Comparison of side-channel leakage on Rich and Trusted Execution Environments

A Trusted Execution Environment (TEE) is a software solution made to improve security inside system on chip (SoC) based on ARM architecture. It offers a compromise between the functionality of the Rich Operating System (Rich OS), for example Android, and the security of a Secure Element (SE). ARM TrustZone separates the SoC between two worlds (Normal World and Secure World). The Trusted OS (the OS on the TEE) has several security mechanisms that isolate and secure its execution and data from the Rich OS and save it from data theft. If these mechanisms are made to prevent software attack from Rich OS, this paper proposes to take a look at the identification of data leakage from a TEE facing physical attack. In particular, how a side-channel analysis on electromagnetic (EM) emissions using the Test Vector Leakage Assessment (TVLA) methodology permits to identify the leakage and a correlation electromagnetic analysis (CEMA) can exploit the results.

[1]  N. Asokan,et al.  Trusted execution environments on mobile devices , 2013, CCS.

[2]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .

[5]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[6]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[7]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[8]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[9]  Welch Bl THE GENERALIZATION OF ‘STUDENT'S’ PROBLEM WHEN SEVERAL DIFFERENT POPULATION VARLANCES ARE INVOLVED , 1947 .

[10]  Yuval Yarom,et al.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels , 2016, IACR Cryptol. ePrint Arch..

[11]  Jean-Louis Lanet,et al.  How TrustZone Could Be Bypassed: Side-Channel Attacks on a Modern System-on-Chip , 2017, WISTP.

[12]  Bruno Robisson,et al.  ElectroMagnetic analysis (EMA) of software AES on Java mobile phones , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[13]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[14]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.