“BUSted” – Everything you need to know on Side-channel attacks to TrustZone-M separation
June 1, 2023 09:00 AM PST
Register Here: https://us02web.zoom.us/webinar/register/2616747721343/WN_GWiCmmLHT0KP98Xydw1B8Q
Join our wolfSSL webinar about BUSted presented by wolfSSL engineer Daniele Lacamera as well as either Dr. Sandro Pinto or Cristiano Rodrigues June 1st at 9AM Pacific.
At the Black Hat Asia conference in Singapore, Dr. Sandro Pinto and Cristiano Rodrigues presented their research that introduced a groundbreaking technique that exploits the shared pipeline on the newest Cortex-M CPUs to place a time based, side-channel attack from an application running in non-secure domain to security code running in secure mode. The researchers named this attack “BUSted”. This is sudden and difficult news hitting the new generations of ARMv8 microcontrollers. The attack was demonstrated live using a Cortex-M33 microcontroller as target.
Due to the nature of the attack, targeting specific micro-architectural design issues, this disclosure has already been compared to “Spectre” and “Meltdown”, well known attacks that have affected more sophisticated architectures in the recent past. All the embedded projects that were counting on hardware-assisted privilege separation through TrustZone-M should now take into account the possibility of leaking information from the trusted components running in the secure world.
According to the researchers, software based countermeasures and mitigations are possible to counter the effects of this micro-architectural design fault. The most important aspect to take into account when dealing with time-based attacks is to avoid as much as possible secret-dependent code in the implementation of security operations. In other words, the time required for a security procedure to run must not depend on the success of the operation or on any secret involved in the operation.
Tune in to this webinar to learn more about the attack from the researchers themselves as well as from cybersecurity experts how wolfSSL has been proactive and already studying the necessary workarounds for our users and customers.
As always we will have a Q&A Session following the webinar