Skip to main content
SpringerLink
Log in

mmFingerprint: A New Application Fingerprinting Technique via mmWave Sensing and Its Use in Rowhammer Detection

  • Conference paper
  • First Online:
Security and Privacy in Cyber-Physical Systems and Smart Vehicles (SmartSP 2023)

  • 136 Accesses

Abstract

Application fingerprinting is a technique broadly utilized in diverse fields such as cybersecurity, network management, and software development. We discover that the mechanical vibrations of cooling fans for both the CPU and power supply unit (PSU) in a system strongly correlate with the computational activities of running applications. In this study, we measure such vibrations with the help of mmWave sensing and design a new application fingerprinting approach named mmFingerprint. We create a prototype of mmFingerprint and demonstrate its effectiveness in distinguishing between various applications. To showcase the use of mmFingerprint in cybersecurity for defensive purposes, we deploy it in a real computer system to detect the execution of reputable Rowhammer attack tools like TRRespass and Blacksmith. We find that the detection can reach a very high accuracy in practical scenarios. Specifically, the accuracy is 89% when exploiting CPU fan vibrations and nearly 100% when leveraging PSU fan vibrations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Wagner, N.R.: Fingerprinting. In: 1983 IEEE Symposium on Security and Privacy, pp. 18–18. IEEE (1983)

    Google Scholar 

  2. Yang, L., Zhi, Y., Wei, T., Shui, Yu., Ma, J.: Inference attack in android activity based on program fingerprint. J. Netw. Comput. Appl. 127, 92–106 (2019)

    Article  Google Scholar 

  3. Matyunin, N., Wang, Y., Arul, T., Kullmann, K., Szefer, J., Katzenbeisser, S.: Magneticspy: exploiting magnetometer in mobile devices for website and application fingerprinting. In: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pp. 135–149 (2019)

    Google Scholar 

  4. Draghicescu, D., Caranica, A., Vulpe, A., Fratu, O.: Crypto-mining application fingerprinting method. In: 2018 International Conference on Communications (COMM), pp. 543–546. IEEE (2018)

    Google Scholar 

  5. Zou, P., Li, A., Barker, K., Ge, R.: Detecting anomalous computation with rnns on gpu-accelerated hpc machines. In: Proceedings of the 49th International Conference on Parallel Processing, pp. 1–11 (2020)

    Google Scholar 

  6. Ahmed, M.E., Ullah, S., Kim, H.: Statistical application fingerprinting for ddos attack mitigation. IEEE Trans. Inform. Foren. Sec. 14(6), 1471–1484 (2018)

    Article  Google Scholar 

  7. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: OSDI, vol. 4, pp. 4–4 (2004)

    Google Scholar 

  8. Chen, Y., Jin, X., Sun, J., Zhang, R., Zhang, Y.: Powerful: mobile app fingerprinting via power analysis. In: IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE (2017)

    Google Scholar 

  9. Khan, H.A., Sehatbakhsh, N., Nguyen, L.N., Prvulovic, M., Zajić, A.: Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. J. Hardware Syst. Sec. 3, 305–318 (2019)

    Article  Google Scholar 

  10. Liang, S., Zhan, Z., Yao, F., Cheng, L., Zhang, Z.: Clairvoyance: exploiting far-field em emanations of gpu to" see" your dnn models through obstacles at a distance. In: 2022 IEEE Security and Privacy Workshops (SPW), pp. 312–322. IEEE (2022)

    Google Scholar 

  11. Zhan, Z., Zhang, Z., Liang, S., Yao, F., Koutsoukos, X.: Graphics peeping unit: Exploiting em side-channel information of gpus to eavesdrop on your neighbors. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1440–1457. IEEE (2022)

    Google Scholar 

  12. Zhang, Z., Zhan, Z., Balasubramanian, D., Li, B., Volgyesi, P., Koutsoukos, X.: Leveraging em side-channel information to detect rowhammer attacks. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 729–746. IEEE (2020)

    Google Scholar 

  13. Li, J., et al.: \(\{\)FOAP\(\}\):\(\{\)Fine-Grained\(\}\)\(\{\)Open-World\(\}\) android app fingerprinting. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1579–1596 (2022)

