Vol. 7 No. 1 (2021): Special Issue on Embedded System Security
Special Issue on Embedded System Security

We know what you're doing! Application detection using thermal data

Philipp Miedl
Computer Engineering and Networks Laboratory, ETH Zurich, Gloriastrasse 35, Zurich, Switzerland
Bio
Rehan Ahmed
Information Technology University of the Punjab, Arfa Software Technology Park, Ferozpur Road, Lahore, Pakistan
Lothar Thiele
Computer Engineering and Networks Laboratory, ETH Zurich, Gloriastrasse 35, Zurich, Switzerland

Published 2021-08-12

Keywords

  • Thermal Monitoring,
  • Side Channel,
  • Data Leak,
  • Sequence Labelling

How to Cite

[1]
Miedl, P., Ahmed, R. and Thiele, L. 2021. We know what you’re doing! Application detection using thermal data. Leibniz Transactions on Embedded Systems. 7, 1 (Aug. 2021), 02:1–02:28. DOI:https://doi.org/10.4230/LITES.7.1.2.

Abstract

Modern mobile and embedded devices have high computing power which allows them to be used for multiple purposes. Therefore, applications with low security restrictions may execute on the same device as applications handling highly sensitive information. In such a setup, a security risk occurs if it is possible that an application uses system characteristics to gather information about another application on the same device.

In this work, we present a method to leak sensitive runtime information by just using temperature sensor readings of a mobile device. We employ a Convolutional-Neural-Network, Long Short-Term Memory units and subsequent label sequence processing to identify the sequence of executed applications over time. To test our hypothesis we collect data from two state-of-the-art smartphones and real user usage patterns. We show an extensive evaluation using laboratory data, where we achieve labelling accuracies up to 90% and negligible timing error. Based on our analysis we state that the thermal information can be used to compromise sensitive user data and increase the vulnerability of mobile devices. A study based on data collected outside of the laboratory opens up various future directions for research.

