## SUIT

### Secure Undervolting with Instruction Traps

**Daniel Gruss, Jonas Juffinger** 

**Graz University of Technology** 





### RSTCON Savannah, GA 2024



### 0.09%

### 0.40%

#### 



Moore's law describes the empirical regularity that the number of transistors on integrated circuits doubles approximately every two years. This advancement is important as other aspects of technological progress – such as processing speed or the price of electronic products – are linked to Moore's law.



Data source: Wikipedia (https://en.wikipedia.org/wiki/Transistor\_count)

The data visualization is available at OurWorldinData.org. There you find more visualizations and research on this topic.

### Why is Rowhammer still not solved?



### DRAM bank 100 \_ 111111111111111 1111111111111111 1111111111111111 1111111111111111 1111111111111111 row buffer

## $\mathbf{I} \rightarrow \mathbf{I}$





## $\mathbf{I} \rightarrow \mathbf{I}$





# $\mathbf{J} \rightarrow \mathbf{J}$

Cells leak faster upon proximate accesses  $\rightarrow$  Rowhammer





## $\mathbf{I} \rightarrow \mathbf{I}$

Cells leak faster upon proximate accesses  $\rightarrow$  Rowhammer





# $\mathbf{J} \rightarrow \mathbf{J}$

Cells leak faster upon proximate accesses  $\rightarrow$  Rowhammer









### #1 - Single-sided hammering









### #1 - Single-sided hammering









### #1 - Single-sided hammering

























### #2 - Double-sided hammering















### DRAM bank









### DRAM bank







### #3 - One-location hammering





### Common misunderstandings...



### Common misunderstandings...









... create bad incentives.





- ... create bad incentives.
  - A "bit" more reliability





- ... create bad incentives.
  - A "bit" more reliability
  - Why not ECC everywhere?





- ... create bad incentives.
  - A "bit" more reliability
  - Why not ECC everywhere?
  - $\rightarrow\,$  What incentives does it create?





- ... create bad incentives.
  - A "bit" more reliability
  - Why not ECC everywhere?
  - $\rightarrow\,$  What incentives does it create?





- ... create bad incentives.
  - A "bit" more reliability
  - Why not ECC everywhere?
- $\rightarrow\,$  What incentives does it create?

Mobile vendors since 2018: let's add ECC by default



## WHY SHOULDN'T I OPTIMIZE























































• we assume what is still reliable





- we assume what is still reliable
- we don't change the game at all





- we assume what is still reliable
- we don't change the game at all
- $\rightarrow\,$  one flip too much is still all what it needs





- we assume what is still reliable
- we don't change the game at all
- $\rightarrow\,$  one flip too much is still all what it needs
- attacker does not care whether that "one flip too much" is with or without ECC

























#### **Security for Efficiency?**

**New Solution** 



# 





• Increasing DRAM energy efficiency and performance increases bit flips





- Increasing DRAM energy efficiency and performance increases bit flips
- Bit flips worsen system security





- Increasing DRAM energy efficiency and performance increases bit flips
- Bit flips worsen system security
- If bit flips would only degrade performance but no security





- Increasing DRAM energy efficiency and performance increases bit flips
- Bit flips worsen system security
- If bit flips would only degrade performance but no security
- We could optimize for the **sweet spot** of energy efficiency and performance without security implications









• Cryptographic MAC





- Cryptographic MAC
- Detect any number of bit flips





- Cryptographic MAC
- Detect any number of bit flips
- Correction by brute-force search for correct data





| # Errors | # MAC Comp.          | Avg Duration |
|----------|----------------------|--------------|
| 1        | 17                   | 11 ns        |
| 2        | 771                  | 3.68 µs      |
| 3        | 33 800               | 124 µs       |
| 4        | $1.51	imes10^{6}$    | 6.65 ms      |
| 5        | $6.91	imes10^7$      | 261 ms       |
| 6        | $3.07	imes10^9$      | 12.8 s       |
| 7        | $1.21 	imes 10^{11}$ | 9.11 min     |
| 8        | $5.72\times10^{12}$  | 6.11 h       |







