index.html

<!DOCTYPE html>
<html>
<head>
<title> SideLine </title>	
<meta name="viewport" content="width=device-width, initial-scale=1.0,  maximum-scale=1.00, minimum-scale=1.00">
<meta name="author" content="Joseph Gravellier">	
<link rel="stylesheet" href="style_index.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="icon" type="image/png" href="https://josephgravellier.github.io/sideline/media/sideline-icon.png"/>
</head>

<body style="background-color:white">

<div class = "background-color">

<ul class="menu">

	<li style="display: inline-block;"><a href="https://josephgravellier.github.io/sideline/" class="links_menu col-menu"> <b>SIDELINE</b></a></li>	&nbsp; &nbsp; &nbsp; &nbsp;
	<li style="display: inline-block;"><a href="#link-qa" class="links_menu col-menu">Q &amp; A</a></li>	&nbsp; &nbsp; &nbsp; &nbsp;
	<li style="display: inline-block;"><a href="#link-reproduce" class="links_menu col-menu">Reproduce</a></li>
</ul>
    
<hr>

</div>

 <div class = "main-logo-block col-main-logo">
<img src="https://josephgravellier.github.io/sideline/media/sideline_logo_tr.png" class="main-logo"> 
</div>

<!--<div class = "main-logo-block col-main-logo">
	  <img src="https://josephgravellier.github.io/sideline/media/sideline_logo_tr.png" class="main-logo"> <br/>
</div>-->
<hr>
<div class = "text-block col-text">   
<br/><br/>
  <div class="larger-text">
  <b><i>Delay-Lines Leak Secrets from your SoC</i> </b>
  </div>
  
  <br/>
    
	<div class="text">
		SideLine is a <b>software-based</b> power side-channel analysis vector. It uses <b>delay-lines</b> (located in SoC memory controllers) as power meters. <br/><br/>
    
   There is a strong and reliable relationship between the <b>delay-line state</b> and your <b>CPU activity</b>.  <br/><br/>
   
    A SideLine-based malware may <b>monitor your power activity without your consent</b> and steal your personal data. Logical isolation, restricted access or tamper resistance do not mitigate Sideline.<br/> <br/> 
    
   <!-- A CPU infected by a SideLine-based malware is suceptible to the theft of personal and private data such as cryptographic secrets.-->

</div>
<br/><br/>
</div>

<hr>
 <div class = "links-block col-links">
    <a href="https://eprint.iacr.org/2020/1127.pdf">	    
      <img src="https://josephgravellier.github.io/sideline/media/read_logo.png" class="links" ></a>
    <a href="mailto:joseph.gravellier@emse.fr">	    
      <img src="https://josephgravellier.github.io/sideline/media/email_logo.png" class="links" ></a>
    <a href="https://arxiv.org/abs/2009.07773" target="_blank">
      <img src="https://josephgravellier.github.io/sideline/media/cite_logo.png" class="links" ></a>
    <a href="https://github.com/josephgravellier" target="_blank">
      <img src="https://josephgravellier.github.io/sideline/media/github_logo.png" class="links" ></a>
  </div>
	<br><br>
  <div class = "title-text">
     SideLine Demo Videos<br><br>
  </div>
<hr>

<div class = "text-block col-text">
<br/><br/>

  <div class = "larger-text">
  <b><i>On Cortex-A and Cortex-M based SoC</i></b><br><br>
  </div>
  
	<div class="text">
  
Using SideLine we perform several core-vs-core Correlation Power Analysis attacks. For each scenario, one core (the victim) runs Openssl AES encryptions. The other core (attacker) uses SideLine to eavesdrop the victim's core activity.<br><br>

We target high-end SoCs designed for IoT, automotive or mobile solutions which can run complex OS such as Linux or Android. In the paper, a dual-core <b>Cortex-A9</b> processor and a dual-core <b>Cortex-A7</b> processor associated with a <b>Cortex-M4</b> processor (demo below) are evaluated.<br>

</div>

<br><br>

  <!--<div class = "larger-text">
  <b>Demonstration:</b><br><br>
  </div>-->
  	<div class="text">
    <!--<i>SideLine-based core-vs-core power SCA live</i>-->

  <div class = "yt">
  <iframe width="420" height="315" src="https://www.youtube.com/embed/7gVvwF-SGNY"></iframe>
  </div>
  </div> <br>  <h1 id="link-qa"></h1>
  </div> 

  <hr>

<div class = "links-block col-links">

  <div class = "title-text">
  <br>Q &amp; A<br><br>
  </div>
</div><br>
<hr>

<div class = "text-block col-text">

  <div class="text">
 
    <br><br>
    
    <div class="subtitle-white">
      <b>About SideLine Impact</b><br><br>
    </div>
     <div class="subtitle-grey">
     <b>SideLine is unprecedented</b></div> 
     This is the first time that intra power side-channel attacks are launched on complex SoCs with rich OS implemented. Especially it introduces internal CPU-vs-MCU side-channel attacks which clearly meet real-life scenarios on state-of-the-art SoCs.<br><br>
<div class="subtitle-grey">
    <b>SideLine is not obvious</b></div> 
    It does not use a sensor. It leverages a performance mechanism whose security implication was not even questioned until now. It is the starting point of a novel area of research distracting hardware IPs from their primary use to collect information. <br><br>
<div class="subtitle-grey">
    <b>SideLine is everywhere</b></div>
    Every processor that uses external memory is potentially vulnerable. While our contribution focused on ARM devices, x86 and RISC-V exploits seem likely to arise in the near future.<br><br>
<div class="subtitle-grey">
    <b>SideLine is not a magic bullet</b></div>
    It doesn't pretend thwarting existing counter-measures against SCA. Rather it aims at warning the community that even remote systems, that by nature were not supposed to be the target of SCA, are now at risk.<br><br><br>

