1247024
doi
10.3929/ethz-b-000255436
oai:zenodo.org:1247024
user-safure_h2020
user-eu
Thiele, Lothar
ETHZ
The Security Risks of Power Measurements in Multicores
Miedl, Philipp
ETHZ
doi:10.3929/ethz-b-000255436
doi:10.3929/ethz-b-000263374
doi:10.3929/ethz-b-000263374
info:eu-repo/semantics/openAccess
Creative Commons Attribution 4.0 International
https://creativecommons.org/licenses/by/4.0/legalcode
covert channel
power
capacity bound
empirical study
<p>Two of the main goals of power management in modern multicore processors are reducing the average power dissipation and delivering the maximum performance up to the physical limits of the system, when demanded. To achieve these goals, hardware manufacturers and operating system providers include sophisticated power and performance management systems, which require detailed information about the current processor state. For example, Intel processors offer the possibility to measure the power dissipation of the processor. In this work, we are evaluating whether such power measurements can be used to establish a covert channel between two isolated applications on the same system; the power covert channel.<br>
We present a detailed theoretical and experimental evaluation of the power covert channel on two platforms based on Intel processors. Our theoretical analysis is based on detailed modelling and allows us to derive a channel capacity bound for each platform.<br>
Moreover, we conduct an extensive experimental study under controlled, yet realistic, conditions. Our study shows, that the platform<br>
dependent channel capacities are in the order of 2000 bps and that it is possible to achieve throughputs of up to 1000 bps with a bit error probability of less than 15%, using a simple implementation. This illustrates the potential of leaking sensitive information and breaking a systems security framework using a covert channel based on power measurements.</p>
Zenodo
2018-04-09
info:eu-repo/semantics/conferencePaper
1247023
user-safure_h2020
user-eu
award_title=SAFety and secURity by design for interconnected mixed-critical cyber-physical systems; award_number=644080; award_identifiers_scheme=url; award_identifiers_identifier=https://cordis.europa.eu/projects/644080; funder_id=00k4n6c32; funder_name=European Commission;
1579541903.089177
3852167
md5:f50dee0e1e29ccef3adab28125398010
https://zenodo.org/records/1247024/files/2018-SECatSAC-ETHZ.pdf
public
10.3929/ethz-b-000255436
Is identical to
doi
10.3929/ethz-b-000263374
Is supplement to
doi
10.3929/ethz-b-000263374
Is supplemented by
doi