References

  1. Davide B. Bartolini, Philipp Miedl, and Lothar Thiele.On the Capacity of Thermal Covert Channels in Multicores. In Proceedings of the Eleventh European Conference on Computer Systems, EuroSys '16, pages 24:1-24:16. ACM, 2016. URL: https://doi.org/10.1145/2901318.2901322
  2. J. Brouchier, T. Kean, C. Marsh, and D. Naccache.Temperature Attacks. IEEE Security and Privacy, 7(2):79-82, March 2009. URL: https://doi.org/10.1109/MSP.2009.54
  3. Julien Brouchier, Nora Dabbous, Tom Kean, Carol Marsh, and David Naccache.Thermocommunication. Cryptology ePrint Archive, Report 2009/002, 2009. URL: https://eprint.iacr.org/2009/002.
  4. Anna L Buczak and Erhan Guven.A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2):1153-1176, 2016. URL: https://doi.org/10.1109/COMST.2015.2494502
  5. Hong Cao and Miao Lin.Mining smartphone data for app usage prediction and recommendations: A survey. Pervasive and Mobile Computing, 37:1-22, 2017. URL: https://doi.org/10.1016/j.pmcj.2017.01.007
  6. P Dadvar and K Skadron.Potential thermal security risks. In Semiconductor Thermal Measurement and Management Symposium, 2005 IEEE Twenty First Annual IEEE, pages 229-234, 2005. URL: https://doi.org/10.1109/STHERM.2005.1412184
  7. Dmitry Evtyushkin and Dmitry Ponomarev.Covert channels through random number generator: Mechanisms, capacity estimation and mitigations. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 843-857. Association for Computing Machinery, 2016. URL: https://doi.org/10.1145/2976749.2978374
  8. Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh.Understanding and Mitigating Covert Channels Through Branch Predictors. ACM Transactions on Architecture and Code Optimization (TACO), 13(1), March 2016. URL: https://doi.org/10.1145/2870636doi:10.1145/2870636.
  9. Ian Goodfellow, Yoshua Bengio, and Aaron Courville. Deep Learning. MIT Press, 2016. URL: http://www.deeplearningbook.org.
  10. Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller.Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security, EuroSec’17. Association for Computing Machinery, 2017. URL: https://doi.org/10.1145/3065913.3065915
  11. Michael C Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. Systematic detection of capability leaks in stock android smartphones. In NDSS, volume 14, page 19, 2012.
  12. Alex Graves.Supervised sequence labelling, pages 5-13. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012. URL: https://doi.org/10.1007/978-3-642-24797-2_2
  13. Mordechai Guri, Matan Monitz, Yisroel Mirski, and Yuval Elovici.BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations. In Proceedings of the 2015 IEEE 28th Computer Security Foundations Symposium, CSF ’15, pages 276-289, USA, 2015. URL: https://doi.org/10.1109/CSF.2015.26
  14. Sepp Hochreiter and Jürgen Schmidhuber.Long Short-Term Memory. Neural Comput., 9(8):1735-1780, November 1997. URL: https://doi.org/10.1162/neco.1997.9.8.1735
  15. Michael Hutter and Jörn-Marc Schmidt.The Temperature Side Channel and Heating Fault Attacks, pages 219-235. Springer International Publishing, Cham, 2014. URL: https://doi.org/10.1007/978-3-319-08302-5_15
  16. T. Iakymchuk, M. Nikodem, and K. Kepa.Temperature-based covert channel in FPGA systems. In Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), 2011 6th International Workshop on, pages 1-7, June 2011. URL: https://doi.org/10.1109/ReCoSoC.2011.5981510
  17. Mohammad A. Islam, Shaolei Ren, and Adam Wierman.Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, pages 1079-1094. Association for Computing Machinery, 2017. URL: https://doi.org/10.1145/3133956.3133994
  18. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom.Spectre attacks: Exploiting speculative execution. arXiv preprint arXiv:1801.01203, 2018. URL: https://spectreattack.com/.
  19. Butler W. Lampson.A Note on the Confinement Problem. Commun. ACM, 16(10):613-615, October 1973. URL: https://doi.org/10.1145/362375.362389
  20. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard.ARMageddon: Cache Attacks on Mobile Devices. In Proceedings of the 25th USENIX Conference on Security Symposium, SEC’16, pages 549-564. USENIX Association, 2016. URL: https://doi.org/10.5555/3241094.3241138
  21. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg.Meltdown. arXiv preprint arXiv:1801.01207, 2018. URL: https://spectreattack.com/.
  22. Carol Marsh and David McLaren.Poster: Temperature Side Channels. In In the Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2007, 2007.
  23. Ramya Jayaram Masti, Devendra Rai, Aanjhan Ranganathan, Christian Müller, Lothar Thiele, and Srdjan Capkun.Thermal Covert Channels on Multi-core Platforms. In 24th USENIX Security Symposium (USENIX Security 15), pages 865-880, Washington, D.C., August 2015. USENIX Association. URL: https://doi.org/10.5555/2831143.2831198
  24. Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, and Kay Römer.Hello from the other side: SSH over robust cache covert channels in the cloud. NDSS, San Diego, CA, US, 2017. URL: https://cmaurice.fr/pdf/ndss17_maurice.pdf.
