1 of 30

DVFS Frequently Leaks Secrets: Hertzbleed Attacks

Maatla Sefawe and Ayush Vashi

1

2 of 30

Background

2

3 of 30

DVFS

  • Modern CPUs dynamically adjust frequency to reduce power consumption.
  • When the CPU load is low, frequency is decreased to save power.
  • Can be used as a throttling mechanism when CPU load is high.

3

4 of 30

4

Hamming Weight

  • Hamming weight measures the # of ones in a string of bits
  • E.g. 001110 has a hamming weight of 3

Hamming Distance

  • Hamming distance measures the number of bits that flip when changing a value
  • E.g. The hamming distance between 0100 and 1101 is 2

5 of 30

Hertzbleed

  • A class of timing attacks that leverage the discovery that, during high CPU loads, DVFS-induced frequency adjustments depend on the CPU power consumption the data being computed

  • This is because frequency adjustments rely on data-dependent CPU power consumption

  • Data-dependent frequency changes translate directly to remotely observable execution time differences

5

6 of 30

  • Traditional timing attacks leak “digital features” (e.g, instruction count, branches taken)
  • Hertzbleed leaks “analog features” (e.g, temperature, power)

6

7 of 30

Impact

  • This finding fundamentally challenges constant-time programming principles designed to mitigate traditional timing and power side channels attacks

7

8 of 30

Expanding the Threat Scope

  • Initially only demonstrated on a specific cryptographic primitive, SIKE

8

9 of 30

Expanding the Threat Scope

9

10 of 30

10

Elliptic Curve Digital Signature Algortihm(ECDSA)

  • Leaked number of leading 0 bits in the ephemeral nonce
  • Operations on low HW data cause lower CPU power consumption, resulting in a higher CPU frequency
  • Not very practical due to small timing differences and noise

Classic McEliece

  • A decoding failure produces an array with far fewer non-zero entries compared to a successful attempt
  • Bitslicing in the re-encryption check amplifies this into a significant low HW/HD data difference, leading to higher CPU frequency
  • Demonstrated full plaintext recovery

11 of 30

Beyond Cryptography and CPU Core Data: Leaking Web Browser Secrets from the iGPU

11

12 of 30

iGPU-CPU Frequency Leakage Channel

  • CPU frequency adjustments are affected by the iGPU power consumption
  • iGPU power consumption depends on the data values being computed within the iGPU

12

13 of 30

13

CPU Frequency is iGPU workload-dependent

CPU Frequency is iGPU data-dependent

14 of 30

Pixel Stealing

  • Web browsers manage secrets on behalf of users
  • Some secrets influence visible content on the page
  • “Pixel stealing is a cross-origin leak where the secret revealed is the visual content of a target site page.”

14

15 of 30

SVG Filter Stack Framework

  • A series of graphical computations that can be applied to elements of a web page to create visual effects
  • Google Chrome runs these by default
  • The goal is to find a stack which when rendering on an iframe filled with an attacker-selected cross-origin pixel, creates iGPU power differences

15

16 of 30

Attacker Setup

  • Target a single black or white pixel in a cross-origin iframe
  • Use CSS properties to isolate and expand this single pixel into a large uniformly colored iframe

16

17 of 30

Filter Stack

  1. Generate a large random image of random colors
  2. Apply an arithmetic composition between the target iframe and the random image

17

18 of 30

Amplification

  • Using the composed image as a source, append GPU heavy filter feGaussianBlur
  • This works as an amplifier of the HW/HD difference in the composed images
  • The iGPU power consumption should be very distinct depending on the color of the target pixel

18

19 of 30

Measuring CPU Frequency

  • The accumulated counter represents the relative CPU frequency between the two clock edges

19

20 of 30

Experimental Results

20

21 of 30

21

  • Applied their FilterStack repeatedly on the iFrame targeting either a white or black pixel in an infinite loop
  • Simultaneously, stressed the CPU by running a JavaScript worker thread per core

22 of 30

Proof of Concept

22

23 of 30

23

24 of 30

24

25 of 30

Discussion

25

26 of 30

26

What are the possible software mitigations against this attack?

Question 1

27 of 30

Browser Side Mitigations

  • Restricting or removing the application of graphical transforms on cross-origin information
  • Disabling cross-origin iframe access to sensitive data(like cookies)
  • Re-implementing SVG filters to be resilient against this type of power leakage

27

28 of 30

28

What are the possible hardware mitigations against this attack?

Question 2

29 of 30

29

What are the broader security implications of cross component leakage (iGPU-CPU leakage) on modern processors?

Question 3

30 of 30

Thank you!

30