This repository contains the artifacts accompanying our paper:
R. Van Dijck, M. Bognar, and J. Van Bulck, "Wait a Cycle: Eroding Cryptographic Trust in Low-End TEEs via Timing Side Channels," in 2025 IEEE 8th Workshop on System Software for Trusted Execution (SysTEX).
Below, we summarize the repositories and artifacts we analyzed in the paper. For more information about mitigations, we recommend reading the issues submitted to the affected repositories.
Standard Library Functions (Section 3.1)
| Description | Proof-of-concept attack | Issue |
|---|---|---|
| C++ authenticated encryption with associated data in Sancus. | / | sancus-compiler, authentic execution |
| VatiCAN code is no longer available, a zipped folder can be found in our repository. | / | see /vatican-1.1/vatican/src/vatican.cpp#L.169 |
| The vulnerable VRASED function and an attack can be found in the secure_memcmp folder. The results of this attack (Table 5) can be reproduced using the proof-of-concept attack. | secure_memcmp | VRASED+, TRAIN, ACFA, RATA, and SpecCFA |
Compiler Analysis (Section 3.2)
| Description | Proof-of-concept | Issue |
|---|---|---|
| The code used for analyzing compilers can be found in the compiler-equal folder. To ease the artifact evaluation you can use Godbolt for different compilers (Listing 2, Listing 3 and Table 2): MSP430 gcc 14.2.0, RISC-V gcc 14.2.0, MIPS (el) gcc 14.2.0 and x86 msvc v19. | compiler-equal | / |
| Vulnerable LeiA code. | / | LeiA |
| VulCAN is vulnerable in two locations. | / | VulCAN |
Hardware Timing Vulnerability (Section 3.3)
| Description | Proof-of-concept attack | Issue |
|---|---|---|
| Sancus' cryptographic unit is vulnerable (Figure 1 and Table 3). | unwrap-break | Sancus |
| An end-to-end attack on the Authentic Execution framework is performed. | auth-ex-break | / |
Hardware Mitigation (Section 4.3)
Two patches for the vulnerable Sancus core are provided in the mitigations folder. Changes are in comparison to the latest commit. For the extra register patch we also refer you to our pull request. See Section 4.3 in the paper for a full overview of the comparison and Figure 2 and Figure 3 for a graphical representation.
The expected output can be viewed in the GitHub Actions CI environment.
After installing Docker, you can run the proof-of-concepts in the cycle-accurate Sancus openMSP430 simulator as follows:
$ docker pull ghcr.io/sancus-tee/sancus-main/sancus-devel-64:latest
$ docker run -it -v .:/sancus/wait-a-cycle ghcr.io/sancus-tee/sancus-main/sancus-devel-64:latest
========================================================================
= Sancus development Docker container =
========================================================================
Description: Ubuntu 20.04.6 LTS
To get started, see <https://distrinet.cs.kuleuven.be/software/sancus/>,
or have a look at the example programs under </sancus/sancus-examples/>.
root@df14e8828d23:/sancus# cd wait-a-cycle/secure_memcmp/
root@b56642e6b606:/sancus/wait-a-cycle/secure_memcmp# make clean sim
rm -f main.elf no_mac_main.elf main.o
rm -f sim-input.bin sim-output.bin sim.out
rm -f *.fst *.vcd
sancus-cc -I"/usr/local/share/sancus-support"/include/ -Wfatal-errors -fcolor-diagnostics -Os -g -c -o main.o main.c
sancus-ld -L"/usr/local/share/sancus-support"/lib/ --ram 16K --rom 41K -lsm-io -ldev --inline-arithmetic --standalone --verbose -o no_mac_main.elf main.o
INFO: No new Sancus modules found
INFO: No existing Sancus modules found
INFO: No asm Sancus modules found
INFO: Found MSP430 install directory: /usr/msp430
INFO: Found MSP430 GCC install directory: /usr/lib/gcc/msp430/4.6.3
INFO: Using output file no_mac_main.elf
INFO: Cleaning up temporary files: /tmp/tmpo8cpz3p_
sancus-crypto --fill-macs --key 4078d505d82099ba --verbose -o main.elf no_mac_main.elf
unbuffer sancus-sim --dumpfile=sancus_sim.vcd main.elf | tee sim.out
2025-05-06 12:08:20.794 ( 0.000s) [ C5C26740] main.cpp:296 INFO| Using input file main.elf.
v|
INFO| arguments: sancus-sim --dumpfile=sancus_sim.vcd main.elf
INFO| Current dir: /sancus/wait-a-cycle/secure_memcmp
INFO| stderr verbosity: 0
INFO| -----------------------------------
INFO| ======================= Sancus Simulator =======================
INFO| { Performing objcopy of elf file
INFO| . Generating temporary binary form of given elf file...
INFO| . Temp file is /tmp/tmp_sancus_weNzE7
INFO| . >> msp430-objcopy -O binary main.elf /tmp/tmp_sancus_weNzE7
INFO| . ..done!
INFO| } 0.003 s: Performing objcopy of elf file
INFO| Using sancus_sim.vcd as simulation file.
INFO| Enabled automatic timeout after 1000000000 cycles.
INFO| Will abort simulation 0 cycles after any SM_VIOLATION
INFO| Read program memory of 41984 bytes.
=== SpongeWrap parameters ===
Rate: 16
Security: 64
Blocks in key: 4
=============================
=== Spongent parameters ===
Rate: 18
State size: 176
===========================
------
[main.c] comparison (0/5 bytes correct) with result: 1, took 60 cycles
[main.c] comparison (1/5 bytes correct) with result: 1, took 76 cycles
[main.c] comparison (2/5 bytes correct) with result: 1, took 95 cycles
[main.c] comparison (3/5 bytes correct) with result: 1, took 114 cycles
[main.c] comparison (4/5 bytes correct) with result: 1, took 133 cycles
[main.c] comparison (5/5 bytes correct) with result: 0, took 138 cycles
[main.c] arr2[0] = 5
[main.c] arr2[1] = 101
[main.c] arr2[2] = 232
[main.c] arr2[3] = 60
[main.c] arr2[4] = 171
all done; exiting..
INFO| ======================== Simulation ended ========================
INFO| Total/crypto cycles simulated: 204229/0.
INFO| ================ Simulation succeeded gracefully =================
INFO| atexitWe refer to the Sancus documentation for more general installation instructions (e.g., beyond Docker).
| Application | License |
|---|---|
| Sancus compiler | GPLv3 |
| Sancus core | BSD |
| VulCAN | GPLv3 |
| vatiCAN | Free to use for non-commercial purposes, see vatican-1.1.zip |
| VRASED | GPLv3 |
| RATA | GPLv3 |
| TRAIN | GPLv3 |
| Authentic Execution framework | MIT |