Do Not Trust Power Management: A Survey on Internal Energy-based Attacks Circumventing Trusted Execution Environments Security Properties

TL;DR

This article presents the first comprehensive knowledge survey of internal energy-based attacks leveraging energy management mechanisms, along with an evaluation of literature countermeasures.

Abstract

Over the past few years, several research groups have introduced innovative hardware designs for Trusted Execution Environments (TEEs), aiming to secure applications against potentially compromised privileged software, including the kernel. Since 2015, a new class of software-enabled hardware attacks leveraging energy management mechanisms has emerged. These internal energy-based attacks comprise fault, side-channel and covert channel attacks. Their aim is to bypass TEE security guarantees and expose sensitive information such as cryptographic keys. They have increased in prevalence in the past few years. Popular TEE implementations, such as ARM TrustZone and Intel SGX, incorporate countermeasures against these attacks. However, these countermeasures either hinder the capabilities of the power management mechanisms or have been shown to provide insufficient system protection. This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures. We believe that this study will spur further community efforts towards this increasingly important type of attacks.

Figures (6)

• Figure 1: Example implementation of the main components in a dual-world-based TEE
• Figure 2: A DVFS implementation in a SoC, illustrating typical components used for sensing operating frequency and supply voltage.
• Figure 3: Timing constraints in a digital system
• Figure 4: Main steps and components involved in internal energy-based attacks.
• Figure 5: Existing and potential approaches for countermeasures against DVFS FIA.