skip to main content
10.1145/3448300.3468291acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

OutletSpy: cross-outlet application inference via power factor correction signal

Published: 28 June 2021 Publication History

Abstract

Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. Side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.

References

[1]
2020. ENERGY STAR. https://www.energystar.gov/products/spec/computers_specification_version_7_0_pd.
[2]
2020. Haven't You Heard? Trade Secret Theft Can Occur in Unusual Ways. https://blogs.orrick.com/trade-secrets-watch/2016/03/16/havent-you-heard-trade-secret-theft-can-occur-in-unusual-ways/.
[3]
2020. Long Short-Term Memory. Wikipedia (May 2020).
[4]
2020. Power Factor. Wikipedia (June 2020).
[5]
2020. Trade Secret. Wikipedia (June 2020).
[6]
2020. UCC28019 Data Sheet, Product Information and Support | TI.Com. https://www.ti.com/product/UCC28019.
[7]
2021. 192/24 PCI-E 8-Channel sound card. http://www.syba.cc/e/wap/show.php?classid=24&id=418
[8]
2021. Sklearn.Ensemble.RandomForestClassifier --- Scikit-Learn 0.24.1 Documentation. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html.
[9]
2021. Tsfresh --- Tsfresh 0.18.1.Dev3+gcb7943e Documentation. https://tsfresh.readthedocs.io/en/latest/.
[10]
Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSINN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19). 515--532.
[11]
Alexandru Boitan, Simona Halunga, Valerică Bîndar, and Octavian Fratu. 2020. Compromising Electromagnetic Emanations of USB Mass Storage Devices. Wireless Personal Communications (April 2020).
[12]
S. Chakraborty, W. Ouyang, and M. Srivastava. 2017. LightSpy: Optical Eavesdropping on Displays Using Light Sensors on Mobile Devices. In Proceedings of the 2017 IEEE International Conference on Big Data (Big Data). 2980--2989.
[13]
Shane S. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current Events: Identifying Webpages by Tapping the Electrical Outlet. In Proceedings of European Symposium on Research in Computer Security. Springer, 700--717.
[14]
Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). 414--432.
[15]
Miro Enev, Sidhant Gupta, Tadayoshi Kohno, and Shwetak N. Patel. 2011. Televisions, Video Privacy, and Powerline Electromagnetic Interference. In Proceedings of the 18th ACM Conference on Computer and Communications Security. 537--550.
[16]
Denis Foo Kune and Yongdae Kim. 2010. Timing Attacks on PIN Input Devices. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 678--680.
[17]
Feng Gao and Xue Wang. [n.d.]. Trade Secrets Protection and Cost Structure. ([n. d.]), 37.
[18]
Daniel Genkin, Mihir Pattani, Roei Schuster, and Eran Tromer. 2019. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 853--869.
[19]
Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get Your Hands off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95--112.
[20]
Gabriel Goller and Georg Sigl. 2015. Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In Proceedings of Constructive Side-Channel Analysis and Secure Design. Vol. 9064. Springer International Publishing, Cham, 255--270.
[21]
Sidhant Gupta, Matthew S. Reynolds, and Shwetak N. Patel. 2010. ElectriSense: Single-Point Sensing Using EMI for Electrical Event Detection and Classification in the Home. In Proceedings of the 12th ACM International Conference on Ubiquitous Computing. 139--148.
[22]
Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Yuval Elovici. 2015. GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies. In 24th USENIX Security Symposium (USENIX Security 15).
[23]
Mordechai Guri, Matan Monitz, and Yuval Elovici. 2016. USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust (PST). 264--268.
[24]
Mordechai Guri, Matan Monitz, Yisroel Mirski, and Yuval Elovici. 2015. BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations. In Proceedings of the 28th IEEE Computer Security Foundations Symposium. 276--289.
[25]
Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici. 2017. Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise ('DiskFiltration'). In Proceedings of European Symposium on Research in Computer Security. Springer, 98--115.
[26]
Mordechai Guri, Yosef Solewicz, and Yuval Elovici. 2018. MOSQUITO: Covert Ultrasonic Transmissions Between Two Air-Gapped Computers Using Speaker-to-Speaker Communication. In Proceedings of 2018 IEEE Conference on Dependable and Secure Computing (DSC). 1--8.
[27]
Mordechai Guri, Boris Zadov, Dima Bykhovsky, and Yuval Elovici. 2019. Power-Hammer: Exfiltrating Data from Air-Gapped Computers through Power Lines. IEEE Transactions on Information Forensics and Security (2019), 1--1.
[28]
Mordechai Guri, Boris Zadov, and Yuval Elovici. 2017. LED-It-GO: Leaking (A Lot of) Data from Air-Gapped Computers via the (Small) Hard Drive LED. In Proceedings of Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 161--184.
[29]
Mordechai Guri, Boris Zadov, and Yuval Elovici. 2020. ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields. IEEE Transactions on Information Forensics and Security 15 (2020), 1190--1203.
[30]
Zhichuan Huang, Ting Zhu, Yu Gu, and Yanhua Li. 2016. Shepherd: Sharing Energy for Privacy Preserving in Hybrid AC-DC Microgrids. In Proceedings of the Seventh International Conference on Future Energy Systems. ACM, 19.
[31]
Mohammad A. Islam and Shaolei Ren. 2018. Ohm's Law in Data Centers: A Voltage Side Channel for Timing Power Attacks. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 146--162.
[32]
Mohammad A. Islam, Shaolei Ren, and Adam Wierman. 2017. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1079--1094.
[33]
Butler W Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (1973), 613--615.
[34]
Yann LeCun, Léon Bottou, Yoshua Bengio, and Patrick Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278--2324.
[35]
Ding Li, Wenzhong Li, Xiaoliang Wang, Cam-Tu Nguyen, and Sanglu Lu. 2019. ActiveTracker: Uncovering the Trajectory of App Activities over Encrypted Internet Traffic Streams. In Proceedings of the 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). 1--9.
[36]
Yangdi Lyu and Prabhat Mishra. 2018. A Survey of Side-Channel Attacks on Caches and Countermeasures. Journal of Hardware and Systems Security 2, 1 (March 2018), 33--50.
[37]
On Semiconductor. 2014. Power Factor Correction (PFC) Handbook. www.onsemi.com.
[38]
Zhihui Shao, Mohammad A. Islam, and Shaolei Ren. 2020. Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers. Proceedings of the ACM on Measurement and Analysis of Computing Systems 4, 1 (2020), 1--39.
[39]
Shivank. 2020. Codersinthestorm/RecurrentNN_SpeechRecognition.
[40]
Laurent Simon, Wenduan Xu, and Ross Anderson. 2016. Don't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards. Proceedings on Privacy Enhancing Technologies 2016, 3 (July 2016), 136--154.
[41]
Chen Song, Feng Lin, Zhongjie Ba, Kui Ren, Chi Zhou, and Wenyao Xu. 2016. My Smartphone Knows What You Print: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 895--907.
[42]
Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard. Firstquarter 2018. Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices. 20, 1 (Firstquarter 2018), 465--488.
[43]
K. Tiri and I. Verbauwhede. 2005. Design Method for Constant Power Consumption of Differential Logic Circuits. In Proceedings of Design, Automation and Test in Europe. 628--633 Vol. 1.
[44]
Wikipedia contributors. 2020. Conservation of energy --- Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/wiki/Conservation_of_energy.
[45]
Zhi Xu, Kun Bai, and Sencun Zhu. 2012. TapLogger: Inferring User Inputs on Smartphone Touchscreens Using on-Board Motion Sensors. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113--124.
[46]
Xuan Zhao, Md Zakirul Alam Bhuiyan, Lianyong Qi, Hongli Nie, Wajid Rafique, and Wanchun Dou. 2018. TrCMP: An App Usage Inference Method for Mobile Service Enhancement. In Proceedings of Security, Privacy, and Anonymity in Computation, Communication, and Storage. Springer, 229--239.

