VoltJockey: A New Dynamic Voltage Scaling-Based Fault Injection Attack on Intel SGX

[1]  Takeshi Sugawara,et al.  An on-chip glitchy-clock generator for testing fault injection attacks , 2011, Journal of Cryptographic Engineering.

[2]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[3]  Assia Tria,et al.  Adjusting Laser Injections for Fully Controlled Faults , 2014, COSADE.

[4]  Flavio D. Garcia,et al.  Plundervolt: Software-based Fault Injection Attacks against Intel SGX , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[5]  M. Kubát An Introduction to Machine Learning , 2017, Springer International Publishing.

[6]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[7]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[8]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[9]  Gang Qu,et al.  Template attack on masking AES based on fault sensitivity analysis , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[10]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[11]  Chao Li,et al.  Differential Fault Analysis on SMS4 using a single fault , 2010, Inf. Process. Lett..

[12]  Mohammad Reza Aref,et al.  Improved impossible differential and biclique cryptanalysis of HIGHT , 2018, Int. J. Commun. Syst..

[13]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[14]  Massoud Pedram,et al.  Dynamic voltage and frequency scaling based on workload decomposition , 2004, Proceedings of the 2004 International Symposium on Low Power Electronics and Design (IEEE Cat. No.04TH8758).

[15]  Sylvain Guilley,et al.  Practical Setup Time Violation Attacks on AES , 2008, 2008 Seventh European Dependable Computing Conference.

[16]  Gernot Heiser,et al.  Dynamic voltage and frequency scaling: the laws of diminishing returns , 2010 .

[17]  Suzanne Lesecq,et al.  Coupled voltage and frequency control for DVFS management , 2013, 2013 23rd International Workshop on Power and Timing Modeling, Optimization and Simulation (PATMOS).

[18]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[19]  Michael L. Scott,et al.  Energy-efficient processor design using multiple clock domains with dynamic voltage and frequency scaling , 2002, Proceedings Eighth International Symposium on High Performance Computer Architecture.

[20]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[21]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks on the RSA Cryptosystem , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[22]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[24]  Gernot Heiser,et al.  An Analysis of Power Consumption in a Smartphone , 2010, USENIX Annual Technical Conference.

[25]  Raoul Velazco,et al.  A Survey on Fault Injection Techniques , 2004, Int. Arab J. Inf. Technol..

[26]  Yongqiang Lyu,et al.  VoltJockey: Breaking SGX by Software-Controlled Voltage-Induced Hardware Faults , 2019, 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST).

[27]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[28]  Johan Karlsson,et al.  A comparison of simulation based and scan chain implemented fault injection , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[29]  Yongqiang Lyu,et al.  VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies , 2019, CCS.

[30]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[31]  Tommaso Frassetto,et al.  V0LTpwn: Attacking x86 Processor Integrity from Software , 2019, USENIX Security Symposium.

[32]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[33]  Zhigang Zhang,et al.  Overview of Linux Vulnerabilities , 2014, SOCO 2014.

[34]  Jeroen Delvaux,et al.  Fault Injection Modeling Attacks on 65 nm Arbiter and RO Sum PUFs via Environmental Changes , 2014, IEEE Transactions on Circuits and Systems I: Regular Papers.

[35]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[36]  Alessandro Barenghi,et al.  A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA , 2013, J. Syst. Softw..

[37]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[38]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[39]  Irene Marquez Corbella,et al.  Fault Analysis of the Stream Cipher Snow 3G , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[40]  Jean Arlat,et al.  Fault Injection for Dependability Validation: A Methodology and Some Applications , 1990, IEEE Trans. Software Eng..

[41]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[42]  R. Allmon,et al.  On the radiation-induced soft error performance of hardened sequential elements in advanced bulk CMOS technologies , 2010, 2010 IEEE International Reliability Physics Symposium.

[43]  Miodrag Potkonjak,et al.  Power optimization of variable voltage core-based systems , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[44]  Dongwoo Lee,et al.  A Novel Simulation Fault Injection Method for Dependability Analysis , 2009, IEEE Design & Test of Computers.

[45]  Yongqiang Lyu,et al.  Mitigating Adversarial Attacks for Deep Neural Networks by Input Deformation and Augmentation , 2020, 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC).

[46]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[47]  Matthieu Rivain Differential Fault Analysis of DES , 2012, Fault Analysis in Cryptography.

[48]  Alessandro Barenghi,et al.  Low voltage fault attacks to AES , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[49]  Gang Qu,et al.  New Methods of Template Attack Based on Fault Sensitivity Analysis , 2017, IEEE Transactions on Multi-Scale Computing Systems.

[50]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[51]  Santanu Sarkar,et al.  Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions , 2015, IEEE Transactions on Computers.

[52]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[53]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[54]  Alessandro Barenghi,et al.  Fault attack on AES with single-bit induced faults , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[55]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.