REVOLVER: A Zero-Step Execution Emulation Framework for Mitigating Power Side-Channel Attacks on ARM64

Software and hardware vulnerabilities to power side-channel attacks (SCA) are hard to detect and mitigate in systems already deployed in-the-field, because they require specialized equipment and aligned power traces. In this paper, we present REVOLVER, a software-based framework that performs zero-step execution emulation and generates power traces with instruction-level resolution. REVOLVER is a hybrid emulator, because part of it runs on the system that it emulates, an actual ARM64 platform, and evaluates the power consumption of its emulated instructions using actual measurements from on-chip low-frequency power sensors. Such sensors are already present on many system-on-chips (SoCs). To improve the accuracy of the collected traces, REVOLVER repeats the execution of the instructions in a zero-step fashion. To demonstrate the capabilities of our framework, we show that AES keys can be recovered by Correlation Power Analysis (CPA) on traces acquired using REVOLVER, which proves experimentally that there is a leaking power side-channel in the examined system that could potentially be exploited by power SCAs. Moreover, we show how REVOLVER can be used by a security engineer not only to identify software and hardware vulnerabilities to power SCAs, but also to design and evaluate mitigation strategies.