Do Not Trust Power Management: A Survey on Internal Energy-based Attacks Circumventing Trusted Execution Environments Security Properties

TL;DR

This survey reviews internal energy-based attacks on Trusted Execution Environments, highlighting their methods, increasing prevalence, and the limitations of current countermeasures, emphasizing the need for improved security solutions.

Contribution

First comprehensive survey of internal energy-based attacks on TEEs, analyzing existing countermeasures and identifying gaps in security protections.

Findings

Energy-based attacks can bypass TEE security guarantees.

Current countermeasures often hinder power management or are ineffective.

These attacks are increasingly prevalent and pose significant security risks.

Abstract

Over the past few years, several research groups have introduced innovative hardware designs for Trusted Execution Environments (TEEs), aiming to secure applications against potentially compromised privileged software, including the kernel. Since 2015, a new class of software-enabled hardware attacks leveraging energy management mechanisms has emerged. These internal energy-based attacks comprise fault, side-channel and covert channel attacks. Their aim is to bypass TEE security guarantees and expose sensitive information such as cryptographic keys. They have increased in prevalence in the past few years. Popular TEE implementations, such as ARM TrustZone and Intel SGX, incorporate countermeasures against these attacks. However, these countermeasures either hinder the capabilities of the power management mechanisms or have been shown to provide insufficient system protection. This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures. We believe that this study will spur further community efforts towards this increasingly important type of attacks.