Juchuan Zhang
ABSTRACT
Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. Side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.
- 2020. ENERGY STAR. https://www.energystar.gov/products/spec/computers_specification_version_7_0_pd.Google Scholar
- 2020. Haven't You Heard? Trade Secret Theft Can Occur in Unusual Ways. https://blogs.orrick.com/trade-secrets-watch/2016/03/16/havent-you-heard-trade-secret-theft-can-occur-in-unusual-ways/.Google Scholar
- 2020. Long Short-Term Memory. Wikipedia (May 2020).Google Scholar
- 2020. Power Factor. Wikipedia (June 2020).Google Scholar
- 2020. Trade Secret. Wikipedia (June 2020).Google Scholar
- 2020. UCC28019 Data Sheet, Product Information and Support | TI.Com. https://www.ti.com/product/UCC28019.Google Scholar
- 2021. 192/24 PCI-E 8-Channel sound card. http://www.syba.cc/e/wap/show.php?classid=24&id=418Google Scholar
- 2021. Sklearn.Ensemble.RandomForestClassifier --- Scikit-Learn 0.24.1 Documentation. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html.Google Scholar
- 2021. Tsfresh --- Tsfresh 0.18.1.Dev3+gcb7943e Documentation. https://tsfresh.readthedocs.io/en/latest/.Google Scholar
- Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSINN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19). 515--532.Google Scholar
- Alexandru Boitan, Simona Halunga, Valerică Bîndar, and Octavian Fratu. 2020. Compromising Electromagnetic Emanations of USB Mass Storage Devices. Wireless Personal Communications (April 2020).Google Scholar
- S. Chakraborty, W. Ouyang, and M. Srivastava. 2017. LightSpy: Optical Eavesdropping on Displays Using Light Sensors on Mobile Devices. In Proceedings of the 2017 IEEE International Conference on Big Data (Big Data). 2980--2989.Google Scholar
- Shane S. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current Events: Identifying Webpages by Tapping the Electrical Outlet. In Proceedings of European Symposium on Research in Computer Security. Springer, 700--717.Google ScholarCross Ref
- Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). 414--432.Google ScholarCross Ref
- Miro Enev, Sidhant Gupta, Tadayoshi Kohno, and Shwetak N. Patel. 2011. Televisions, Video Privacy, and Powerline Electromagnetic Interference. In Proceedings of the 18th ACM Conference on Computer and Communications Security. 537--550.Google Scholar
- Denis Foo Kune and Yongdae Kim. 2010. Timing Attacks on PIN Input Devices. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 678--680.Google Scholar
- Feng Gao and Xue Wang. [n.d.]. Trade Secrets Protection and Cost Structure. ([n. d.]), 37.Google Scholar
- Daniel Genkin, Mihir Pattani, Roei Schuster, and Eran Tromer. 2019. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 853--869.Google ScholarCross Ref
- Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get Your Hands off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95--112.Google ScholarCross Ref
- Gabriel Goller and Georg Sigl. 2015. Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In Proceedings of Constructive Side-Channel Analysis and Secure Design. Vol. 9064. Springer International Publishing, Cham, 255--270.Google ScholarDigital Library
- Sidhant Gupta, Matthew S. Reynolds, and Shwetak N. Patel. 2010. ElectriSense: Single-Point Sensing Using EMI for Electrical Event Detection and Classification in the Home. In Proceedings of the 12th ACM International Conference on Ubiquitous Computing. 139--148.Google Scholar
- Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Yuval Elovici. 2015. GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies. In 24th USENIX Security Symposium (USENIX Security 15).Google ScholarDigital Library
- Mordechai Guri, Matan Monitz, and Yuval Elovici. 2016. USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust (PST). 264--268.Google ScholarCross Ref
- Mordechai Guri, Matan Monitz, Yisroel Mirski, and Yuval Elovici. 2015. BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations. In Proceedings of the 28th IEEE Computer Security Foundations Symposium. 276--289.Google ScholarDigital Library
- Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici. 2017. Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise ('DiskFiltration'). In Proceedings of European Symposium on Research in Computer Security. Springer, 98--115.Google ScholarCross Ref
- Mordechai Guri, Yosef Solewicz, and Yuval Elovici. 2018. MOSQUITO: Covert Ultrasonic Transmissions Between Two Air-Gapped Computers Using Speaker-to-Speaker Communication. In Proceedings of 2018 IEEE Conference on Dependable and Secure Computing (DSC). 1--8.Google ScholarCross Ref