• Silent data corruption less than once per 10<sup>9</sup> billion years



- Silent data corruption less than once per 10<sup>9</sup> billion years
- Second preimage after hammering for one year:  $9.75 \cdot 10^{-5}$  %





- Silent data corruption less than once per 10<sup>9</sup> billion years
- Second preimage after hammering for one year:  $9.75\cdot 10^{-5}\,\%$
- Erroneous correction of 8-bit errors: 0.0161 %



#### On average less than $0.75\,\%$ overhead



#### Overclocking

#### Undervolting

| -                                  | · ·                                  |                                                                                     |           |                      |                                        |                                 |                                 |                               | Monitoring 🔍                                                                                                                | Settings 🔞 Help.                       |
|------------------------------------|--------------------------------------|-------------------------------------------------------------------------------------|-----------|----------------------|----------------------------------------|---------------------------------|---------------------------------|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------|
| System Information                 | Core                                 |                                                                                     |           |                      |                                        |                                 |                                 |                               | Core Default                                                                                                                |                                        |
| Manual Tuning                      | Reference Clock                      | ū 🐵 103,                                                                            | 2258 MHz  |                      |                                        |                                 |                                 |                               | Reference Clock 101,0526 MH                                                                                                 | Hz 103,2258 MHz                        |
| All Controls     Core     Graphics | Turbo Boost Short Power Max Enable ① |                                                                                     |           | Turbo Boost Short Pa | wer Max                                |                                 | © 12                            | Max N                         | ax Non Turbo Boost Ratio 34 x<br>on-Turbo Boost CPU Sp 3,436 GHz<br>« Turbo Boost CPU Speed 4,042 GHz<br>1 Active Core 40 x | 34 x<br>3,510 GHz<br>4,335 GHz<br>42 x |
| Stress Test<br>Profiles            | Disable Enable Turbo Boost Power Max | © ⊗ 1                                                                               | 050.000 W | Turbo Boost Power Ti | ime Window                             |                                 | 0 0,00097656                    | i Seconds                     | 2 Active Cores 40 x<br>3 Active Cores 39 x<br>4 Active Cores 38 x                                                           | 42 x<br>42 x<br>42 x<br>42 x           |
| ronies                             | Core Current Limit                   |                                                                                     | 300,000 A | Additional Turbo Vol | tage                                   |                                 | © 0,0                           |                               | Turbo Boost Power Max 1000,000 W<br>o Boost Short Power Max 1200,000 W<br>Boost Short Power Max. Enable                     | 1200,000 W<br>Enable                   |
|                                    | Multipliers                          |                                                                                     |           |                      |                                        |                                 |                                 |                               | Boost Power Time Wind 0,00097656<br>Core Current Limit 300,000 A<br>Additional Turbo Voltage 0,00000 mV                     | 300,000 A<br>0,00000 mV                |
|                                    | 1 Active Core                        |                                                                                     |           |                      |                                        |                                 |                                 | Brock                         | Graphics Default<br>ssor Graphics Current Li 300,000 A                                                                      | Proposed A<br>300,000 A                |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               | sor graphics current cl 300,000 A                                                                                           | 300,000 A                              |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    | 4 Active Cores                       | ) 4 42 x ▶ ③                                                                        |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      | 4 Active Cores                                                                      |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    | Graphics                             | Default 38 x<br>Active 38 x<br>Proposed 42 x                                        |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    | Processor Graphics Current Limit     | Limits the maximum ratio that the processor<br>can use while four cores are active. | 300,000 A |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 | A                             | Discard                                                                                                                     | ▲ Save to Profile                      |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               | Force Reboot                                                                                                                |                                        |
| CPU Core Temperature               |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
|                                    |                                      |                                                                                     |           |                      | CPU Utilization<br>3 %                 | Memory Utilization<br>2708 MB   | CPU Core Temperature<br>36 °C   | CPU Throttling<br>0%          | Processor Frequency<br>3,54 GHz                                                                                             |                                        |
| CPU Utilization<br>3 %             |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |
| Processor Frequency<br>3,54 GHz    | hannahan                             |                                                                                     |           |                      | 354 MHz                                |                                 | 16 W                            | 10 W                          |                                                                                                                             |                                        |
| Memory Utilization                 |                                      |                                                                                     |           |                      | Reference Clock Frequency<br>101,0 MHz | CPU Core Temperature 1<br>36 °C | CPU Core Temperature :<br>36 °C | 2 CPU Core Temperatu<br>36 °C | ure 3 CPU Core Temperature 4                                                                                                |                                        |
| CPU Total TDP<br>15 W              | 11                                   |                                                                                     | 5         | Minutes ~            | Memory Frequency<br>1617 MHz           |                                 |                                 |                               |                                                                                                                             | <b>Compute</b><br>ase                  |
|                                    |                                      |                                                                                     |           |                      |                                        |                                 |                                 |                               |                                                                                                                             |                                        |









```
uint64_t multiplier = 0x1122334455667788;
uint64_t correct = 0xdeadbeef * multiplier;
uint64_t var = 0xdeadbeef * multiplier;
while (var == correct)
{
 var = 0xdeadbeef * multiplier;
}
```

```
uint64_t flipped_bits = var ^ correct;
```



