Side-Channel Attacks in RISC-V BOOM Front-end

Abstract

The prevalence of side-channel attacks exploiting hardware vulnerabilities leads to the exfil- tration of secretive data such as secret keys, which poses a significant threat to the security of modern processors. The RISC-V BOOM core is an open-source modern processor design widely utilized in research and industry. It enables experimentation with microarchitec- tures and memory hierarchies for optimized performance in various workloads. The RISC-V BOOM core finds application in the IoT and Embedded systems sector, where addressing side-channel attacks becomes crucial due to the significant emphasis on security. While prior studies on BOOM mainly focus on the side channel in the memory hierarchy such as caches or physical attacks such as power side channel. Recently, the front-end of microprocessors, which is responsible for fetching and decoding instructions, is found to be another potential source of side-channel attacks on Intel Processors. In this study, I present four timing-based side-channel attacks that leverage components in the front-end of BOOM. I tested the effectiveness of the attacks using a simulator and Xilinx VCU118 FPGA board. Finally, I provided possible mitigation techniques for these types of attacks to improve the overall security of modern processors. Our findings underscore the importance of identifying and addressing vulnerabilities in the front-end of modern pro- cessors, such as the BOOM core, to mitigate the risk of side-channel attacks and enhance system security.