  25. Matthias Meyer, Samuel Weber, Jan Beutel, and Lothar Thiele. Systematic identification of external influences in multi-year microseismic recordings using convolutional neural networks. Earth Surface Dynamics, 7(1):171-190, 2019. URL: https://doi.org/10.5194/esurf-7-171-2019
  26. Yan Michalevsky, Gabi Nakibly, Gunaa Arumugam Veerapandian, Dan Boneh, and Gabi Nakibly.PowerSpy: Location Tracking Using Mobile Device Power Analysis. In 24th USENIX Security Symposium (USENIX Security 15), pages 785-800, Washington, D.C., August 2015. USENIX Association. URL: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/michalevsky.
  27. Philipp Miedl, Xiaoxi He, Matthias Meyer, Davide Basilio Bartolini, and Lothar Thiele.Frequency Scaling as a Security Threat on Multicore Systems. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37(11):2497-2508, November 2018. URL: https://doi.org/10.1109/TCAD.2018.2857038
  28. Philipp Miedl, Bruno Klopott, and Lothar Thiele.ExOT Website, March 2020. URL: https://www.exot.ethz.ch/.
  29. Philipp Miedl, Bruno Klopott, and Lothar Thiele.Increased reproducibility and comparability of data leak evaluations using ExOT. In 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2020. URL: https://doi.org/10.3929/ethz-b-000377986
  30. Philipp Miedl and Lothar Thiele.The Security Risks of Power Measurements in Multicores. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC ’18, pages 1585-1592. Association for Computing Machinery, 2018. URL: https://doi.org/10.1145/3167132.3167301
  31. Steven J. Murdoch.Hot or Not: Revealing Hidden Services by Their Clock Skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS '06, pages 27-36. Association for Computing Machinery, 2006. URL: https://doi.org/10.1145/1180405.1180410
  32. Naser Peiravian and Xingquan Zhu.Machine learning for android malware detection using permission and api calls. In Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, ICTAI ’13, pages 300-305, USA, 2013. IEEE Computer Society. URL: https://doi.org/10.1109/ICTAI.2013.53
  33. Danny Philippe-Jankovic and Tanveer A Zia.Breaking VM Isolation-An In-Depth Look into the Cross VM Flush Reload Cache Timing Attack. International Journal of Computer Science and Network Security (IJCSNS), 17(2):181, 2017. URL: https://researchoutput.csu.edu.au/en/publications/breaking-vm-isolation-an-in-depth-look-into-the-cross-flush-reloa-2.
  34. Sashank J. Reddi, Satyen Kale, and Sanjiv Kumar.On the Convergence of Adam and Beyond, 2019. URL: http://arxiv.org/abs/1904.09237arXiv:1904.09237.
  35. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage.Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, CCS ’09, pages 199-212. Association for Computing Machinery, 2009. URL: https://doi.org/10.1145/1653662.1653687
  36. Hong Rong, Huimei Wang, Jian Liu, Xiaochen Zhang, and Ming Xian.WindTalker: An Efficient and Robust Protocol of Cloud Covert Channel Based on Memory Deduplication. In Proceedings of the 2015 IEEE Fifth International Conference on Big Data and Cloud Computing, BDCLOUD ’15, pages 68-75, USA, 2015. IEEE Computer Society. URL: https://doi.org/10.1109/BDCloud.2015.12
  37. Stan Salvador and Philip Chan.Toward Accurate Dynamic Time Warping in Linear Time and Space. Intell. Data Anal., 11(5):561-580, October 2007. URL: https://doi.org/10.5555/1367985.1367993
  38. Lukas Sigrist.Design and Instrumentation of Environment-Powered Systems. PhD thesis, ETH Zurich, 2020.
  39. Raphael Spreitzer, Simone Griesmayr, Thomas Korak, and Stefan Mangard. Exploiting data-usage statistics for website fingerprinting attacks on android. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec ’16, pages 49-60. Association for Computing Machinery, 2016. URL: https://doi.org/10.1145/2939918.2939922
  40. Shanquan Tian and Jakub Szefer.Temporal Thermal Covert Channels in Cloud FPGAs. In Proceedings of the 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, FPGA ’19, pages 298-303. Association for Computing Machinery, 2019. URL: https://doi.org/10.1145/3289602.3293920
  41. Tijmen Tieleman and Geoffrey Hinton.Lecture 6.5-rmsprop: Divide the gradient by a running average of its recent magnitude. COURSERA: Neural networks for machine learning, 4(2):26-31, 2012.
  42. Xu, Yunjing and Bailey, Michael and Jahanian, Farnam and Joshi, Kaustubh and Hiltunen, Matti and Schlichting, Richard.An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW ’11, pages 29-40. Association for Computing Machinery, 2011. URL: https://doi.org/10.1145/2046660.2046670
  43. S. Zander, P. Branch, and G. Armitage.Capacity of Temperature-Based Covert Channels. Communications Letters, IEEE, 15(1):82-84, 2011. URL: https://doi.org/10.1109/LCOMM.2010.110310.101334
  44. Sebastian Zander and Steven J. Murdoch.An Improved Clock-skew Measurement Technique for Revealing Hidden Services. In Proceedings of the 17th USENIX Security Symposium, SS’08, pages 211-226. USENIX Association, 2008. URL: https://doi.org/10.5555/1496711.1496726,