Search papers, labs, and topics across Lattice.
This paper investigates the security vulnerabilities of MIPS processors, particularly focusing on how Simultaneous Multithreading (SMT) creates cross-core timing channels that can be exploited. The authors introduce MIPSBLEED, a framework that systematically analyzes and exploits timing leaks in shared microarchitectural components, revealing significant information leakage through practical assembly-level attacks. Their findings highlight MIPS processors as critical targets for side-channel attacks, demonstrating a successful key recovery attack on an elliptic curve cryptographic toolkit without requiring privileged access.
MIPS processors, often overlooked in security discussions, can leak critical information through timing attacks that exploit SMT, revealing a significant vulnerability in widely used embedded systems.
Despite their age, MIPS processors remain deeply embedded in routers, industrial controllers, and IoT systems, yet their security against modern side-channel attacks has received little attention. This paper exposes how Simultaneous Multithreading (SMT), a feature increasingly used to boost performance in these environments, creates powerful cross-core timing channels on MIPS-based platforms. We introduce MIPSBLEED, a systematic analysis and exploitation framework that uncovers leakage in three shared microarchitectural components: the L1 data cache, L1 instruction cache, and the execution engine. Through carefully crafted assembly-level probes and quantitative leakage assessment, we demonstrate practical, high-resolution timing attacks that operate without requiring privileged access. Our evaluation reveals significant information leakage across all three channels and culminates in a single trace key recovery attack on a real elliptic curve cryptographic toolkit. These results position MIPS as an overlooked yet critical target in the study of microarchitectural security and underscore the urgent need for lightweight isolation mechanisms in resource-constrained, SMT-enabled embedded systems.