Cited By

View all
  • (2024)CapSpeaker: Injecting Commands to Voice Assistants Via CapacitorsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332618421:4(3295-3308)Online publication date: Jul-2024
  • (2023)Remote attacks on speech recognition systems using sound from power supplyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620493(4571-4588)Online publication date: 9-Aug-2023
  • (2023)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: 28-Mar-2023
  • Show More Cited By

Index Terms

  1. OutletSpy: cross-outlet application inference via power factor correction signal

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks
    June 2021
    412 pages
    ISBN:9781450383493
    DOI:10.1145/3448300
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 28 June 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. power factor correction signal
    2. side channel inference

    Qualifiers

    • Research-article

    Funding Sources

    • ZJNSF Grant
    • China NSFC Grant

    Conference

    WiSec '21
    Sponsor:

    Acceptance Rates

    WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;
    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)26
    • Downloads (Last 6 weeks)8
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)CapSpeaker: Injecting Commands to Voice Assistants Via CapacitorsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332618421:4(3295-3308)Online publication date: Jul-2024
    • (2023)Remote attacks on speech recognition systems using sound from power supplyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620493(4571-4588)Online publication date: 9-Aug-2023
    • (2023)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: 28-Mar-2023
    • (2023)AUDIOSENSE: Leveraging Current to Acoustic Channel to Detect Appliances at Single-Point2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SECON58729.2023.10287491(240-248)Online publication date: 11-Sep-2023
    • (2023)OutletGuarder: Detecting DarkSide Ransomware by Power Factor Correction Signals in an Electrical Outlet2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS56603.2022.00061(419-426)Online publication date: Jan-2023
    • (2021)CapSpeaker: Injecting Voices to Microphones via CapacitorsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3485389(1915-1929)Online publication date: 12-Nov-2021

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media