Vulnerabilities Introduced by Features for Software-based Energy Measurement

Heiko Mantel, Johannes Schickel, Alexandra Weber, Friedrich Weber from Technische Universität Darmstadin Germany look into potential security side effects of new energy management features in CPUs. Energy management is an issue of growing importance as the amount of resources required to process and store the massive amount of data the information society requires. Software based energy management provides data centres with features to manage and reduce energy consumption. Information about energy consumption can be used as a alternative channel of to get information about the processing happening on a chip. Incidental information about what is happening in the CPU such as the energy consumption or timing of processing can provide clues to the processes happening within.
By experimenting the team were able to derive enough information from the energy management software features to be able to weaken the use of a particular type of encryption (Bouncy Castle RSA).
This research provides more weight to the importance of considering security implications when adding design features. It was also nice to see a “Quantification of the Weakness” highlighted and explained.

“We conclude that the attacker requires 29 observations to distinguish between the two keys successfully in 99% of all cases.”

–pp. 18

They also provided some analysis of cross-copying as a possible method to mitigate this attack without compromising features. It did not appear to be effective.

Mantel, H., Schickel, J., Weber, A., & Weber, F. (2017). Vulnerabilities Introduced by Features for Software-based Energy Measurement.