Side-Channel Attacks on RISC-V Processors: Current Progress, Challenges, and Opportunities

Abstract

This paper presents a comprehensive study of security vulnerabilities in modern RISC-V microprocessors stemming from side-channel attacks (SCAs) and their corresponding mitigation techniques. The analysis focuses on both hardware-exploitable attacks, specifically using power consumption, and software-exploitable attacks targeting cache manipulation. By performing an in-depth assessment of the applicability and practical implications of these attacks on RISC-V, the study highlights critical challenges and provides key research directions for developing inherently robust processors.

Report

Key Highlights

• Comprehensive SCA Study: The paper offers a thorough analysis of side-channel attack security vulnerabilities specific to modern RISC-V microprocessors.
• Dual Attack Focus: It investigates two primary categories of attacks: hardware-exploitable attacks (utilizing power consumption leakage) and software-exploitable attacks (manipulating cache timing).
• RISC-V Applicability: The authors conduct an in-depth evaluation of the practical implications and associated challenges when applying cache-based side-channel attacks specifically to RISC-V.
• Future Research Roadmap: The study concludes by proposing essential research directions required to engineer RISC-V cores that are inherently resilient to SCAs.

Technical Details

• Target Architecture: The analysis is focused entirely on the security posture and vulnerabilities of RISC-V microprocessors.
• Hardware SCA Vector: Power consumption is identified as a primary hardware side-channel for exploitation.
• Software SCA Vector: Cache manipulation, which typically involves timing measurements (e.g., Prime+Probe, Flush+Reload), is detailed as a significant software side-channel.
• Methodology: The paper provides a comparative study and detailed analysis of existing SCA mitigation techniques relevant to both power and cache leakage.

Implications

• Security Baseline for Open ISA: This work establishes a crucial security baseline for the RISC-V ecosystem, demonstrating that this open Instruction Set Architecture (ISA) is equally susceptible to fundamental SCAs as proprietary architectures.
• Design Guidance: The findings are imperative for hardware designers and architects developing RISC-V cores, providing necessary context to integrate security measures from the initial design phase.
• Mitigation Priority: By highlighting the effectiveness of cache and power attacks, the paper mandates immediate research focus on designing microarchitectural and microcode features that specifically neutralize these leakage channels.
• Trustworthiness: Addressing these side-channel challenges is essential for establishing RISC-V as a trustworthy platform for high-security and embedded applications, ensuring its successful widespread adoption.