Can we make this secure?

#### Performance Improvement and Power Savings (as a graph)





|   | Т | ٦. |  |
|---|---|----|--|
| - |   |    |  |
|   |   |    |  |

| CPU       | $V_{off}$ | Score  | Power  | Freq.  | Energy Eff. |
|-----------|-----------|--------|--------|--------|-------------|
| i5-1035G1 | —70 mV    | +6.0 % | -0.1 % | +8.5%  | +6.1 %      |
|           | —97 mV    | +7.9 % | -0.5 % | +12%   | +8.4 %      |
| i9-9900K  | —70 mV    | +2.2 % | -7.2 % | +2.6 % | +10%        |
|           | —97 mV    | +3.8 % | -16 %  | +3.3 % | +23%        |
| 7700X*    | −70 mV    | +1.4%  | -9.8%  | +1.8%  | +12 %       |
|           | −97 mV    | +1.9%  | -15%   | +1.8%  | +20 %       |



#### Problem: Reliability Issues



#### Problem: Security Issues







### Up to a 150 mV variation in instruction voltage requirement. Conservative Voltage Instr. Var. Aging T. ...























| Operating System | CPU<br>Disabled Opcode                                                                                    |  |
|------------------|-----------------------------------------------------------------------------------------------------------|--|
|                  | Exception     Check       Disable Opcode     Opcode       MSR     Not Disabled       DVFS     CPU Backend |  |

















































Instruction Index













Instruction Index













Instruction Index













Instruction Index









#### Voltage Change Delay









|   | Т | ٦. |  |
|---|---|----|--|
| - |   |    |  |
|   |   |    |  |

| CPU       | $V_{off}$ | Score  | Power  | Freq.  | Energy Eff. |
|-----------|-----------|--------|--------|--------|-------------|
| i5-1035G1 | —70 mV    | +6.0 % | -0.1 % | +8.5%  | +6.1 %      |
|           | —97 mV    | +7.9 % | -0.5 % | +12%   | +8.4 %      |
| i9-9900K  | —70 mV    | +2.2 % | -7.2 % | +2.6 % | +10%        |
|           | —97 mV    | +3.8 % | -16 %  | +3.3 % | +23%        |
| 7700X*    | −70 mV    | +1.4%  | -9.8%  | +1.8%  | +12 %       |
|           | −97 mV    | +1.9%  | -15%   | +1.8%  | +20 %       |





