Team attacks ARM TrustZone via power management software

September 29, 2017 // By Nick Flaherty
Researchers at Columbia University in New York have shown that ARM’s TrustZone technology can be vulnerable to side channel attacks using power consumption and clock data.

The CLKSCREW project was shown at the recent Usenix Security conference and is signficant as it just uses software. Other side channel attacks using differential power analysis have to have access to the hardware to measure the energy use of the power lines. 

Instead, CLKSCREW exploits the software that controls the dynamic voltage scaling induce faulty computations in the security subsystem, dramatically reducing the number of possible encryption keys. This then leaves the system open to a ‘brute force’ attack to work out the keys.

“This is dangerous when these faults can be induced from lower privileged software across hardware-enforced boundaries, where security sensitive computations are hosted,” say the researchers, led by Adrian Tang. This particular vulnerability is important as it unlike physical fault attacks, it enables fault attacks to be conducted purely from software. Remote exploitation with CLKSCREW becomes possible without the need for physical access to target devices.

CLKSCREW has been tested out on Google's Nexus 6 smartphone, which uses the same power management chip as the Samsung Galaxy Note 4 which would also be vulnerable.

ARM and SOC makers have been very responsive to the revelation, says the team, but there is no single fix. As CLKSCREW requires some degree of timing precision in delivering the faults, one mitigation strategy is to introduce randomization (via no-op loops) to the runtime execution of the code to be protected. While this mitigates against attacks without a timing anchor such as an attack on an AES encryption key, it may have limited protection against attacks that use runtime profiling such as an attack on RSA keys. Several software-only defenses propose compiling code with checksum integrity verification and execution redundancy, and while these would be viable on high reliability systems, they are not typically deployed on commodity devices such as phones because they impact energy efficiency.

“Many of the design decisions that contribute to the success of the attack are supported by practical engineering