Collide+Power: New Side-Channel Attack Affects All CPUs

CISPA Faculty Dr. Michael Schwarz has been researching side-channel attacks for years. He was involved, among other things, in the discovery of Platypus and Meltdown. These are cyberattacks in which data is stolen via a detour, the so-called side-channel. Side-channel attacks exploit information that the Central Processing Unit (CPU) reveals involuntarily during processing, such as runtime behavior or power consumption.

With Collide+Power, Michael Schwarz, his PhD student Lukas Gerlach, and a group of researchers at TU Graz, have now discovered a new power side-channel attack that directly targets the CPU and that can theoretically hit all processors.

With Collide+Power, attackers can extract data directly from the processor. This is because all data that is processed by a computer system has to pass through the Central Processing Unit (CPU), which contains short-term memories or caches. Here, data that has already been processed is stored temporarily so that it can quickly be retrieved and reused. When data stored in the cache is overwritten by new data, for example because users access another password in their password manager, power is consumed. At this point, a physical effect comes in: The more data in the cache is changed, the more power is required.

Data collides in the cache

Collide+Power takes advantage of this effect. The malicious code programmed for the attack fills the cache with data known to the attackers. If users now access a program – such as their password manager – the attackers’ data in the cache is overwritten with the password: Attacker and user data “collide” in the cache. The power consumption of the CPU during the overwriting process allows the attackers to draw conclusions about the password. “The more similar the attackers’ data and the data from the target program are, the less power is consumed – and power consumption can be measured very accurately,” explains Schwarz.

Of course, many different computing processes take place in parallel in the caches of a computer, for example because various programs are open at the same time. So how can attackers identify the part of the calculations in the cache that they want to exploit? “The injected malicious code reloads the data from the program under attack countless times in the cache”, Gerlach points out. These constantly repeated loading processes allow the attackers to draw conclusions about the data records that are relevant to them.

Power consumption allows conclusions to be drawn about data

This type of data theft is possible because, in computer memories, all values are represented based on a binary code. Each individual value is coded with multiple digits, each of these being either a 1 or a 0. For one byte, which has eight digits, the number 1 would be represented by “0000 0001”, the number 2 by “0000 0010”. Thus, to overwrite a 1 in the cache with a 2, two digits, namely the last two, have to change. If a 1 is overwritten with a zero, which is represented by “0000 0000”, only the last digit changes. This requires less power. By comparing the amount of power consumed with each change, Collide+Power manages to “guess” each of the individual digits of a value.

Many repetitions of this “guessing process” are necessary to capture every digit of a value and, thus, the secret. This makes the process very complex and time-consuming. With the current malicious code, extracting a credit card number, for example, would take 4-5 hours, the researchers estimate. “However, this is only our test code. If you are serious about this, you could surely optimize the code,” Schwarz says.

Collide+Power closes a research gap

Collide+Power closes a gap in the detection of power side-channel attacks. It is the first side-channel attack that uses power measurements to derive data directly from the processor. Since the hardware itself is targeted by Collide+Power, it is impossible to prevent this kind of attack. Manufacturers can only provide information and notifications. So far, says Michael Schwarz, Collide+Power has not been seen in practice: “As researchers, we can only show that the attack is possible,” he says. “How dangerous it is, is for the manufacturers to judge.” However, adds Lukas Gerlach, “you lose the guarantee that data will remain untouchable.”

The paper was published in cooperation with the Institute of Applied Information Processing and Communications at the Graz University of Technology (Andreas Kogler, Jonas Juffinger, Lukas Giner, Martin Schwarzl, Daniel Gruss, Stefan Mangard). More information about Collide+Power can be found on the project website collidepower.com.

Wissenschaftliche Ansprechpartner:

Dr. Michael Schwarz
CISPA Helmholtz-Zentrum für Informationssicherheit
https://cispa.de/en/people/c02misc
michael.schwarz(at)cispa.de

Originalpublikation:

Andreas Kogler; Jonas Juffinger; Lukas Giner; Lukas Gerlach; Martin Schwarzl; Michael Schwarz; Daniel Gruss; Stefan Mangard (2023): Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels; in: USENIX Security Symposium 2023

Weitere Informationen:

http://collidepower.com