    Google Scholar 

  14. Aceto, G., Ciuonzo, D., Montieri, A., Pescape, A.: Traffic classification of mobile apps through multi-classification. In: GLOBECOM 2017–2017 IEEE Global Communications Conference, pp. 1–6. IEEE (2017)

    Google Scholar 

  15. Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX security symposium, vol. 4, pp. 351–366 (2009)

    Google Scholar 

  16. Seaborn, M., Dullien, T.: Exploiting the dram rowhammer bug to gain kernel privileges. Black Hat 15, 71 (2015)

    Google Scholar 

  17. Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-vm row hammer attacks and privilege escalation. In: 25th \(\{\)USENIX\(\}\) Security Symposium \(\{\)USENIX\(\}\) Security 2016, pp. 19–35 (2016)

    Google Scholar 

  18. Bhattacharya, S., Mukhopadhyay, D.: Curious case of Rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29

    Chapter  Google Scholar 

  19. Jang, Y., Lee, J., Lee, S., Kim, T.: Sgx-bomb: locking down the processor via rowhammer attack. In: Proceedings of the 2nd Workshop on System Software for Trusted Execution, pp. 1–6 (2017)

    Google Scholar 

  20. Mutlu, O.: The rowhammer problem and other issues we may face as memory becomes denser. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), vol. 2017, pp. 1116–1121. IEEE (2017)

    Google Scholar 

  21. Gruss, D.: Another flip in the wall of rowhammer defenses. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 245–261. IEEE (2018)

    Google Scholar 

  22. Kwong, A., Genkin, D., Gruss, D., Yarom, Y.: Rambleed: reading bits in memory without accessing them. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 695–711. IEEE (2020)

    Google Scholar 

  23. Aweke, Z.B.: Anvil: software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Not. 51(4), 743–755 (2016)

    Article  Google Scholar 

  24. Lee, E., Kang, I., Lee, S., Suh, G.E., Ahn, J.H.: Twice: preventing row-hammering by exploiting time window counters. In: Proceedings of the 46th International Symposium on Computer Architecture, pp. 385–396 (2019)

    Google Scholar 

  25. Park, Y., Kwon, W., Lee, E., Ham, T.J., Ahn, J.H., Lee, J.W.: Graphene: strong yet lightweight row hammer protection. In: 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 1–13. IEEE (2020)

    Google Scholar 

  26. Frigo, P.: Trrespass: exploiting the many sides of target row refresh. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 747–762. IEEE (2020)

    Google Scholar 

  27. Jattke, P., Van Der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 716–734. IEEE (2022)

    Google Scholar 

  28. UEFI Forum, Inc., Advanced configuration and power interface (acpi) specification (2022). https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf. (Accessed 06 Dec 2023)

  29. Hanrahan, D.: Fan-speed control techniques in pcs. Analog Dialogue 34(4), 34–04 (2000)

    Google Scholar 

  30. Bilik, I., Longman, O., Villeval, S., Tabrikian, J.: The rise of radar for autonomous vehicles: signal processing solutions and future research directions. IEEE Signal Process. Mag. 36(5), 20–31 (2019)

    Article  Google Scholar 

  31. Li, X., Wang, X., Yang, Q., Song, F.: Signal processing for tdm mimo fmcw millimeter-wave radar sensors. IEEE Access 9, 167959–167971 (2021)

    Article  Google Scholar 

  32. Hu, P., Li, W., Spolaor, R., Cheng, X.: mmecho: a mmwave-based acoustic eavesdropping method. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 836–852. IEEE Computer Society (2022)

    Google Scholar 

  33. Wang, C.: mmeve: eavesdropping on smartphone’s earpiece via cots mmwave device. In: Proceedings of the 28th Annual International Conference on Mobile Computing and Networking, pp. 338–351 (2022)

    Google Scholar 

  34. Basak, S., Gowda, M.: mmspy: spying phone calls using mmwave radars. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1211–1228. IEEE (2022)

    Google Scholar 

  35. Jiang, C., Guo, J., He, Y., Jin, M., Li, S., Liu, Y.: mmvib: micrometer-level vibration measurement with mmwave radar. In: Proceedings of the 26th Annual International Conference on Mobile Computing and Networking, pp. 1–13 (2020)

