Remote Power Analysis Attacks on Apple Systems
A study reveals vulnerabilities in Apple's M1 and M2 to remote power analysis attacks.
― 6 min read
Table of Contents
Power analysis attacks are a type of attack where the attacker looks at power consumption data to figure out sensitive information from a device. In the past, these attacks required the attacker to physically access the device and use special tools to measure its power use accurately.
Recently, a new type of attack called the PLATYPUS attack has shown that it is possible to use on-chip power meters that can be accessed through software to launch these attacks remotely. This article will discuss a specific software-based power attack on Apple’s M1 and M2 systems.
The Basics of Power Analysis Attacks
When a circuit processes data, it uses power in a way that depends on the data being handled. This behavior can be misused by attackers to guess sensitive data, such as passwords or Encryption Keys. Traditionally, to carry out a power analysis attack, an attacker would need access to the physical device and the ability to measure its power use precisely.
Now, with the rise of software power side-channel attacks, it is possible for attackers to exploit existing software interfaces to gather the necessary data without physical access to the device. The PLATYPUS attack is an example that shows how these attacks can work using energy reporting from the hardware.
Targeting Apple’s M1 and M2 Systems
This article will focus on the security of Apple’s M1 and M2 systems. The System Management Controller (SMC) in these systems can be manipulated through software to expose power metrics. These metrics allow user applications to access power usage data, which can be correlated with the data being processed by the system.
Through experiments, it has been shown that the SMC exposes certain metrics that relate to power use. By analyzing how these metrics change with different data inputs, researchers were able to discover patterns that attackers might exploit.
Experiments Conducted
In the tests, researchers used an Apple Mac Mini M1 and an Apple MacBook Air M2 to analyze the system's power consumption. They aimed to identify specific metrics that showed a correlation with actual workloads.
By comparing power metrics during idle and active states, researchers were able to pinpoint which keys in the SMC were influenced by the workloads. This analysis revealed a number of keys that changed depending on the workload, which could be used against the system.
Uncovering Data-Dependent Power Consumption
After identifying the workload-dependent keys, the next step was to find out whether the SMC keys also showed data dependency. By running the same workload with different input data repeatedly, researchers measured how the SMC values changed based on the input provided.
Using statistical tests to analyze the power consumption data, they confirmed that some of the SMC keys indeed showed a strong correlation with the data being processed. Specifically, one key, called PHPC, stood out for its consistent reliability in showing this correlation.
Extracting Encryption Keys
With strong evidence of data dependency, researchers then focused on the possibility of extracting sensitive information, like encryption keys. The experiments were designed so that an attacker could see how power consumption varied with different plaintext inputs while trying to guess the underlying encryption key used in AES encryption.
By gathering numerous traces of power metrics and using these traces to analyze the relationship between the power measurements and the encryption's intermediate states, researchers were able to determine the rank of key bytes. Lower ranks indicated a better chance of recovering the secret key.
Results and Findings
The findings from these experiments were revealing. Using the identified power metrics, the researchers could successfully recover several bytes of encryption keys from the AES system on both the M1 and M2.
On the Apple M2, they managed to recover 6 out of 16 key bytes, while on the M1, they were able to recover 2 bytes. This demonstrates that software-based power attacks can be a significant security risk for systems that do not adequately protect against such vulnerabilities.
Kernel Module Implementation
To further explore how real-world scenarios could enable such attacks, the researchers implemented a kernel module that served as an encryption engine. This module was specifically designed to encrypt data using AES-128 while hiding the secret key in the kernel memory.
The goal was to simulate a realistic attack where the attacker is a user application with access only to the SMC values through software interfaces. This experiment confirmed that even in more secure environments, attackers could still extract secrets with unprivileged access to power metrics.
Implications for Security
The research clearly illustrates the vulnerability of power side-channel attacks across various CPU architectures. It emphasizes the need for both manufacturers and developers to recognize and address these risks effectively.
By exposing power metrics to user mode applications, systems like Apple’s can open doors for potential attacks that can compromise sensitive information. If these vulnerabilities remain unaddressed, users could be at risk of having their secrets exposed through what may seem like innocuous software.
Mitigation Techniques
In response to similar vulnerabilities identified in the industry, companies like Intel and AMD have taken steps to prevent exploitation of power metrics. For example, they have restricted user access to certain energy reporting interfaces and introduced noise to power measurements to obscure meaningful data that could be exploited.
Similar techniques could be used by Apple to improve security for its systems. Reducing the visibility of power metrics and implementing random noise in the energy reporting mechanisms could make it more challenging for attackers to extract sensitive information.
Conclusion
The findings from this research serve as a wake-up call to the tech industry. As software-based power attacks become more prevalent, it is crucial for manufacturers to adopt protections against these types of vulnerabilities.
As demonstrated, even systems thought to be safe from traditional attacks could be susceptible to software-based power analysis methods, leading to potential data breaches. Ensuring that robust security measures are in place will be vital for protecting sensitive information and maintaining user trust.
By collaborating and sharing knowledge about these vulnerabilities, the industry can work towards creating safer computing environments for everyone. Everyone benefits when security is prioritized, leading to more resilient systems against modern threats.
Title: Uncovering Software-Based Power Side-Channel Attacks on Apple M1/M2 Systems
Abstract: Traditionally, power side-channel analysis requires physical access to the target device, as well as specialized devices to measure the power consumption with enough precision. Recently research has shown that on x86 platforms, on-chip power meter capabilities exposed to a software interface might be used for power side-channel attacks without physical access. In this paper, we show that such software-based power side-channel attack is also applicable on Apple silicon (e.g., M1/M2 platforms), exploiting the System Management Controller (SMC) and its power-related keys, which provides access to the on-chip power meters through a software interface to user space software. We observed data-dependent power consumption reporting from such SMC keys and analyzed the correlations between the power consumption and the processed data. Our work also demonstrated how an unprivileged user mode application successfully recovers bytes from an AES encryption key from a cryptographic service supported by a kernel mode driver in MacOS. We have also studied the feasibility of performing frequency throttling side-channel attack on Apple silicon. Furthermore, we discuss the impact of software-based power side-channels in the industry, possible countermeasures, and the overall implications of software interfaces for modern on-chip power management systems.
Authors: Nikhil Chawla, Chen Liu, Abhishek Chakraborty, Igor Chervatyuk, Ke Sun, Thais Moreira Hamasaki, Henrique Kawakami
Last Update: 2024-10-04 00:00:00
Language: English
Source URL: https://arxiv.org/abs/2306.16391
Source PDF: https://arxiv.org/pdf/2306.16391
Licence: https://creativecommons.org/licenses/by/4.0/
Changes: This summary was created with assistance from AI and may have inaccuracies. For accurate information, please refer to the original source documents linked here.
Thank you to arxiv for use of its open access interoperability.