Abstract
Performance and power counters were invented to allow optimizing applications, but they can also be used to expose private information about the system and the user that uses it; thus, they have the potential to become a major privacy threat. This work shows that performance traces, achieved with performance counters, are sufficient for three efficient privacy attacks on a computer. The first attack allows the identification of webpages the user uses with a high success rate of up to 100%. This attack may expose private information about the user, like political views and affiliations. The second attack allows browser version identification. Browsers are updated regularly to protect against known cyber-attacks. An attacker can use this information to choose the best attack method to achieve successful cyber-attacks. The attack is unique since it is the first study to demonstrate the detection of the browser version using a side-channel attack. The third attack allows the recovery of structural elements of Neural Networks, like the number of layers and activation functions being used. This information may assist in preparing adversarial examples against the Neural Network or in creating a similar copy of the Neural Network. To evaluate these attacks, we collected performance traces using Intel Power Gadget software-based performance counter tool. We collect traces of power consumption, utilization percentage, and clock frequency of the Intel CPU and its internal parts like DRAM memory and GPU.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Clark, S.S., Mustafa, H., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: identifying webpages by tapping the electrical outlet. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 700–717. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_39
Lifshits, P., et al.: Power to peep-all: inference attacks by malicious batteries on mobile devices. Proc. Priv. Enhancing Technol. 2018(4), 141–158 (2018)
Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., Balagani, K.S.: On inferring browsing activity on smartphones via USB power analysis side-channel. IEEE Trans. Inf. Forensics Secur. 12(5), 1056–1066 (2017)
Shusterman, A., et al.: Robust website fingerprinting through the cache occupancy channel. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 639–656 (2019)
Lipp, M., et al.: PLATYPUS: software-based power side-channel attacks on x86. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 355–371. IEEE (2021)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 719–732 (2014)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1
Bruce, B.R., Petke, J., Harman, M.: Reducing energy consumption using genetic improvement. In: Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, pp. 1327–1334 (2015)
Kim, S.-W., De Vega, J., Vardhan Dugar, K.: Intel power gadget 2.7 monitoring processor energy usage (2012)
Gulmezoglu, B., Zankl, A., Eisenbarth, T., Sunar, B.: PerfWeb: how to violate web privacy with hardware performance events. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 80–97. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_5
Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011). https://doi.org/10.1007/s13389-011-0006-y
Cook, J., Drean, J., Behrens, J., Yan, M.: There’s always a bigger fish: a clarifying analysis of a machine-learning-assisted side-channel attack. In: Proceedings of the 49th Annual International Symposium on Computer Architecture, pp. 204–217 (2022)
Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_13
Lu, L., Chang, E.-C., Chan, M.C.: Website fingerprinting and identification using ordered feature sequences. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 199–214. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_13
Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE Symposium on Security and Privacy, pp. 191–206. IEEE (2010)
Wang, Y., Paccagnella, R., He, E.T., Shacham, H., Fletcher, C.W., Kohlbrenner, D.: Hertzbleed: turning power side-channel attacks into remote timing attacks on x86. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 679–697 (2022)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-38162-6
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10175-0_17
Naghibijouybari, H., Neupane, A., Qian, Z., Abu-Ghazaleh, N.: Rendered insecure: GPU side channel attacks are practical. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2139–2153 (2018)
Zhang, Z., Liang, S., Yao, F., Gao, X.: Red alert for power leakage: exploiting intel RAPL-induced side channels. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 162–175 (2021)
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: USENIX Security Symposium, pp. 1187–1203 (2016)
Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 605–616 (2012)
Jansen, R., Juarez, M., Galvez, R., Elahi, T., Diaz, C.: Inside job: applying traffic analysis to measure tor from within. In: NDSS (2018)
Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 263–274 (2014)
Duddu, V., Samanta, D., Rao, D.V., Balas, V.E.: Stealing neural networks via timing side channels. arXiv preprint arXiv:1812.11720 (2018)
Banerjee, S., Wei, S., Ramrakhyani, P., Tiwari, M.: Bandwidth utilization side-channel on ML inference accelerators. arXiv preprint arXiv:2110.07157 (2021)
Batina, L., Bhasin, S., Jap, D., Picek, S.: CSI NN: reverse engineering of neural network architectures through electromagnetic side channel. In: USENIX Security Symposium, pp. 515–532 (2019)
Hua, W., Zhang, Z., Suh, G.E.: Reverse engineering convolutional neural networks through side-channel information leaks. In: Proceedings of the 55th Annual Design Automation Conference, pp. 1–6 (2018)
Hu, X., et al.: Neural network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint arXiv:1903.03916 (2019)
Yan, M., Fletcher, C., Torrellas, J.: Cache telepathy: leveraging shared resource attacks to learn DNN architectures. In: USENIX Security Symposium. CoRR abs/1808.04761 (2018)
Hong, S., et al.: Security analysis of deep neural networks operating in the presence of cache side-channel attacks. arXiv preprint arXiv:1810.03487 (2018)
Schaub, A., et al.: Attacking suggest boxes in web applications over HTTPS using side-channel stochastic algorithms. In: Lopez, J., Ray, I., Crispo, B. (eds.) CRiSIS 2014. LNCS, vol. 8924, pp. 116–130. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17127-2_8
Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Acknowledgments
This research was supported by Tel Aviv University and by the Technion Hiroshi Fujiwara Cyber Security Research Center and the Israel National Cyber Directorate.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Websites Included During Research
Websites Included During Research
Newyorktimes.com
Foxnews.com
Youtube.com
Lichess.com
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Segev, R., Mendelson, A. (2023). The Use of Performance-Countersto Perform Side-Channel Attacks. In: Dolev, S., Gudes, E., Paillier, P. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2023. Lecture Notes in Computer Science, vol 13914. Springer, Cham. https://doi.org/10.1007/978-3-031-34671-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-34671-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-34670-5
Online ISBN: 978-3-031-34671-2
eBook Packages: Computer ScienceComputer Science (R0)