IPA: an Instruction Profiling–Based Micro-architectural Side-Channel Attack on Block Ciphers

Abstract

Hardware performance counters (HPCs) are present in most modern processors and provide an interface to user-level processes to monitor their performance in terms of the number of micro-architectural events, executed during the process execution. In this paper, we analyze the leakage from these HPC events and present a new micro-architectural side-channel attack that observes the number of instruction counts during the execution of an encryption algorithm as side-channel information to recover the secret key. This paper explores the fact that the instruction counts can act as a side channel and then describes the instruction profiling attack (IPA) methodology with the help of two block ciphers, namely AES and CLEFIA, on Intel and AMD processors. We follow the principles of profiled instruction attacks and show that the proposed attack is more potent than the well-known cache timing attacks in literature. We also perform experiments on ciphers implemented with popular time fuzzing schemes to subvert timing attacks. Our results show that while the countermeasure successfully stops leakages through the timing channels, it is vulnerable to the instruction profiling attack. We validate our claims by detailed experiments on contemporary Intel and AMD platforms to demonstrate that seemingly benign instruction counts can serve as side channels even for block cipher implementations that are hardened against timing attacks. In addition to it, we present detailed experimentation to analyze the rationale behind the attack and also explore the performance of IPA on a countermeasure designed to subvert the cache-based attacks considering a case study on CLEFIA.