Visible to the public A New Side-Channel Vulnerability on Modern Computers by Exploiting Electromagnetic Emanations from the Power Management Unit

TitleA New Side-Channel Vulnerability on Modern Computers by Exploiting Electromagnetic Emanations from the Power Management Unit
Publication TypeConference Paper
Year of Publication2020
AuthorsSehatbakhsh, N., Yilmaz, B. B., Zajic, A., Prvulovic, M.
Conference Name2020 IEEE International Symposium on High Performance Computer Architecture (HPCA)
Date PublishedFeb. 2020
ISBN Number978-1-7281-6149-5
KeywordsAir gaps, Capacitors, composability, computer power supplies, DVFS, electromagnetic emanations, electromagnetic-based side-channel, Human Behavior, human factors, Metrics, microarchitectural vulnerability, Microarchitecture Vulnerability, microprocessor chips, modern computers, modern microprocessors, phasor measurement units, power consumption, power management unit, Power Management., power system management, pubcrawl, Receivers, Regulators, resilience, Resiliency, security of data, side-channel, side-channel vulnerability, Switches, Voltage control, voltage regulator module, Voltage regulators

This paper presents a new micro-architectural vulnerability on the power management units of modern computers which creates an electromagnetic-based side-channel. The key observations that enable us to discover this sidechannel are: 1) in an effort to manage and minimize power consumption, modern microprocessors have a number of possible operating modes (power states) in which various sub-systems of the processor are powered down, 2) for some of the transitions between power states, the processor also changes the operating mode of the voltage regulator module (VRM) that supplies power to the affected sub-system, and 3) the electromagnetic (EM) emanations from the VRM are heavily dependent on its operating mode. As a result, these state-dependent EM emanations create a side-channel which can potentially reveal sensitive information about the current state of the processor and, more importantly, the programs currently being executed. To demonstrate the feasibility of exploiting this vulnerability, we create a covert channel by utilizing the changes in the processor's power states. We show how such a covert channel can be leveraged to exfiltrate sensitive information from a secured and completely isolated (air-gapped) laptop system by placing a compact, inexpensive receiver in proximity to that system. To further show the severity of this attack, we also demonstrate how such a covert channel can be established when the target and the receiver are several meters away from each other, including scenarios where the receiver and the target are separated by a wall. Compared to the state-of-the-art, the proposed covert channel has \textbackslashtextgreater3x higher bit-rate. Finally, to demonstrate that this new vulnerability is not limited to being used as a covert channel, we demonstrate how it can be used for attacks such as keystroke logging.

Citation Keysehatbakhsh_new_2020