Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.

Slides:

Advertisements

Similar presentations

Running a model's adjoint to obtain derivatives, while more efficient and accurate than other methods, such as the finite difference method, is a computationally.

Advertisements

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

FM-BASED INDOOR LOCALIZATION TsungYun 1.

1 Machine Learning: Lecture 10 Unsupervised Learning (Based on Chapter 9 of Nilsson, N., Introduction to Machine Learning, 1996)

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Arjmand Samuel Microsoft Research Muhammad Shahzad.

Virtual Dart: An Augmented Reality Game on Mobile Device Supervisor: Professor Michael R. Lyu Prepared by: Lai Chung Sum Siu Ho Tung.

Distinguishing Photographic Images and Photorealistic Computer Graphics Using Visual Vocabulary on Local Image Edges Rong Zhang,Rand-Ding Wang, and Tian-Tsong.

Analyzing Behavioral Features for Classification.

Pattern Recognition. Introduction. Definitions.. Recognition process. Recognition process relates input signal to the stored concepts about the object.

1 Presenter: Chien-Chih Chen Proceedings of the 2002 workshop on Memory system performance.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

Fundamentals of Electric Circuits Chapter 11

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.

Fundamentals of Electric Circuits Chapter 11

Projekt „ISSNB“ Nis, October DAAD Deutscher Akademischer Austausch Dienst German Academic Exchange Service PC-Based RLC Meter Mare Srbinovska,

Overview: Humans are unique creatures. Everything we do is slightly different from everyone else. Even though many times these differences are so minute.

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Low-Power Wireless Sensor Networks

WEKA - Explorer (sumber: WEKA Explorer user Guide for Version 3-5-5)

Side Channel Attacks through Acoustic Emanations

Element 2: Discuss basic computational intelligence methods.

COMMON EVALUATION FINAL PROJECT Vira Oleksyuk ECE 8110: Introduction to machine Learning and Pattern Recognition.

UOS 1 Ontology Based Personalized Search Zhang Tao The University of Seoul.

Keystroke Recognition using WiFi Signals

TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.

Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,

Experimental Results ■ Observations:  Overall detection accuracy increases as the length of observation window increases.  An observation window of 100.

1 CS 391L: Machine Learning: Experimental Evaluation Raymond J. Mooney University of Texas at Austin.

Vibrationdata 1 Unit 5 The Fourier Transform. Vibrationdata 2 Courtesy of Professor Alan M. Nathan, University of Illinois at Urbana-Champaign.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Multidimensional classification of burst triggers from the fifth science run of LIGO Soma Mukherjee CGWA, UTB GWDAW11, Potsdam, 12/18/06 LIGO-G

Final Year Project Lego Robot Guided by Wi-Fi (QYA2) Presented by: Li Chun Kit (Ash) So Hung Wai (Rex) 1.

Final Year Project Lego Robot Guided by Wi-Fi (QYA2)

TUH EEG Corpus Data Analysis 38,437 files from the Corpus were analyzed. 3,738 of these EEGs do not contain the proper channel assignments specified in.

LOCATION TRACKING USING MOBILE DEVICE POWER ANALYSIS

Interactive Learning of the Acoustic Properties of Objects by a Robot

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

A NOVEL METHOD FOR COLOR FACE RECOGNITION USING KNN CLASSIFIER

Vibrationdata 1 Unit 6a The Fourier Transform. Vibrationdata 2 Courtesy of Professor Alan M. Nathan, University of Illinois at Urbana-Champaign.

Z bigniew Leonowicz, Wroclaw University of Technology Z bigniew Leonowicz, Wroclaw University of Technology, Poland XXIX  IC-SPETO.

Wireless and Mobile Security

ECE 8443 – Pattern Recognition ECE 8527 – Introduction to Machine Learning and Pattern Recognition LECTURE 12: Advanced Discriminant Analysis Objectives:

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA

Mustafa Gokce Baydogan, George Runger and Eugene Tuv INFORMS Annual Meeting 2011, Charlotte A Bag-of-Features Framework for Time Series Classification.

COMPSCI 720 Security for Smart-devices Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses [1] Harry Jackson hjac660 [1] Das, Anupam,

Presented by Edith Ngai MPhil Term 3 Presentation

Automated Experiments on Ad Privacy Settings

Cloud Computing By P.Mahesh

Walking Speed Detection from 5G Prototype System

Vijay Srinivasan Thomas Phan

Massachusetts Institute of Technology

International Symposium on Microarchitecture. New York, NY.

Analyzing WebView Vulnerabilities in Android Applications

Background Energy efficiency is a critical issue for mobile device.

