MCU-Wide Timing Side Channels and Their Detection

TL;DR

This paper uncovers previously overlooked timing side channels in microcontroller SoCs, introduces a formal detection method, and demonstrates its effectiveness by identifying and fixing a vulnerability in a RISC-V SoC.

Contribution

It presents a novel formal method for detecting SoC-wide timing side channels, addressing a gap in existing security analysis for microcontrollers.

Findings

Detected a new timing side channel vulnerability in RISC-V Pulpissimo SoC.

Successfully verified the security of the SoC after applying a conservative fix.

Highlights the importance of analyzing SoC-wide timing channels beyond shared buffers.

Abstract

Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide timing side channels previously neglected by security analysis and present a new formal method to close this gap. In a case study on the RISC-V Pulpissimo SoC, our method detected a vulnerability to a previously unknown attack variant that allows an attacker to obtain information about a victim's memory access behavior. After implementing a conservative fix, we were able to verify that the SoC is now secure w.r.t. the considered class of timing side channels.