Frequency Throttling Side-Channel Attack

Modern processors dynamically control their operating frequency to optimize resource utilization, maximize energy savings, and to conform to system-defined constraints. If, during the execution of a software workload, the running average of any electrical or thermal parameter exceeds its corresponding predefined threshold value, the power management architecture will reactively adjust CPU frequency to ensure safe operating conditions. In this paper, we demonstrate how such power management-based CPU throttling activity forms a source of timing side-channel information leakage, which can be exploited by an attacker to infer secret data from a constant-cycle victim workload. We highlight the fact that a constant-cycle implementation of code does not necessarily guarantee its constant execution on different data inputs with respect to wall clock time. This is because existing throttling mechanisms perform data-dependent frequency adjustments, which in turn make the running time of the code also data-dependent. The proposed frequency throttling side-channel analysis attack can be launched by kernel-space attackers and user-space attackers, thus compromising security guarantees provided by isolation boundaries. We validate our attack methodology across different systems by performing experiments on a constant-cycle implementation of the AES-128 algorithm. The results of our experimental evaluations demonstrate how the attacker can successfully recover the targeted AES key by correlating the collected timing side-channel traces with the corresponding timing estimates for different key guesses, under frequency throttling. Finally, we discuss different options to mitigate the threat posed by frequency throttling side-channel attacks, as well as their advantages and disadvantages.