research-article

Apple vs. EMA: electromagnetic side channel attacks on apple CoreCrypto

Authors:

Aydin AysuAuthors Info & Claims

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

Pages 247 - 252

https://doi.org/10.1145/3489517.3530437

Published: 23 August 2022 Publication History

Abstract

Cryptographic instruction set extensions are commonly used for ciphers which would otherwise face unacceptable side channel risks. A prominent example of such an extension is the ARMv8 Cryptographic Extension, or ARM CE for short, which defines dedicated instructions to securely accelerate AES. However, while these extensions may be resistant to traditional "digital" side channel attacks, they may still be vulnerable to physical side channel attacks.

In this work, we demonstrate the first such attack on a standard ARM CE AES implementation. We specifically focus on the implementation used by Apple's CoreCrypto library which we run on the Apple A10 Fusion SoC. To that end, we implement an optimized side channel acquisition infrastructure involving both custom iPhone software and accelerated analysis code. We find that an adversary which can observe 5--30 million known-ciphertext traces can reliably extract secret AES keys using electromagnetic (EM) radiation as a side channel. This corresponds to an encryption operation on less than half of a gigabyte of data, which could be acquired in less than 2 seconds on the iPhone 7 we examined. Our attack thus highlights the need for side channel defenses for real devices and production, industry-standard encryption software.

References

[1]

Kahraman Akdemir, Martin Dixon, Wajdi Feghali, Patrick Fay, Vinodh Gopal, Jim Guilford, Erdinc Ozturk, Gil Wolrich, and Ronen Zohar. 2010. Breakthrough AES performance with intel AES new instructions. White paper, June (2010), 11.

[2]

Josep Balasch, Benedikt Gierlichs, Oscar Reparaz, and Ingrid Verbauwhede. 2015. DPA, bitslicing and masking at 1 GHz. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 599--619.

Digital Library

[3]

Daniel J Bernstein. 2005. Cache-Timing Attacks on AES. (2005). http://palms.ee.princeton.edu/system/files/Cache-timing+attacks+on+AES.pdf

[4]

Eli Biham. 1997. A fast new DES implementation in software. In International Workshop on Fast Software Encryption. Springer, 260--272.

[5]

Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. In International workshop on cryptographic hardware and embedded systems. Springer, 16--29.

[6]

Suresh Chari, Josyula R Rao, and Pankaj Rohatgi. 2002. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer.

[7]

Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).

[8]

Joan Daemen and Vincent Rijmen. 2002. The design of Rijndael. Vol. 2. Springer.

[9]

Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In Cryptographic Hardware and Embedded Systems --- CHES 2001, Çetin K. Koç, David Naccache, and Christof Paar (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 251--261.

[10]

Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Yuval Yarom. 2016. ECDSA key extraction from mobile devices via nonintrusive physical side channels. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1626--1638.

Digital Library

[11]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+ Flush: a fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 279--299.

Digital Library

[12]

Gregor Haas, Seetal Potluri, and Aydin Aysu. 2021. iTimed: Cache Attacks on the Apple A10 Fusion SoC. IACR Cryptol. ePrint Arch. 2021 (2021), 464.

[13]

ARM Holdings. 2021. Arm® Architecture Reference ManualArmv8, for Armv8-A architecture profile. (2021).

[14]

Gabriel Hospodar, Benedikt Gierlichs, Elke De Mulder, Ingrid Verbauwhede, and Joos Vandewalle. 2011. Machine learning in side-channel analysis: a first study. Journal of Cryptographic Engineering 1, 4 (2011), 293.

[15]

Apple Inc. 2020. Apple corecrypto. (2020). https://developer.apple.com/security/

[16]

Apple Inc. 2020. Apple Platform Security Guide. (Spring 2020). https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf

[17]

Emilia Käsper and Peter Schwabe. 2009. Faster and timing-attack resistant AES-GCM. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1--17.

Digital Library

[18]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology --- CRYPTO' 99, Michael Wiener (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 388--397.

[19]

David P Leech, Stacey Ferris, John T Scott, et al. 2019. The economic impacts of the advanced encryption standard, 1996--2017. Annals of Science and Technology Policy 3, 2 (2019), 142--257.

[20]

Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. 2021. PLATYPUS: Software-based Power Side-Channel Attacks on x86. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE.

[21]

Oleksiy Lisovets, David Knichel, Thorben Moos, and Amir Moradi. 2021. Let's take it offline: Boosting brute-force attacks on iPhone's user authentication through SCA. IACR Transactions on Cryptographic Hardware and Embedded Systems (2021), 496--519.

[22]

Jake Longo, Elke De Mulder, Dan Page, and Michael Tunstall. 2015. SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 620--640.