 <div class="subtitle-white">
 <b>About Attack Privileges</b><br><br>
 </div>
 
 <div class="subtitle-grey">
 <b>The attacker is root:</b>
 </div>
<i>He can use mmapping to access the delay line registers.</i><br/><br/>
<li>He may target an encryption trustlet running within a Trusted Execution Environment.</li><br/>
<li>He may target a crypto module or a security dedicated MCU e.g AP-to-MCU scenario in the paper. </li><br/><br/>
 <div class="subtitle-grey">
 <b>The attacker isn't root:</b> </div>
<i>No access to mmapping</i><br/><br/>

<li>He may take advantage of an existing kernel device that enables user-space processes to access the memory controller registers (e.g through DRAM test program disassembling) and then conduct the above attacks.</li><br/><br/>
  
  <div class="subtitle-white">
 <b>Other Questions</b><br/>
 </div><br>
  
  <div class="subtitle-grey">
<b>About Setup Complexity:</b></div>
All we need is a laptop (acquisition and CPA), a micro-USB cable and the development board. (an AC adapter was used for the second target).<br/><br/>

 <div class="subtitle-grey">
<b>Was the temperature controlled?</b>
</div>
No, during the Covid19 period, we had to conduct the experiments outside the lab with no access to any thermal chamber. However, the temperature noise was taken into account to improve the attack results. We attenuated its effect by applying post-treatment high-pass filtering on the collected SCA traces.<br/><br/>

 <div class="subtitle-grey">
<b>How did you run OpenSSL in a bare metal setting?</b>
</div>
The workaround we found was to only download AES related sources. We then used the AES_ecb_encrypt function to conduct the experiments.<br/><br/>

 <div class="subtitle-grey">
<b>How can one actually read out the command register?</b>
</div>
By simply reading at the register physical address: DLL_value = *(volatile u32 *) DLL_Addr<br/><br/>

 <div class="subtitle-grey">
<b>Do you assume nothing else is running on the system?</b>
</div>
No, there is the whole Linux rich OS running in background with kernel processes, interrupts, etc.<br/><br/>

 <div class="subtitle-grey">
<b>Can you generate a baseline while some other, unknown code is running?</b></div>
Yes, we are working on multi-core processors that handle simultaneous thread execution.<br/><br/>

 <div class="subtitle-grey">
<b>How do you know when an encryption is being performed?</b></div>
In local SCA, the attacker needs to trigger an encryption. We believe that the exact same is possible in an internal SCA scenario. Hence, the application processor (attacker) may trigger hardware acceleration (victim) by asking for a signature, an encryption, etc.<br/><br/>
 <div class="subtitle-grey">
<b>About DLL update frequency:</b></div>
By definition, the DLL update has to be fast to ensure proper DRAM operation. That's why we obtain decent sampling frequency (16MHz) compared to what we could have done with low cost ADCs (&lt;1MHz).<br/><br/>
 <div class="subtitle-grey">
<b>About DLL data type:</b> </div>
The datatype is defined as delay value. The command range is (0:64) for coarse-delay and (0:3) for fine-delay. The delay value can be represented as the phase shift applied to the signal. Unfortunately, SoC providers do not give precise information to convert the delay value into phase shift.<br><br><h1 id="link-reproduce"></h1>

  </div>
  
  </div>
      <hr>
    <div class = "links-block col-links">
    
    <div class = "title-text">
    <br>Reproducing SideLine<br><br>
    </div>
  </div>
  <hr>

  <div class = "text-block col-text">
    <div class = "text">
      <br><br>
      Responsible Disclosure ongoing...
      <br><br><br>
      <!--<img src="https://josephgravellier.github.io/sideline/media/CPA.png" class="png_image" >
      <br><br>-->
    </div>
    </div>
    


  
    <hr>

	<div class="text_bottom">
		&copy; Joseph Gravellier 2020, All Rights Reserved
	</div>
  
  
  
<ul class="menu">
	<li style="display: inline-block;"><a href="https://josephgravellier.github.io/sideline/" class="links_menu col-menu"> <b>SIDELINE</b></a></li>	&nbsp; &nbsp; &nbsp; &nbsp;
	<li style="display: inline-block;"><a href="#link-qa" class="links_menu col-menu">Q &amp; A</a></li>	&nbsp; &nbsp; &nbsp; &nbsp;
	<li style="display: inline-block;"><a href="#link-reproduce" class="links_menu col-menu">Reproduce</a></li>
</ul>
  
  




</body>
</html>