Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices-Reference-Cited by-同舟云学术

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

Published:2018-08-29 Issue:4 Volume:2018 Page:141-158
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Lifshits Pavel¹,Forte Roni¹,Hoshen Yedid²,Halpern Matt³,Philipose Manuel³,Tiwari Mohit³,Silberstein Mark¹

Affiliation:

1. Technion

2. Hebrew University

3. UT Austin

Abstract

Abstract Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks. In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Reference39 articles.

1. [1] Anirudh Badam, Ranveer Chandra, Jon Dutra, Anthony Ferrese, Steve Hodges, Pan Hu, Julia Meinershagen, Thomas Moscibroda, Bodhi Priyantha, and Evangelia Skiani. 2015. Software Defined Batteries. In Proceedings of the 25th Symposium on Operating Systems Principles (SOSP ’15). ACM, New York, NY, USA, 215–229. https://doi.org/10.1145/2815400.281542910.1145/2815400.2815429

2. [2] Donald J Berndt and James Clifford. 1994. Using dynamic time warping to find patterns in time series. In KDD workshop, Vol. 10. Seattle, WA, 359–370.

3. [3] Bert den Boer, Kerstin Lemke, and Guntram Wicke. 2003. A DPA Attack Against the Modular Reduction Within a CRT Implementation of RSA. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES ’02). Springer-Verlag, London, UK, 228–243. http://dl.acm.org/citation.cfm?id=648255.752718

4. [4] Aaron Carroll and Gernot Heiser. 2010. An Analysis of Power Consumption in a Smartphone. In Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference (USENIXATC’10), Vol. 14. USENIX Association, Berkeley, CA, USA, 21–21. http://dl.acm.org/citation.cfm? id=1855840.1855861

5. [5] Yimin Chen, Xiaocong Jin, Jingchao Sun, Rui Zhang, and Yanchao Zhang. 2017. POWERFUL: Mobile app fingerprinting via power analysis. In Conference on Computer Communications (INFOCOM). IEEE, 1–9.

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. There’s Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Attack;IEEE Micro;2023-07

2. The Use of Performance-Countersto Perform Side-Channel Attacks;Cyber Security, Cryptology, and Machine Learning;2023

3. HammerScope;Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security;2022-11-07

4. Maya: Using Formal Control to Obfuscate Power Side Channels;IEEE Micro;2022-07-01

5. There's always a bigger fish;Proceedings of the 49th Annual International Symposium on Computer Architecture;2022-06-11