### SPEC CPU2017 Results





### More Results



| 70 mV Undervolt        |       |                      |                                 |                                 |                            | 97 mV Undervolt               |                               |                                 |                                    |                               |                        |           |                                    |         |
|------------------------|-------|----------------------|---------------------------------|---------------------------------|----------------------------|-------------------------------|-------------------------------|---------------------------------|------------------------------------|-------------------------------|------------------------|-----------|------------------------------------|---------|
| CPU                    | cores |                      | SPECgmez                        | SPECmedi                        | <sup>an</sup> 525.×264     | SPECnosli                     | Nginx<br>MD                   | VLC                             | SPECgmei                           | SPECmedi                      | <sup>an</sup> 525.×264 | SPECnosli | Nginx<br>MD                        | VLC     |
| $\mathcal{A}_1$        | fV    | Pwr<br>Perf.<br>Eff. | -5.62 %<br>-0.25 %<br>+5.70 %   | -7.05 %<br>-1.31 %<br>+6.18 %   |                            | +2.97%                        | -3.55 %<br>+0.50 %<br>+4.20 % | -3.88 %<br>-0.39 %<br>+3.63 %   | -9.75 %<br>+0.80 %<br>+11.7 %      | -10.9%<br>+1.35%<br>+13.7%    | 0.06 %                 |           | -5.81 %<br>+1.20 %<br>+7.44 %      |         |
| $\mathcal{A}_4$        | fV    | Pwr<br>Perf.<br>Eff. | -4.62 %<br>-3.93 %<br>+0.72 %   | -0.11 %<br>-0.04 %<br>0.07 %    | -7.87 %                    | -7.41 %<br>+1.82 %<br>+9.97 % | -0.26%                        | $-1.00\% \\ -0.58\% \\ +0.43\%$ | -8.87 %<br>-3.58 %<br>+5.80 %      | -8.67 %<br>-3.47 %<br>+5.70 % | -7.25 %                |           | $-1.57 \% \\ -0.14 \% \\ +1.45 \%$ |         |
| $\mathcal{A}_{\infty}$ | е     | Pwr<br>Perf.<br>Eff. | $-7.50\% \\ -41.6\% \\ -36.9\%$ | $-7.58\% \\ -11.8\% \\ -4.51\%$ | +6.16%                     |                               | -7.24 %<br>-98.5 %<br>-98.3 % | -91.9%                          | $-12.3\%\ -41.9\%\ -33.7\%$        |                               | +6.10%                 |           | $^{-12.1\%}_{-98.5\%}_{-98.3\%}$   | -91.9%  |
|                        | f     | Pwr<br>Perf.<br>Eff. | -8.14 %<br>-7.82 %<br>+0.34 %   | -7.80 %<br>-7.83 %<br>-0.03 %   | -9.25 %                    | -9.13 %<br>+0.42 %<br>+10.5 % | -2.50%                        | -4.43 %<br>-2.52 %<br>+2.00 %   | $-11.5 \% \\ -10.3 \% \\ +1.40 \%$ | $-10.8\%\ -10.8\%\ 0.05\%$    | -12.2%                 | +0.58%    | -6.71 %<br>-2.30 %<br>+4.73 %      | -2.33 % |
| $\mathcal{B}_{\infty}$ | е     | Pwr<br>Perf.<br>Eff. | -9.18%<br>-26.4%<br>-19.0%      | -8.02%<br>-5.12%<br>+3.15%      | -10.8%<br>+14.5%<br>+28.3% | -0.54%                        | -9.79 %<br>-95.7 %<br>-95.3 % |                                 | $-14.4\% \\ -26.1\% \\ -13.7\%$    | -13.3 %<br>-5.25 %<br>+9.26 % | +18.5%                 | 0.01 %    | $-14.9\% \\ -95.7\% \\ -95.0\%$    | -79.8%  |
| $\mathcal{C}_{\infty}$ | fV    | Pwr<br>Perf.<br>Eff. |                                 | -7.05%<br>-1.92%<br>+5.53%      | -1.92%                     | +3.53 %                       | -3.56 %<br>+0.33 %<br>+4.04 % | -1.12%                          | -9.78 %<br>+0.19 %<br>+11.0 %      |                               | -0.55%                 | +3.79 %   | -5.83 %<br>+1.03 %<br>+7.28 %      | -0.57%  |

