References & Citations
Computer Science > Cryptography and Security
Title: Frequency Throttling Side-Channel Attack
(Submitted on 14 Jun 2022 (v1), last revised 24 May 2023 (this version, v2))
Abstract: Modern processors dynamically control their operating frequency to optimize resource utilization, maximize energy savings, and conform to system-defined constraints. If, during the execution of a software workload, the running average of any electrical or thermal parameter exceeds its corresponding predefined threshold value, the power management architecture will reactively adjust CPU frequency to ensure safe operating conditions. In this paper, we demonstrate how such power management-based frequency throttling activity forms a source of timing side-channel information leakage, which can be exploited by an attacker to infer secret data even from a constant-cycle victim workload. The proposed frequency throttling side-channel attack can be launched by both kernel-space and user-space attackers, thus compromising security guarantees provided by isolation boundaries. We validate our attack methodology across different systems and threat models by performing experiments on a constant-cycle implementation of AES algorithm based on AES-NI instructions. The results of our experimental evaluations demonstrate that the attacker can successfully recover all bytes of an AES key by measuring encryption execution times. Finally, we discuss different options to mitigate the threat posed by frequency throttling side-channel attacks, as well as their advantages and disadvantages.
Submission history
From: Chen Liu [view email][v1] Tue, 14 Jun 2022 17:23:18 GMT (1913kb,D)
[v2] Wed, 24 May 2023 01:30:03 GMT (2562kb,D)
Link back to: arXiv, form interface, contact.