DVFS as a Security Failure of TrustZone-enabled Heterogeneous SoC
El Mehdi Benhani (LHC), Lilian Bossuet (LHC)

TL;DR
This paper reveals that DVFS, a common energy-saving technique in embedded systems, can be exploited to create covert channels and security breaches in TrustZone-enabled heterogeneous SoCs, highlighting a new security vulnerability.
Contribution
It demonstrates for the first time how frequency scaling can be maliciously used to establish covert channels and attacks in TrustZone-enabled SoCs.
Findings
Frequency scaling can be exploited for covert data transmission.
Three attack methods demonstrate data exfiltration and intra-SoC data transfer.
Security vulnerabilities in TrustZone-enabled SoCs due to DVFS are identified.
Abstract
Today, most embedded systems use Dynamic Voltage and Frequency Scaling (DVFS) to minimize energy consumption and maximize performance. The DVFS technique works by regulating the important parameters that govern the amount of energy consumed in a system, voltage and frequency. For the implementation of this technique, the operating system (OS) includes software applications that dynamically control a voltage regulator or a frequency regulator or both. In this paper, we demonstrate for the first time a malicious use of the frequency regulator against a TrustZone-enabled System-on-Chip (SoC). We use frequency scaling to create a covert channel in a TrustZone-enabled heterogeneous SoC. We present three different attacks, the first is discreet transmission of sensitive data from the SoC to outside, using electromagnetic emission. The second attack is the inside-SoC transfer of valuable data…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Physical Unclonable Functions (PUFs) and Hardware Security · Cryptographic Implementations and Security
