Affiliation:
1. University of California, Riverside, Riverside, CA, USA
2. University of Texas at Arlington, Arlington, TX, USA
Abstract
Attacks based on power analysis have been long existing and studied, with some recent works focused on data exfiltration from victim systems without using conventional communications (e.g., WiFi). Nonetheless, prior works typically rely on intrusive direct power measurement, either by implanting meters in the power outlet or tapping into the power cable, thus jeopardizing the stealthiness of attacks. In this paper, we propose NoDE (Noise for Data Exfiltration), a new system for stealthy data exfiltration from enterprise desktop computers. Specifically, NoDE achieves data exfiltration over a building's power network by exploiting high-frequency voltage ripples (i.e., switching noises) generated by power factor correction circuits built into today's computers. Located at a distance and even from a different room, the receiver can non-intrusively measure the voltage of a power outlet to capture the high-frequency switching noises for online information decoding without supervised training/learning. To evaluate NoDE, we run experiments on seven different computers from top vendors and using top-brand power supply units. Our results show that for a single transmitter, NoDE achieves a rate of up to 28.48 bits/second with a distance of 90 feet (27.4 meters) without the line of sight, demonstrating a practically stealthy threat. Based on the orthogonality of switching noise frequencies of different computers, we also demonstrate simultaneous data exfiltration from four computers using only one receiver. Finally, we present a few possible defenses, such as installing noise filters, and discuss their limitations.
Funder
U.S. National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Computer Science (miscellaneous)
Reference81 articles.
1. Ben Hunter. L0rdix: Multipurpose attack tool https://blog.ensilo.com/l0rdix-attack-tool. Ben Hunter. L0rdix: Multipurpose attack tool https://blog.ensilo.com/l0rdix-attack-tool.
2. Energy-aware design techniques for differential power analysis protection
3. Dominik Brodowski. Cpu frequency and voltage scaling code in the linux(tm) kernel https://www.kernel.org/doc/Documentation/cpu-freq/user-guide.txt. Dominik Brodowski. Cpu frequency and voltage scaling code in the linux(tm) kernel https://www.kernel.org/doc/Documentation/cpu-freq/user-guide.txt.
Cited by
13 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. NoiseHopper: Emission Hopping Air-Gap Covert Side Channel with Lower Probability of Detection;2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST);2024-05-06
2. AUDIOSENSE: Leveraging Current to Acoustic Channel to Detect Appliances at Single-Point;2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON);2023-09-11
3. Memory‐Based Data Exfiltration Detection Methods;Data Exfiltration Threats and Prevention Techniques;2023-05-19
4. Near Field Air-Gap Covert Channel Attack;2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2022-12
5. SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables;2022 19th Annual International Conference on Privacy, Security & Trust (PST);2022-08-22