Abstract
Application fingerprinting is a technique broadly utilized in diverse fields such as cybersecurity, network management, and software development. We discover that the mechanical vibrations of cooling fans for both the CPU and power supply unit (PSU) in a system strongly correlate with the computational activities of running applications. In this study, we measure such vibrations with the help of mmWave sensing and design a new application fingerprinting approach named mmFingerprint. We create a prototype of mmFingerprint and demonstrate its effectiveness in distinguishing between various applications. To showcase the use of mmFingerprint in cybersecurity for defensive purposes, we deploy it in a real computer system to detect the execution of reputable Rowhammer attack tools like TRRespass and Blacksmith. We find that the detection can reach a very high accuracy in practical scenarios. Specifically, the accuracy is 89% when exploiting CPU fan vibrations and nearly 100% when leveraging PSU fan vibrations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wagner, N.R.: Fingerprinting. In: 1983 IEEE Symposium on Security and Privacy, pp. 18–18. IEEE (1983)
Yang, L., Zhi, Y., Wei, T., Shui, Yu., Ma, J.: Inference attack in android activity based on program fingerprint. J. Netw. Comput. Appl. 127, 92–106 (2019)
Matyunin, N., Wang, Y., Arul, T., Kullmann, K., Szefer, J., Katzenbeisser, S.: Magneticspy: exploiting magnetometer in mobile devices for website and application fingerprinting. In: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pp. 135–149 (2019)
Draghicescu, D., Caranica, A., Vulpe, A., Fratu, O.: Crypto-mining application fingerprinting method. In: 2018 International Conference on Communications (COMM), pp. 543–546. IEEE (2018)
Zou, P., Li, A., Barker, K., Ge, R.: Detecting anomalous computation with rnns on gpu-accelerated hpc machines. In: Proceedings of the 49th International Conference on Parallel Processing, pp. 1–11 (2020)
Ahmed, M.E., Ullah, S., Kim, H.: Statistical application fingerprinting for ddos attack mitigation. IEEE Trans. Inform. Foren. Sec. 14(6), 1471–1484 (2018)
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: OSDI, vol. 4, pp. 4–4 (2004)
Chen, Y., Jin, X., Sun, J., Zhang, R., Zhang, Y.: Powerful: mobile app fingerprinting via power analysis. In: IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE (2017)
Khan, H.A., Sehatbakhsh, N., Nguyen, L.N., Prvulovic, M., Zajić, A.: Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. J. Hardware Syst. Sec. 3, 305–318 (2019)
Liang, S., Zhan, Z., Yao, F., Cheng, L., Zhang, Z.: Clairvoyance: exploiting far-field em emanations of gpu to" see" your dnn models through obstacles at a distance. In: 2022 IEEE Security and Privacy Workshops (SPW), pp. 312–322. IEEE (2022)
Zhan, Z., Zhang, Z., Liang, S., Yao, F., Koutsoukos, X.: Graphics peeping unit: Exploiting em side-channel information of gpus to eavesdrop on your neighbors. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1440–1457. IEEE (2022)
Zhang, Z., Zhan, Z., Balasubramanian, D., Li, B., Volgyesi, P., Koutsoukos, X.: Leveraging em side-channel information to detect rowhammer attacks. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 729–746. IEEE (2020)
Li, J., et al.: \(\{\)FOAP\(\}\):\(\{\)Fine-Grained\(\}\)\(\{\)Open-World\(\}\) android app fingerprinting. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1579–1596 (2022)
Aceto, G., Ciuonzo, D., Montieri, A., Pescape, A.: Traffic classification of mobile apps through multi-classification. In: GLOBECOM 2017–2017 IEEE Global Communications Conference, pp. 1–6. IEEE (2017)
Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX security symposium, vol. 4, pp. 351–366 (2009)
Seaborn, M., Dullien, T.: Exploiting the dram rowhammer bug to gain kernel privileges. Black Hat 15, 71 (2015)
Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-vm row hammer attacks and privilege escalation. In: 25th \(\{\)USENIX\(\}\) Security Symposium \(\{\)USENIX\(\}\) Security 2016, pp. 19–35 (2016)
Bhattacharya, S., Mukhopadhyay, D.: Curious case of Rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29
Jang, Y., Lee, J., Lee, S., Kim, T.: Sgx-bomb: locking down the processor via rowhammer attack. In: Proceedings of the 2nd Workshop on System Software for Trusted Execution, pp. 1–6 (2017)
Mutlu, O.: The rowhammer problem and other issues we may face as memory becomes denser. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), vol. 2017, pp. 1116–1121. IEEE (2017)
Gruss, D.: Another flip in the wall of rowhammer defenses. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 245–261. IEEE (2018)
Kwong, A., Genkin, D., Gruss, D., Yarom, Y.: Rambleed: reading bits in memory without accessing them. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 695–711. IEEE (2020)
Aweke, Z.B.: Anvil: software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Not. 51(4), 743–755 (2016)