Hardware Masking, Revisited

Robot Recognition of Complex Swarm Behaviors

AN ANALYSIS OF TWO COMMON REFERENCE POINTS FOR EEGS

An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.

Post-Silicon Calibration for Large-Volume Products

Data Acquisition (DAQ)

Department of Electrical Engineering

Machine Learning for Visual Scene Classification with EEG Data

Lecture 16. Classification (II): Practical Considerations

Presentation transcript:

Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and Introduction Methods Electrical and Computer Engineering, The University of Texas at Austin The Android security architecture leverages the traditional Linux operating security controls to protect a user’s data. However, user- based permissions models and application sandboxes do not mitigate the vulnerability of side-channels. We demonstrate power consumption as a side-channel on mobile devices. While web pages may look aesthetically similar, the web browser exercises different behaviors while rendering the underlying code. The variance between the browser’s behavior and power consumption implies that different webpages consume different amounts of power. Thus, webpages can be uniquely identified from one another by analyzing power traces collected during a page load. Side-channel attacks have not been studied for general purpose systems such as mobile devices. In our evaluation, we use this side- channel to reveal a mobile user’s browsing activity from the hardware level power traces from the CPU, GPU, PMIC and DRAM with an 80% accuracy. UT Security, Privacy and Architecture (SPARK) Lab Attack Results Countermeasure Results Discussion Machine Learning Conclusions OMAP5432 EVM Development Board Power Measurement: NI DAQ 6555 ARM Streamline Launch RERAN Push to COMPUTE SERVER Refine FFT Analyze Evaluation Our experiments are performed on real hardware and mainstream mobile operating system that simulates a comparable attack on a mobile device. In this section, we discuss our testing infrastructure that allows us to conduct a power side-channel attack on a mobile device. Power Collection: traces are collected from an externally instrumented evaluation board. Sense resistors are attached to the PMIC, CPU, GPU, and DRAM. Collecting Traces: Prior to identifying browser behavior, we create a database of signatures corresponding to the applications power consumption which is either stored on the device or a remote server. Immediately before the page load, the ARM Gator begins gathering raw power traces from 4 different channels: PMIC, CPU, GPU and DRAM. This daemon runs for 30 seconds after the initial page load. Signature Generation: The initial data contains 30 seconds worth of sampled data, but later trimmed to 5 seconds. The trace is then converted into the frequency domain. Each spectrogram is a set of tuples which keep track of a magnitude and a frequency for that magnitude, essentially forming a histogram of magnitudes for a given webpage trial. We use the k-Nearest Neighbors (kNN) algorithm for initial classification. kNN is a simple algorithm that identifies the k-nearest neighbors of a given feature vector c using their Euclidian distance. In the case of our experiment, we use the frequency of magnitudes derived from the time series power trace as the features, and the webpage’s name as the label. Running this classifier allows us to classify the given feature vector c with the label of a webpage. After using this classifier, we can use a confusion matrix, also known as an error matrix, to visualize the accuracy of the model. The results are shown in the figures above. To evaluate our attack, we perform a 10-fold cross validation for each parameter configuration. We used 5 different parameters, varying k from 1 through 5. This process splits our signature database into a 90/10 training/test set respectively. This technique allows us to see how well our model would perform in practice, without necessitating testing single unknown traces. Time-series power traces for a webpage load are specific, consistent and distinguishable. 20 traces were collected for each website to generate an accurate signal for signature recognition with kNN. The attack can be down-sampled to roughly 200 Hz while keeping the same accuracy. The original attack consists of 5000 features, and an attack at 200 Hz consists of simply 25 features. To this end, a random DVFS governor to vary the CPU frequency in an attempt to mitigate the attack. Dynamic Voltage and Frequency Scaling (DVFS) is a commonly used technique to alter the frequency of the CPU, on the fly, to conserve power. Essentially, DVFS uses a reduction in CPU clock frequency to reduce supply voltage, and thus save power. Information leakage is a pervasive problem, not limited to the hardware-level. Temporal changes in any part of the mobile system stack propagate to the lower levels. It is possible to correlate this seemingly insignificant leaked data to reveal a user’s secrets. -Power traces for webpage loads are specific and consistent. They can be used by an attacker to reverse engineer a user’s browsing history. -This attack can be mitigated either by adding noise to the power trace or removing the signal. -Random DVFS governor was built to add coarse grained noise to the power trace. This effectively mitigated a kNN based attack, but cannot provably be mitigated other techniques. The Principal Component Analysis (PCA) for the default Android governor (interactive) and the Random DVFS governor show that the features with the highest variance are significantly less clustered.