UnTrustZone: Systematic Accelerated Aging to Expose On-chip Secrets

UnTrustZone: Systematic Accelerated Aging to Expose On-chip Secrets

연구 분야: Cryptography

학회: 2024 IEEE Symposium on Security and Privacy (SP)

As technology scaling brings society closer to the vision of smart dust, system designers must address the threat of physical attacks. To address the threat of physical access to computing devices, defenders move secrets on the chip, keeping them out of reach of non-nation-state-level attackers. Modern systems allow hardware-backed security enclaves called Trusted Execution Environments (TEEs); TEEs add hardware-level protections on top of keeping secrets on chips that extend protection against privileged software and flaws within the untrusted parts of the software. While the best TEEs protect against concurrent and temporally recent attacks (e.g., the cold boot attack), we uncover a new threat to all forms of on-chip crypto: long-term data remanence.We show that the most ubiquitous form of on-chip memory, Static Random-Access Memory (SRAM), changes at the analog-domain-level in a data-dependent way as software uses it. Under normal conditions, these changes occur gradually over a device’s lifetime, but we show how an attacker can systematically accelerate this data imprinting on SRAM’s analog domain to effectively burn-in on-chip secrets. We then reveal the imprinted secrets through measurements of SRAM’s power-on state. We use this capability to demonstrate three attacks: one that reveals an AES key protected by TrustZone, proprietary firmware protected by TrustZone, and secrets stored in cache memory. Overall, we show that it is possible to imprint and exfiltrate secrets from a range of SRAM-based memories across 13 devices, from 8 manufacturers, produced across three decades—with up to 98% accuracy. To address this threat, we provide guidance to chip vendors and programmers on the defensive trade space.