    Google Scholar 

  36. Rao, S.: Introduction to mmwave sensing: Fmcw radars. Texas Instruments (TI) mmWave Training Series, pp. 1–11 (2017)

    Google Scholar 

  37. Fawaz, H.I., Forestier, G., Weber, J., Idoumghar, L., Muller, P.-A.: Deep learning for time series classification: a review. Data Mining Knowl. Dis. 33(4), 917–963 (2019)

    Article  MathSciNet  Google Scholar 

  38. Wang, Z., Yan, W., Oates, T.: Time series classification from scratch with deep neural networks: a strong baseline. In: 2017 International joint conference on neural networks (IJCNN), pp. 1578–1585. IEEE (2017)

    Google Scholar 

  39. Xu, C.: Waveear: exploring a mmwave-based noise-resistant speech sensing for voice-user interface. In: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, pp. 14–26 (2019)

    Google Scholar 

  40. Wang, C., Lin, F., Ba, Z., Zhang, F., Wenyao, X., Ren, K.: Wavesdropper: through-wall word detection of human speech via commercial mmwave devices. Proc. ACM Interac. Mobile, Wearable Ubiquitous Technol. 6(2), 1–26 (2022)

    Article  Google Scholar 

  41. Li, Z.: Spiralspy: exploring a stealthy and practical covert channel to attack air-gapped computing devices via mmwave sensing. In: The 29th Network and Distributed System Security (NDSS) Symposium 2022. The Internet Society (2022)

    Google Scholar 

  42. Vennam, R.R.: mmspoof: resilient spoofing of automotive millimeter-wave radars using reflect array. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1971–1985. IEEE Computer Society (2022)

    Google Scholar 

  43. Dong, Y., Yao, Y.-D.: Secure mmwave-radar-based speaker verification for iot smart home. IEEE Internet Things J. 8(5), 3500–3511 (2020)

    Article  Google Scholar 

  44. Kim, Y.: Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. ACM SIGARCH Comput. Architecture News 42(3), 361–372 (2014)

    Article  Google Scholar 

  45. Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_14

    Chapter  Google Scholar 

  46. Zhang, T., Zhang, Y., Lee, R.B.: CloudRadar: a real-time side-channel attack detection system in clouds. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 118–140. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_6

    Chapter  Google Scholar 

  47. Konoth, R.K.: Zebram: comprehensive and compatible software protection against rowhammer attacks. In: 13th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation \(\{\)OSDI\(\}\) 2018, pp. 697–710 (2018)

    Google Scholar 

  48. Kogler, A., et al.: \(\{\)Half-Double\(\}\): Hammering from the next row over. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 3807–3824 (2022)

    Google Scholar 

Download references

Acknowledgment

This work is supported in part by the National Science Foundation (CNS-2147217). The authors would like to thank the anonymous reviewers for their comments and suggestions that help us improve the quality of the paper.

Author information

Authors and Affiliations

  1. School of Computing, Clemson University, Clemson, UK

    Sisheng Liang & Zhenkai Zhang

  2. Department of Computer Science and Engineering, University of Colorado Denver, Denver, USA

    Zhengxiong Li

  3. Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, UK

    Chenxu Jiang & Linke Guo

Authors
  1. Sisheng Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhengxiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chenxu Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Linke Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhenkai Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sisheng Liang .

Editor information

Editors and Affiliations

  1. Binghamton University, Binghamton, NY, USA

    Yu Chen

  2. National Taiwan University, Taipei, Taiwan

    Chung-Wei Lin

  3. Michigan Technological University, Houghton, MI, USA

    Bo Chen

  4. Northwestern University, Evanston, IL, USA

    Qi Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liang, S., Li, Z., Jiang, C., Guo, L., Zhang, Z. (2024). mmFingerprint: A New Application Fingerprinting Technique via mmWave Sensing and Its Use in Rowhammer Detection. In: Chen, Y., Lin, CW., Chen, B., Zhu, Q. (eds) Security and Privacy in Cyber-Physical Systems and Smart Vehicles. SmartSP 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 552. Springer, Cham. https://doi.org/10.1007/978-3-031-51630-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51630-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51629-0

  • Online ISBN: 978-3-031-51630-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation