The Finger in the Power: How to Fingerprint PCs by Monitoring their Power Consumption
by Marina Botvinnik, Tomer Laor, Thomas Rokicki, Clémentine Maurice, and Yossi Oren
July 6, 2023
https://inria.hal.science/hal-04153854v1/document
| Notes |
|---|
| power analysis |
| instructions |
| power consumption can fingerprint individual machines |
| Intel |
| AMD |
| assembly language |
| fingerprinting |
| WebAssembly |
| ring 0 |
| anti-counterfeiting |
| authentication |
| mass-manufactured computer devices vary slightly and can be fingerprinted |
| integrated circuit |
| CPU |
| DRAM |
| SRAM |
| GPU |
| IoT |
| FPGA |
| the cloud |
| mobile device |
| multi-factor authentication |
| access control |
| tracking users without consent |
| CMOS |
| security research |
| power analysis attack |
| device under test (DUT) |
| PLATYPUS disclosures |
| Xeon |
| AMD EPYC |
| fingerprinting: stability, uniqueness |
| discrete attributes |
| continuous attributes |
| DES private key |
| Intel RAPL |
| oscilloscope |
| C |
| Rust |
| wat text format |
| JavaScript |
| naive classifier |
| model-specific register (MSR) |
| PP0 domain |
| filtered RAPL mode |
| Software Guard Extension (SGX) |
| x86-64 |
| Python Selenium |
| stack machine |
| web browser |
| Firefox |
| sandbox |
| clipping |
| context switch |
| entropy |
| mean |
| standard deviation |
| median absolute deviation |
| skew |
| percentile |
| median |
| random forest classifier |
| sklearn |
| temperature |
| statistical feature |
| classifier |
| feature importance score |
| Advanced Vector Extensions (AVX) |
| Streaming SIMD Extensions 4 (SSE4) |
| vectorized instruction–more power consumption |
| accuracy |
| clock skew |
| IP address |
| Physically unclonable function PUF |
| lookahead buffer |
| Rowhammer attack |
| KASLR |
| Chrome |
| machine learning |
| temperature, power system noise, and activity on the same power network affected accuracy |
| countermeasure: introducing noise |
| signal-to-noise ratio |
| countermeasure: use power capping |
| frequency domain |
| side-channel |
| ring 3 |
| in-the-wild |
| budget |
| time budget |
| performance |
| https://github.com/FingerInThePower/Finger_In_The_Power |
| References |
|---|
| 1. Abel, A., Reineke, J.: uops.info: Characterizing latency, throughput, and port usage of instructions on intel microarchitectures. In: ASPLOS (2019) |
| 2. Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: ACSAC. pp. 289–301 (2016) |
| 3. Cherkaoui, A., Bossuet, L., Seitz, L., Selander, G., Borgaonkar, R.: New paradigms for access control in constrained environments. In: ReCoSoC. IEEE (2014) |
| 4. Cohen, Y., Tharayil, K.S., Haenel, A., Genkin, D., Keromytis, A.D., Oren, Y., Yarom, Y.: Hammerscope: Observing DRAM power consumption using rowhammer. In: CCS (2022) |
| 5. Colombier, B., Bossuet, L.: Survey of hardware protection of design data for integrated circuits and intellectual properties. IET Comput. Digit. Tech. 8(6), 274–287 (2014) |
| 6. Frigo, P., Giuffrida, C., Bos, H., Razavi, K.: Grand pwning unit: Accelerating microarchitectural attacks with the GPU. In: S&P (2018) |
| 7. van Goethem, T., Scheepers, W., Preuveneers, D., Joosen, W.: Accelerometer-based device fingerprinting for multi-factor mobile authentication. In: 8th International Symposium on Engineering Secure Software and Systems (ESSoS) (2016) |
| 8. Gras, B., Giuffrida, C., Kurth, M., Bos, H., Razavi, K.: Absynthe: Automatic blackbox side-channel synthesis on commodity microarchitectures. In: NDSS (2020) |
| 9. H¨ahnel, M., D¨obel, B., V¨olp, M., H¨artig, H.: Measuring energy consumption for short code paths using RAPL. SIGMETRICS Perform. Evaluation Rev. 40(3),13–17 (2012) |
| 10. Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Computers 58(9), 1198–1210 (2009) |
| 11. Hupperich, T., Hosseini, H., Holz, T.: Leveraging sensor fingerprinting for mobile device authentication. In: DIMVA (2016) |
| 12. Intel: Running Average Power Limit Energy Reporting / INTELSA-00389. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html (2022) |
| 13. Kalyanaraman, M., Orshansky, M.: Novel strong PUF based on nonlinearity of MOSFET subthreshold operation. In: HOST (2013) |
| 14. Khan, K.N., Hirki, M., Niemi, T., Nurminen, J.K., Ou, Z.: RAPL in action: Experiences in using RAPL for power measurements. ACM Trans. Model. Perform. Evaluation Comput. Syst. 3(2), 9:1–9:26 (2018) |
