eavesdropper to use insecurities in the practical implementation of QKD systems. We discuss a scheme to autonomously detect such an attack during an ongoing QKD session. We present how Alice and Bob can put in place a countermeasure to continue use of the QKD system, once a detection is made.
  arXiv  Detail & Related papers  (2023-05-29T10:43:57Z)
• Understanding the Vulnerability of Skeleton-based Human Activity Recognition via Black-box Attack [53.032801921915436]
  Human Activity Recognition (HAR) has been employed in a wide range of applications, e.g. self-driving cars. Recently, the robustness of skeleton-based HAR methods have been questioned due to their vulnerability to adversarial attacks. We show such threats exist, even when the attacker only has access to the input/output of the model. We propose the very first black-box adversarial attack approach in skeleton-based HAR called BASAR.
  arXiv  Detail & Related papers  (2022-11-21T09:51:28Z)
• Attacking Video Recognition Models with Bullet-Screen Comments [79.53159486470858]
  We introduce a novel adversarial attack, which attacks video recognition models with bullet-screen comment (BSC) attacks. BSCs can be regarded as a kind of meaningful patch, adding it to a clean video will not affect people' s understanding of the video content, nor will arouse people' s suspicion.
  arXiv  Detail & Related papers  (2021-10-29T08:55:50Z)
• ADC: Adversarial attacks against object Detection that evade Context consistency checks [55.8459119462263]
  We show that even context consistency checks can be brittle to properly crafted adversarial examples. We propose an adaptive framework to generate examples that subvert such defenses. Our results suggest that how to robustly model context and check its consistency, is still an open problem.
  arXiv  Detail & Related papers  (2021-10-24T00:25:09Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.