Lee, E., Kang, I., Lee, S., Suh, G.E., Ahn, J.H.: Twice: preventing row-hammering by exploiting time window counters. In: Proceedings of the 46th International Symposium on Computer Architecture, pp. 385–396 (2019)
Park, Y., Kwon, W., Lee, E., Ham, T.J., Ahn, J.H., Lee, J.W.: Graphene: strong yet lightweight row hammer protection. In: 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 1–13. IEEE (2020)
Frigo, P.: Trrespass: exploiting the many sides of target row refresh. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 747–762. IEEE (2020)
Jattke, P., Van Der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 716–734. IEEE (2022)
UEFI Forum, Inc., Advanced configuration and power interface (acpi) specification (2022). https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf. (Accessed 06 Dec 2023)
Hanrahan, D.: Fan-speed control techniques in pcs. Analog Dialogue 34(4), 34–04 (2000)
Bilik, I., Longman, O., Villeval, S., Tabrikian, J.: The rise of radar for autonomous vehicles: signal processing solutions and future research directions. IEEE Signal Process. Mag. 36(5), 20–31 (2019)
Li, X., Wang, X., Yang, Q., Song, F.: Signal processing for tdm mimo fmcw millimeter-wave radar sensors. IEEE Access 9, 167959–167971 (2021)
Hu, P., Li, W., Spolaor, R., Cheng, X.: mmecho: a mmwave-based acoustic eavesdropping method. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 836–852. IEEE Computer Society (2022)
Wang, C.: mmeve: eavesdropping on smartphone’s earpiece via cots mmwave device. In: Proceedings of the 28th Annual International Conference on Mobile Computing and Networking, pp. 338–351 (2022)
Basak, S., Gowda, M.: mmspy: spying phone calls using mmwave radars. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1211–1228. IEEE (2022)
Jiang, C., Guo, J., He, Y., Jin, M., Li, S., Liu, Y.: mmvib: micrometer-level vibration measurement with mmwave radar. In: Proceedings of the 26th Annual International Conference on Mobile Computing and Networking, pp. 1–13 (2020)
Rao, S.: Introduction to mmwave sensing: Fmcw radars. Texas Instruments (TI) mmWave Training Series, pp. 1–11 (2017)
Fawaz, H.I., Forestier, G., Weber, J., Idoumghar, L., Muller, P.-A.: Deep learning for time series classification: a review. Data Mining Knowl. Dis. 33(4), 917–963 (2019)
Wang, Z., Yan, W., Oates, T.: Time series classification from scratch with deep neural networks: a strong baseline. In: 2017 International joint conference on neural networks (IJCNN), pp. 1578–1585. IEEE (2017)
Xu, C.: Waveear: exploring a mmwave-based noise-resistant speech sensing for voice-user interface. In: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, pp. 14–26 (2019)
Wang, C., Lin, F., Ba, Z., Zhang, F., Wenyao, X., Ren, K.: Wavesdropper: through-wall word detection of human speech via commercial mmwave devices. Proc. ACM Interac. Mobile, Wearable Ubiquitous Technol. 6(2), 1–26 (2022)
Li, Z.: Spiralspy: exploring a stealthy and practical covert channel to attack air-gapped computing devices via mmwave sensing. In: The 29th Network and Distributed System Security (NDSS) Symposium 2022. The Internet Society (2022)
Vennam, R.R.: mmspoof: resilient spoofing of automotive millimeter-wave radars using reflect array. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1971–1985. IEEE Computer Society (2022)
Dong, Y., Yao, Y.-D.: Secure mmwave-radar-based speaker verification for iot smart home. IEEE Internet Things J. 8(5), 3500–3511 (2020)
Kim, Y.: Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. ACM SIGARCH Comput. Architecture News 42(3), 361–372 (2014)
Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_14
Zhang, T., Zhang, Y., Lee, R.B.: CloudRadar: a real-time side-channel attack detection system in clouds. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 118–140. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_6
Konoth, R.K.: Zebram: comprehensive and compatible software protection against rowhammer attacks. In: 13th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation \(\{\)OSDI\(\}\) 2018, pp. 697–710 (2018)
Kogler, A., et al.: \(\{\)Half-Double\(\}\): Hammering from the next row over. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 3807–3824 (2022)
Acknowledgment
This work is supported in part by the National Science Foundation (CNS-2147217). The authors would like to thank the anonymous reviewers for their comments and suggestions that help us improve the quality of the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liang, S., Li, Z., Jiang, C., Guo, L., Zhang, Z. (2024). mmFingerprint: A New Application Fingerprinting Technique via mmWave Sensing and Its Use in Rowhammer Detection. In: Chen, Y., Lin, CW., Chen, B., Zhu, Q. (eds) Security and Privacy in Cyber-Physical Systems and Smart Vehicles. SmartSP 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 552. Springer, Cham. https://doi.org/10.1007/978-3-031-51630-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-51630-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51629-0
Online ISBN: 978-3-031-51630-6
eBook Packages: Computer ScienceComputer Science (R0)