| - | 2.51 /0 | 0.50 /0 | 0.5570  | 10.00 /0 | 1.5570  | 0.00 /0 | J. <del>1</del> J /0 | 1.20 /0 | 10.10 /          |
|---|---------|---------|---------|----------|---------|---------|----------------------|---------|------------------|
| % | +10.8%  | +4.20 % | +3.63%  | +11.7 %  | +13.7%  | +13.8%  | +21.4%               | +7.44%  | +6.92%           |
| % | -7.41%  | -0.97%  | -1.00%  | -8.87%   | -8.67%  | -13.1%  | -16.2%               | -1.57 % | _ <u>1.57</u> /( |
| % | +1.82%  | -0.26%  | -0.58%  | -3.58%   | -3.47%  | -7.25%  | +1.84%               | -0.14%  | -0.53%           |
| % | +9.97%  | +0.72%  | +0.43%  | +5.80%   | +5.70 % | +6.70%  | +21.6%               | +1.45%  | +1.05%           |
| % | -7.50 % | -7.24 % | -7.24 % | -12.3%   | -12.4 % | -10.3%  | -16.6%               | -12.1 % | -12.1%           |
| % | +1.42%  | -98.5%  | -91.9%  | -41.9%   | -11.9%  | +6.10%  | +1.42%               | -98.5%  | -91.9%           |
| % | +9.63%  | -98.3%  | -91.2%  | -33.7 %  | +0.58%  | +18.3%  | +21.6 %              | -98.3%  | -90.7%           |
| % | -9.13%  | -4.42%  | -4.43%  | -11.5%   | -10.8%  | -10.8%  | -14.1%               | -6.71 % | -6.73%           |
| % | +0.42%  | -2.50%  | -2.52%  | -10.3%   | -10.8%  | -12.2%  | +0.58%               | -2.30%  | -2.33%           |
| % | +10.5%  | +2.01%  | +2.00%  | +1.40 %  | 0.05%   | -1.57%  | +17.1%               | +4.73%  | +4.72%           |
| % | -9.18%  | -9.79%  | -9.79%  | -14.4%   | -13.3%  | -15.9%  | -14.4%               | -14.9%  | -14.9%           |
| % | -0.54%  | -95.7%  | -79.8%  | -26.1%   | -5.25%  | +18.5%  | 0.01%                | -95.7%  | -79.8%           |
| % | +9.51%  | -95.3%  | -77.6%  | -13.7%   | +9.26%  | +40.9%  | +16.8%               | -95.0%  | -76.2%           |
| % | -6.12%  | -3.56%  | -4.03 % | -9.78%   | -11.2%  | -12.1%  | -14.1%               | -5.83%  | -6.55%           |
| % | +3.53%  | +0.33%  | -1.12%  | +0.19 %  | +0.19%  | -0.55%  | +3.79%               | +1.03%  | -0.57%           |
| % | +10.3%  | +4.04%  | +3.03%  | +11.0 %  | +12.8%  | +13.1%  | +20.8%               | +7.28%  | +6.40%           |