Digital Library

[23]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and counter-measures: the case of AES. In Cryptographers' track at the RSA conference. Springer, 1--20.

[24]

Sami Saab, Pankaj Rohatgi, and Craig Hampel. 2016. Side-channel protections for cryptographic instruction set extensions. Cryptology ePrint Archive (2016).

[25]

T Schnneider and A Moradi. 2015. Leakage assessment methodology---A clear roadmap for side-channel evaluations. Proc. Cryptographic Hardware Embedded Syst (2015), 495--513.

[26]

François-Xavier Standaert, Tal G. Malkin, and Moti Yung. 2009. A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In Advances in Cryptology - EUROCRYPT 2009, Antoine Joux (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 443--461.

[27]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14). 719--732.

Digital Library

Cited By

Jayasena ABachmann RMishra P(2025)CiseLeaks: Information Leakage Assessment of Cryptographic Instruction Set Extension PrototypesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.353123920(1551-1565)Online publication date: 2025
https://doi.org/10.1109/TIFS.2025.3531239
Gongye CLuo YXu XFei Y(2024)Side-Channel-Assisted Reverse-Engineering of Encrypted DNN Hardware Accelerator IP and Attack Surface Exploration2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00001(4678-4695)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00001
Ibrahim YKermanshahi SKasmarik KHu J(2024)A Taxonomy-Based Survey of EM-SCA and Implications for Multi-Robot SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34618085(511-529)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3461808
Show More Cited By

Recommendations

Microsoft vs. Apple: Resilience against Distributed Denial-of-Service Attacks

Both Microsoft's Windows 7 and Apple's Snow Leopard operating systems claim to provide users with a safer and more reliable environment, but no work has evaluated and compared their resilience against common DDoS attack traffic. The authors compare the ...
Apple iPhone Encyclopedia - iPhone 8 Inside-Out Features: Comprehensive Inside out features of iPhone 8 and what to Expect in iPhone 8 plus
Apple Watch App Development

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

July 2022

1462 pages

ISBN:9781450391429

DOI:10.1145/3489517

General Chair:
Rob Oshana
NXP

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

NSF

Conference

DAC '22

Sponsor:

SIGDA

DAC '22: 59th ACM/IEEE Design Automation Conference

July 10 - 14, 2022

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
419
Total Downloads

Downloads (Last 12 months)153
Downloads (Last 6 weeks)13

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jayasena ABachmann RMishra P(2025)CiseLeaks: Information Leakage Assessment of Cryptographic Instruction Set Extension PrototypesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.353123920(1551-1565)Online publication date: 2025
https://doi.org/10.1109/TIFS.2025.3531239
Gongye CLuo YXu XFei Y(2024)Side-Channel-Assisted Reverse-Engineering of Encrypted DNN Hardware Accelerator IP and Attack Surface Exploration2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00001(4678-4695)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00001
Ibrahim YKermanshahi SKasmarik KHu J(2024)A Taxonomy-Based Survey of EM-SCA and Implications for Multi-Robot SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34618085(511-529)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3461808
Harris TAbuhmida MWard R(2024)Understanding Microbenchmark Detection of Existing Exploits in Apple M1 and M2 Chips2024 12th International Symposium on Digital Forensics and Security (ISDFS)10.1109/ISDFS60797.2024.10527321(1-4)Online publication date: 29-Apr-2024
https://doi.org/10.1109/ISDFS60797.2024.10527321
Maheswari RKrishnamurthy M(2024)A profiled side‐channel attack detection using deep learning model with capsule auto‐encoder networkTransactions on Emerging Telecommunications Technologies10.1002/ett.497535:4Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1002/ett.4975
Obaid ZAlheeti K(2023)Comprehensive Study of Side-Channel Analysis (CyberSecurity)2023 16th International Conference on Developments in eSystems Engineering (DeSE)10.1109/DeSE60595.2023.10469635(794-799)Online publication date: 18-Dec-2023
https://doi.org/10.1109/DeSE60595.2023.10469635
Banegas GCaullery F(2023)Multi-armed SPHINCSApplied Cryptography and Network Security Workshops10.1007/978-3-031-41181-6_27(500-514)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-41181-6_27
Cheng SZhang HHu XGao SLiu H(2022)Variance analysis based distinguisher for template attack2022 18th International Conference on Computational Intelligence and Security (CIS)10.1109/CIS58238.2022.00086(381-385)Online publication date: Dec-2022
https://doi.org/10.1109/CIS58238.2022.00086
Li DHu YFeng XGao SLiu HHu X(2022)Distance similarity measure based profiling attacks against masked chipsElectronics Letters10.1049/ell2.1262158:22(831-833)Online publication date: 19-Sep-2022
https://doi.org/10.1049/ell2.12621

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten