Cryptographic instruction set extensions are commonly used for ciphers which would otherwise face unacceptable side channel risks. A prominent example of such an extension is the ARMv8 Cryptographic Extension, or ARM CE for short, which defines dedicated instructions to securely accelerate AES. However, while these extensions may be resistant to traditional "digital" side channel attacks, they may still vulnerable to physical side channel attacks.
In this work, we demonstrate the first such attack on a standard ARM CE AES implementation. We specifically focus on the implementation used by Apple’s CoreCrypto library which we run on the Apple A10 Fusion SoC. To that end, we implement an optimized side channel acquisition infrastructure involving both custom iPhone software and accelerated analysis code. We find that an adversary which can observe 5-30 million known-ciphertext traces can reliably extract secret AES keys using electromagnetic (EM) radiation as a side channel. This corresponds to an encryption operation on less than half of a gigabyte of data, which could be acquired in less than 2 seconds on the iPhone 7 we examined. Our attack thus highlights the need for side channel defenses for real devices and production, industry-standard encryption software.
Gregor Haas is a recent MsC graduate from North Carolina State University whose thesis focused on attacking iPhones with a wide array of side channel attacks (SCA). His first paper, published in IEEE HOST in 2021, introduced a novel research toolkit called iTimed, built on top of existing jailbreaking tools. Using this toolkit, Haas first published a PRIME+PROBE cache SCA targeting the iPhone 7, quickly followed by an electromagnetic SCA on the same iPhone's hardware crypto accelerator. Haas is currently an embedded software engineer at KCF Technologies, where he works on secure boot and embedded platform security.