| 0           | 2.51 /0                       | 0.50 /0                       | 0.5570                        | 10.00 /0                        | 11.55 /0                       | 0.00 /0                         | J. 75 /0                      | 11.20 /0                      | 10.10 /0                      |
|-------------|-------------------------------|-------------------------------|-------------------------------|---------------------------------|--------------------------------|---------------------------------|-------------------------------|-------------------------------|-------------------------------|
| %           | +10.8%                        | +4.20 %                       | +3.63%                        | +11.7 %                         | +13.7%                         | +13.8%                          | +21.4 %                       | +7.44 %                       | +6.92%                        |
| %           | -7.41%<br>+1.82%              | -0.97 %<br>-0.26 %            | $-1.00\%\-0.58\%$             | -8.87%<br>-3.58%                | -8.67 %<br>-3.47 %             | $^{-13.1\%}_{-7.25\%}$          | -16.2%<br>+1.84%              | $-1.57\%\-0.14\%$             | -0.53%                        |
| %           | +9.97 %                       | +0.72 %                       | +0.43 %                       | +5.80 %                         | +5.70%                         | +6.70%                          | +21.6%                        | +1.45%                        | +1.05%                        |
| %<br>%<br>% | -7.50 %<br>+1.42 %<br>+9.63 % | -7.24 %<br>-98.5 %<br>-98.3 % | -7.24%<br>-91.9%<br>-91.2%    | -12.3%<br>-41.9%<br>-33.7%      | -12.4%<br>-11.9%<br>+0.58%     | -10.3%<br>+6.10%<br>+18.3%      | -16.6%<br>+1.42%<br>+21.6%    | -12.1%<br>-98.5%<br>-98.3%    | -12.1%<br>-91.9%<br>-90.7%    |
| %<br>%<br>% | -9.13%<br>+0.42%<br>+10.5%    | -4.42 %<br>-2.50 %<br>+2.01 % | -4.43 %<br>-2.52 %<br>+2.00 % | $-11.5\% \\ -10.3\% \\ +1.40\%$ | $-10.8\% \\ -10.8\% \\ 0.05\%$ | $-10.8\% \\ -12.2\% \\ -1.57\%$ | -14.1%<br>+0.58%<br>+17.1%    | -6.71 %<br>-2.30 %<br>+4.73 % | -6.73 %<br>-2.33 %<br>+4.72 % |
| %<br>%<br>% | -9.18%<br>-0.54%<br>+9.51%    | -9.79 %<br>-95.7 %<br>-95.3 % | -9.79 %<br>-79.8 %<br>-77.6 % | -14.4%<br>-26.1%<br>-13.7%      | -13.3%<br>-5.25%<br>+9.26%     | -15.9%<br>+18.5%<br>+40.9%      | -14.4%<br>0.01 %<br>+16.8 %   | -14.9%<br>-95.7%<br>-95.0%    | -14.9 %<br>-79.8 %<br>-76.2 % |
| %<br>%<br>% | -6.12%<br>+3.53%<br>+10.3%    | -3.56 %<br>+0.33 %<br>+4.04 % | -4.03 %<br>-1.12 %<br>+3.03 % | $-9.78\% \\ +0.19\% \\ +11.0\%$ | -11.2%<br>+0.19%<br>+12.8%     | $-12.1\% \\ -0.55\% \\ +13.1\%$ | -14.1 %<br>+3.79 %<br>+20.8 % | -5.83 %<br>+1.03 %<br>+7.28 % | -6.55 %<br>-0.57 %<br>+6.40 % |

Conclusion









• Decade-old problems like Rowhammer can be solved with principled security





- Decade-old problems like Rowhammer can be solved with principled security
- Adding security can increase efficiency





- Decade-old problems like Rowhammer can be solved with principled security
- Adding security can increase efficiency
- New and unexplored area that needs a lot more research



This research was made possible by generous funding from:



European Research Council (ERC project FSSec 101076409), FWF SFB project SPyCoDe F8504, NSF grants 1813004, 2217020, 2316201, and research grants and gifts from Red Hat, Google, Intel, and Cisco. This work has benefitted from Dagstuhl Seminar 22341 (PEACHES). Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties.

# SUIT

### Secure Undervolting with Instruction Traps

**Daniel Gruss, Jonas Juffinger** 

**Graz University of Technology** 





## RSTCON Savannah, GA 2024