- Mordechai Guri, Boris Zadov, Dima Bykhovsky, and Yuval Elovici. 2019. Power-Hammer: Exfiltrating Data from Air-Gapped Computers through Power Lines. IEEE Transactions on Information Forensics and Security (2019), 1--1.Google Scholar
- Mordechai Guri, Boris Zadov, and Yuval Elovici. 2017. LED-It-GO: Leaking (A Lot of) Data from Air-Gapped Computers via the (Small) Hard Drive LED. In Proceedings of Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 161--184.Google ScholarCross Ref
- Mordechai Guri, Boris Zadov, and Yuval Elovici. 2020. ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields. IEEE Transactions on Information Forensics and Security 15 (2020), 1190--1203.Google ScholarCross Ref
- Zhichuan Huang, Ting Zhu, Yu Gu, and Yanhua Li. 2016. Shepherd: Sharing Energy for Privacy Preserving in Hybrid AC-DC Microgrids. In Proceedings of the Seventh International Conference on Future Energy Systems. ACM, 19.Google ScholarDigital Library
- Mohammad A. Islam and Shaolei Ren. 2018. Ohm's Law in Data Centers: A Voltage Side Channel for Timing Power Attacks. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 146--162.Google Scholar
- Mohammad A. Islam, Shaolei Ren, and Adam Wierman. 2017. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1079--1094.Google ScholarDigital Library
- Butler W Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (1973), 613--615.Google ScholarDigital Library
- Yann LeCun, Léon Bottou, Yoshua Bengio, and Patrick Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278--2324.Google ScholarCross Ref
- Ding Li, Wenzhong Li, Xiaoliang Wang, Cam-Tu Nguyen, and Sanglu Lu. 2019. ActiveTracker: Uncovering the Trajectory of App Activities over Encrypted Internet Traffic Streams. In Proceedings of the 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). 1--9.Google ScholarDigital Library
- Yangdi Lyu and Prabhat Mishra. 2018. A Survey of Side-Channel Attacks on Caches and Countermeasures. Journal of Hardware and Systems Security 2, 1 (March 2018), 33--50.Google ScholarCross Ref
- On Semiconductor. 2014. Power Factor Correction (PFC) Handbook. www.onsemi.com.Google Scholar
- Zhihui Shao, Mohammad A. Islam, and Shaolei Ren. 2020. Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers. Proceedings of the ACM on Measurement and Analysis of Computing Systems 4, 1 (2020), 1--39.Google ScholarDigital Library
- Shivank. 2020. Codersinthestorm/RecurrentNN_SpeechRecognition.Google Scholar
- Laurent Simon, Wenduan Xu, and Ross Anderson. 2016. Don't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards. Proceedings on Privacy Enhancing Technologies 2016, 3 (July 2016), 136--154.Google ScholarCross Ref
- Chen Song, Feng Lin, Zhongjie Ba, Kui Ren, Chi Zhou, and Wenyao Xu. 2016. My Smartphone Knows What You Print: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 895--907.Google ScholarDigital Library
- Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard. Firstquarter 2018. Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices. 20, 1 (Firstquarter 2018), 465--488. Google ScholarCross Ref
- K. Tiri and I. Verbauwhede. 2005. Design Method for Constant Power Consumption of Differential Logic Circuits. In Proceedings of Design, Automation and Test in Europe. 628--633 Vol. 1.Google Scholar
- Wikipedia contributors. 2020. Conservation of energy --- Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/wiki/Conservation_of_energy.Google Scholar
- Zhi Xu, Kun Bai, and Sencun Zhu. 2012. TapLogger: Inferring User Inputs on Smartphone Touchscreens Using on-Board Motion Sensors. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113--124.Google ScholarDigital Library
- Xuan Zhao, Md Zakirul Alam Bhuiyan, Lianyong Qi, Hongli Nie, Wajid Rafique, and Wanchun Dou. 2018. TrCMP: An App Usage Inference Method for Mobile Service Enhancement. In Proceedings of Security, Privacy, and Anonymity in Computation, Communication, and Storage. Springer, 229--239.Google Scholar
Index Terms
- OutletSpy: cross-outlet application inference via power factor correction signal
Recommendations
Detecting Insider Theft of Trade Secrets
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
A Distributed Security Approach against ARP Cache Poisoning Attack
CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social SciencesThe Address Resolution Protocol (ARP) has a critical function in the Internet protocol suite, however, it was not designed for security as it does not verify that a response to an ARP request really comes from an authorized party. This weak point in the ...
Comments