Company
Products
Solutions
Developers
Support
News & Events
Careers
EN
EN
EnglishChinese
Ampere Computing Logo
Ampere Computing Logo
Solutions
Solutions Home
Systems
Solutions
Performance Overview
Reference Architecture Overview
Tuning Guides for Cloud Native Processing
Tutorials
Workload Briefs Overview
Where to Try
Ampere Systems
Ampere Altra
Azure
Equinix
Google Cloud
Hewlett Packard Enterprise
Oracle
Tencent Cloud
Ampere AIDownloadsHow It WorksFAQs
Frameworks
Arm NativeSoftware PartnersArm Native Use CasesFAQs
Arm Native Solution Regressions
Big DataArchitectureComponentsFrameworksFAQs
Big Data Solution Regressions
Cloud Native
Storage SolutionsTested SolutionsFAQs
Video ServicesArchitecture
Video Solution Regressions
Web ServicesArchitectureApplicationsFAQs
Web Services Regressions
Developers
Developer CenterDesigning Cloud ApplicationsBuilding Cloud ApplicationsDeploying Cloud ApplicationsUsing Your DataWorking with Open SourceAmpere Ready SoftwareCommunity Forum
Support
Customer Connect HomeProductsHelp
EN
EN
EnglishChinese
Hero Image

Hertzbleed

Bulletin ID: AMP-SB-0005

Potential Impact: This attack can potentially use a power side-channel to compromise the confidentiality of data used in a victim task.

Severity: CVSS score: 6.3 (Medium)

Summary

Hertzbleed is a power side-channel attack that indirectly correlates the frequency scaling of the processor with the current series of instructions and data being processed on the system. Changes in the processor frequency during execution of the victim task can be observed through the execution time of the victim, allowing inference of power consumption through observation of wall time. This attack can potentially compromise the confidentiality of data used in a victim task.

Fixed in

There does not exist a complete mitigation against these types of attacks. However, there are several countermeasures and recommendations for cryptographic code, to protect against power side-channels, that can be used to mitigate Hertzbleed (see the references below) .

E. Prouff, and M. Rivain "Masking against Side-Channel Attacks: a Formal Security Proof," Advances in Cryptology, EUROCRYPT 2013

E. Oswald, S. Mangard, and T. Popp "Power Analysis Attacks: Revealing the Secrets of Smart Cards," Power Analysis Attacks, Springer 2007

Affected Products

Ampere® Altra®, Ampere® Altra® Max, AmpereOne

Recommendations

There does not exist a complete mitigation against these types of attacks. However, there are several countermeasures and recommendations for cryptographic code, to protect against power side-channels, that can be used to mitigate Hertzbleed (see the references below). It is highly recommended to use strong cryptographic code to mitigate against such issues.

E. Prouff, and M. Rivain "Masking against Side-Channel Attacks: a Formal Security Proof," Advances in Cryptology, EUROCRYPT 2013

E. Oswald, S. Mangard, and T. Popp "Power Analysis Attacks: Revealing the Secrets of Smart Cards," Power Analysis Attacks, Springer 2007

References

https://developer.arm.com/documentation/ka005111/1-0/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35888

Created At : December 26th 2022, 6:55:24 am
Last Updated At : December 29th 2022, 9:02:22 am
Ampere Logo

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

Tel: +1-669-770-3700

info[at]amperecomputing.com

About
Contact Us
Privacy Policy
Cookie Use Policy
CCPA Policy Notice
Sitemap
image
image
image
image
© 2023 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.