How secure is green IT? The case of software-based energy side channels

Mantel, Heiko; Schickel, Johannes; Weber, Alexandra; Weber, Friedrich

How secure is green IT? The case of software-based energy side channels

Publikationstyp

Conference Paper

Date Issued

2018-09

Sprache

English

Author(s)

Mantel, Heiko

Schickel, Johannes

Weber, Alexandra

Weber, Friedrich

TORE-URI

http://hdl.handle.net/11420/13824

First published in

Lecture notes in computer science

Number in series

11098 LNCS

Start Page

218

End Page

239

Citation

Lecture Notes in Computer Science 11098 LNCS: 218-239 (2018)

Contribution to Conference

23rd European Symposium on Research in Computer Security, ESORICS 2018

Publisher DOI

10.1007/978-3-319-99073-6_11

Scopus ID

2-s2.0-85052202634

Publisher

Springer International Publishing AG

Software-based energy measurement features in contemporary CPUs allow one to track and to limit energy consumption, e.g., for realizing green IT. The security implications of software-based energy measurement, however, are not well understood. In this article, we study such security implications of green IT. More concretely, we show that side-channel attacks can be established using software-based energy measurement at the example of a popular RSA implementation. Using distinguishing experiments, we identify a side-channel vulnerability that enables attackers to distinguish RSA keys by measuring energy consumption. We demonstrate that a surprisingly low number of sample measurements suffices to succeed in an attack with high probability. In contrast to traditional power side-channel attacks, no physical access to hardware is needed. This makes the vulnerabilities particularly serious.

DDC Class

004: Informatik

Options

How secure is green IT? The case of software-based energy side channels