Cryptology ePrint Archive: Report 2021/794

Reverse Engineering the Micro-Architectural Leakage Features of a Commercial Processor

Si Gao and Elisabeth Oswald and Dan Page

Abstract: Micro-architectural leakage is a reality even on low- to midrange commercial processors. Dealing with it is expensive, because micro-architectural leakage is often only discovered after implementation choices have been made (i.e. when evaluating the concrete implementation). We demonstrate that it is feasible, using a recent leakage modelling technique, to reverse engineer significant elements of the micro-architectural leakage of a mid-range commercial processor in a “grey-box” setting. Our approach first recovers the micro-architectural features of each stage in the pipeline, and the leakage of elements that are known to produce glitches. To put our reverse engineered micro-architectural leakage in context, we compare and contrast a leakage analysis of a relevant piece of masking code. More specifically, we compare the leakage that we would anticipate given our analysis, and predictions of the to-date most sophisticated leakage simulators (e.g. ELMO and MAPS) on the same piece of code. Our research demonstrates that reverse engineering of micro-architectural components (and their leakage) is clearly feasible using available side channel leakage, and following, it should be possible to build more accurate leakage simulators.

Category / Keywords: implementation / Leakage modelling, Micro-architecture, Reverse engineering

Date: received 11 Jun 2021

Contact author: si-gao at outlook com

Available format(s): PDF | BibTeX Citation

Version: 20210614:134606 (All versions of this report)

Short URL: ia.cr/2021/794


[ Cryptology ePrint archive ]