| 15. von Kistowski, J., Block, H., Beckett, J., Spradling, C., Lange, K., Kounev, S.: Variations in CPU power consumption. In: ICPE. pp. 147–158. ACM (2016) |
| 16. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO (1999) |
| 17. Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. In: S&P (2005) |
| 18. Kumar, R., Burleson, W.P.: On design of a highly secure PUF based on non-linear current mirrors. In: HOST. pp. 38–43. IEEE Computer Society (2014) |
| 19. Laor, T., Mehanna, N., Durey, A., Dyadyuk, V., Laperdrix, P., Maurice, C., Oren, Y., Rouvoy, R., Rudametkin, W., Yarom, Y.: DrawnApart: A Device Identification Technique based on Remote GPU Fingerprinting. In: NDSS (2022) |
| 20. Laperdrix, P., Avoine, G., Baudry, B., Nikiforakis, N.: Morellian analysis for browsers: Making web authentication stronger with canvas fingerprinting. In: DIMVA (2019) |
| 21. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In: S&P (2016) |
| 22. Lipp, M., Gruss, D., Schwarz, M.: AMD prefetch attacks through power and time. In: USENIX Security Symposium (2022) |
| 23. Lipp, M., Kogler, A., Oswald, D.F., Schwarz, M., Easdon, C., Canella, C., Gruss, D.: PLATYPUS: software-based power side-channel attacks on x86. In: S&P (2021) |
| 24. Liu, C., Chakraborty, A., Chawla, N., Roggel, N.: Frequency throttling side-channel attack. In: CCS (2022) |
| 25. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks - revealing the secrets of smart cards. Springer (2007) |
| 26. Marchand, C., Bossuet, L., Mureddu, U., Bochard, N., Cherkaoui, A., Fischer, V.: Implementation and characterization of a physical unclonable function for iot: A case study with the TERO-PUF. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 37(1), 97–109 (2018) |
| 27. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: CHES (1999) |
| 28. Moenig, M.: Webgl2: EXT disjoint timer query webgl2 failing in beta of 65. https://bugs.chromium.org/p/chromium/issues/detail?id=820891 (2018) |
| 29. Rokicki, T., Maurice, C., Schwarz, M.: CPU port contention without SMT. In: ESORICS (2022) |
| 30. Rokicki, T., Maurice, C., Botvinnik, M., Oren, Y.: Port contention goes portable: Port contention side channels in web browsers. In: ASIACCS (2022) |
| 31. Ruhrmair, U., Solter, J.: Puf modeling attacks: An introduction and overview. https://doi.org/10.7873/DATE2014.361 |
| 32. S´anchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: Time-based device fingerprinting. In: CCS (2018) |
| 33. Schaller, A., Xiong, W., Anagnostopoulos, N.A., Saleem, M.U., Gabmeyer, S., Katzenbeisser, S., Szefer, J.: Intrinsic rowhammer pufs: Leveraging the rowhammer effect for improved security. CoRR abs/1902.04444 (2019) |
| 34. Schaller, A., Xiong, W., Anagnostopoulos, N.A., Saleem, M.U., Gabmeyer, S., Skoric, B., Katzenbeisser, S., Szefer, J.: Decay-based DRAM pufs in commodity devices. IEEE Trans. Dependable Secur. Comput. 16(3), 462–475 (2019) |
| 35. Schellenberg, F., Gnad, D.R.E., Moradi, A., Tahoori, M.B.: An inside job: Remote power analysis attacks on FPGAs. In: DATE (2018) |
| 36. Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., Gruss, D.: Netspectre: Read arbitrary memory over network. In: ESORICS (2019) |
| 37. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC. pp. 9–14. IEEE (2007) |
| 38. Tehranipoor, F., Karimian, N., Yan, W., Chandy, J.A.: Dram-based intrinsic physically unclonable functions for system-level security and authentication. IEEE Trans. Very Large Scale Integr. Syst. 25(3), 1085–1097 (2017) |
| 39. Tian, S., Xiong, W., Giechaskiel, I., Rasmussen, K., Szefer, J.: Fingerprinting cloud FPGA infrastructures. In: FPGA (2020) |
| 40. Trampert, L., Rossow, C., Schwarz, M.: Browser-based CPU fingerprinting. In: ESORICS (2022) |
| 41. Vijayakumar, A., Kundu, S.: A novel modeling attack resistant PUF design based on non-linear voltage transfer characteristics. In: DATE. pp. 653–658. ACM (2015) |
| 42. Wang, Y., Paccagnella, R., He, E.T., Shacham, H., Fletcher, C.W., Kohlbrenner, D.: Hertzbleed: Turning power side-channel attacks into remote timing attacks on x86. In: USENIX Security Symposium (2022) |
| 43. Yang, L., Chen, X., Jian, X., Yang, L., Li, Y., Ren, Q., Chen, Y.C., Xue, G., Ji, X.: Remote attacks on speech recognition systems using sound from power supply. In: USENIX Security Symposium (2023) |