BrokenSleep: Remote Power Timing Attack Exploiting Processor Idle States

Power and energy consumption emerge as critical aspects in computing systems, spanning from mobile devices to data-center servers. Modern processors typically support idle states (i.e., C-states), which deactivate specific hardware components, in addition to offering multiple voltage and frequency states (i.e., P-states). While C-states can significantly reduce static power when processor cores are idle, a notable security vulnerability arises due to differences in wake-up latency among various C-states when the processor cores become active again. This paper proposes a security vulnerability arising from processor idle state management, called BrokenSleep, which exploits the aforementioned wake-up latency differences to create covert and side-channel between computing nodes connected via an external network. This study presents the first remote timing attack based on power management, overcoming the limitations of previous research that required the co-location of attacker and victim applications on the same local machine. This advancement significantly extends the range of existing remote timing attacks by integrating power-related factors. Regardless of the computing system types, our experiments demonstrate that an attacker can transfer data to remote machines without direct network access and deduce the keystroke timing. This vulnerability is not confined to a single processor architecture; it affects processors designed by both Intel and ARM, indicating a widespread potential risk across different hardware platforms.