DVFS as a Security Failure of TrustZone-enabled Heterogeneous SoC
This reveals a security vulnerability in widely used embedded systems, impacting their trust and safety, and is incremental as it applies known techniques to a new context.
The paper demonstrates a malicious use of frequency scaling to create covert channels in TrustZone-enabled heterogeneous SoCs, enabling three attacks: discreet transmission of sensitive data via electromagnetic emission, inside-SoC transfer from secure to non-secure cores, and transfer between non-trusted IP and processor cores.
Today, most embedded systems use Dynamic Voltage and Frequency Scaling (DVFS) to minimize energy consumption and maximize performance. The DVFS technique works by regulating the important parameters that govern the amount of energy consumed in a system, voltage and frequency. For the implementation of this technique, the operating system (OS) includes software applications that dynamically control a voltage regulator or a frequency regulator or both. In this paper, we demonstrate for the first time a malicious use of the frequency regulator against a TrustZone-enabled System-on-Chip (SoC). We use frequency scaling to create a covert channel in a TrustZone-enabled heterogeneous SoC. We present three different attacks, the first is discreet transmission of sensitive data from the SoC to outside, using electromagnetic emission. The second attack is the inside-SoC transfer of valuable data from a secure ARM core to a non-secure one. The last attack is the inside-SoC transfer of data between a non-trusted third party IP embedded in the programmable logic part of the SoC and a processor core.