Abstract
Power analysis has long been used to tell apart different instructions running on the same machine. In this work, we show that it is also possible to use power consumption to tell apart different machines running the same instructions, even if these machines have entirely identical hardware and software configurations, and even if the power consumption measurements are carried out using low-rate software-based methods. We collected an extended dataset of power consumption traces from 291 desktop and server systems, spanning multiple processor generations and vendors (Intel and AMD). After analyzing them, we discovered that profiling the power consumption of individual assembly instructions makes it possible to create a fingerprinting agent that can identify individual machines with high accuracy. Our classifier approaches its peak accuracy after less than 10 instructions, meaning that the fingerprint can take a very short time to capture. We analyzed the stability of the fingerprint over time and discovered that, while it remains relatively stable, it is significantly affected by temperature changes. We also carried out a proof-of-concept evaluation using portable WebAssembly code, showing that our method can still be applied, albeit at a reduced accuracy, without using native instructions for the profiling step. Our method depends on the ability to measure power, which is currently restricted to high-privileged “ring 0” code on modern PCs. This limits the current use of our method to defense-only settings, such as strengthening authentication or anti-counterfeiting. Our tools and datasets are publicly released as an open-source repository. Our work highlights the importance of protecting power consumption measurements from unauthorized access.
M. Botvinnik, T. Laor and T. Rokicki contributed equally to this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Artifact Availability.
Our developed code and data artifacts are available at https://github.com/FingerInThePower/Finger_In_The_Power, including code for power consumption trace collection for each of the architectures used as well as the portable code, our datasets used for the results section with the results, and the machine learning pipeline with the pre-processing procedures.
References
Abel, A., Reineke, J.: uops.info: Characterizing latency, throughput, and port usage of instructions on intel microarchitectures. In: ASPLOS (2019)
Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: ACSAC, pp. 289–301 (2016)
Cherkaoui, A., Bossuet, L., Seitz, L., Selander, G., Borgaonkar, R.: New paradigms for access control in constrained environments. In: ReCoSoC. IEEE (2014)
Cohen, Y., et al.: Hammerscope: observing DRAM power consumption using rowhammer. In: CCS (2022)
Colombier, B., Bossuet, L.: Survey of hardware protection of design data for integrated circuits and intellectual properties. IET Comput. Digit. Tech. 8(6), 274–287 (2014)
Frigo, P., Giuffrida, C., Bos, H., Razavi, K.: Grand pwning unit: accelerating microarchitectural attacks with the GPU. In: S &P (2018)
van Goethem, T., Scheepers, W., Preuveneers, D., Joosen, W.: Accelerometer-based device fingerprinting for multi-factor mobile authentication. In: 8th International Symposium on Engineering Secure Software and Systems (ESSoS) (2016)
Gras, B., Giuffrida, C., Kurth, M., Bos, H., Razavi, K.: Absynthe: automatic blackbox side-channel synthesis on commodity microarchitectures. In: NDSS (2020)
Hähnel, M., Döbel, B., Völp, M., Härtig, H.: Measuring energy consumption for short code paths using RAPL. SIGMETRICS Perform. Eval. Rev. 40(3), 13–17 (2012)
Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)
Hupperich, T., Hosseini, H., Holz, T.: Leveraging sensor fingerprinting for mobile device authentication. In: DIMVA (2016)
Intel: Running Average Power Limit Energy Reporting/INTEL-SA-00389. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html (2022)
Kalyanaraman, M., Orshansky, M.: Novel strong PUF based on nonlinearity of MOSFET subthreshold operation. In: HOST (2013)
Khan, K.N., Hirki, M., Niemi, T., Nurminen, J.K., Ou, Z.: RAPL in action: experiences in using RAPL for power measurements. ACM Trans. Model. Perform. Evaluation Comput. Syst. 3(2), 9:1–9:26 (2018)
von Kistowski, J., Block, H., Beckett, J., Spradling, C., Lange, K., Kounev, S.: Variations in CPU power consumption. In: ICPE, pp. 147–158. ACM (2016)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. In: S &P (2005)
Kumar, R., Burleson, W.P.: On design of a highly secure PUF based on non-linear current mirrors. In: HOST, pp. 38–43. IEEE Computer Society (2014)
Laor, T., et al.: DrawnApart: a device identification technique based on remote GPU fingerprinting. In: NDSS (2022)
Laperdrix, P., Avoine, G., Baudry, B., Nikiforakis, N.: Morellian analysis for browsers: making web authentication stronger with canvas fingerprinting. In: DIMVA (2019)
Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: S &P (2016)
Lipp, M., Gruss, D., Schwarz, M.: AMD prefetch attacks through power and time. In: USENIX Security Symposium (2022)
Lipp, M., et al.: PLATYPUS: software-based power side-channel attacks on x86. In: S &P (2021)
Liu, C., Chakraborty, A., Chawla, N., Roggel, N.: Frequency throttling side-channel attack. In: CCS (2022)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-38162-6
Marchand, C., Bossuet, L., Mureddu, U., Bochard, N., Cherkaoui, A., Fischer, V.: Implementation and characterization of a physical unclonable function for IoT: a case study with the TERO-PUF. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 37(1), 97–109 (2018)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: CHES (1999)
Moenig, M.: Webgl2: EXT_disjoint_timer_query_webgl2 failing in beta of 65 (2018). https://bugs.chromium.org/p/chromium/issues/detail?id=820891
Rokicki, T., Maurice, C., Schwarz, M.: CPU port contention without SMT. In: ESORICS (2022)
Rokicki, T., Maurice, C., Botvinnik, M., Oren, Y.: Port contention goes portable: port contention side channels in web browsers. In: ASIACCS (2022)
Ruhrmair, U., Solter, J.: PUF modeling attacks: an introduction and overview. https://doi.org/10.7873/DATE2014.361
Sánchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting. In: CCS (2018)
Schaller, A., et al.: Intrinsic rowhammer pufs: leveraging the rowhammer effect for improved security. CoRR abs/1902.04444 (2019)
Schaller, A., et al.: Decay-based DRAM pufs in commodity devices. IEEE Trans. Dependable Secur. Comput. 16(3), 462–475 (2019)
Schellenberg, F., Gnad, D.R.E., Moradi, A., Tahoori, M.B.: An inside job: remote power analysis attacks on FPGAs. In: DATE (2018)
Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., Gruss, D.: Netspectre: read arbitrary memory over network. In: ESORICS (2019)
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC, pp. 9–14. IEEE (2007)
Tehranipoor, F., Karimian, N., Yan, W., Chandy, J.A.: Dram-based intrinsic physically unclonable functions for system-level security and authentication. IEEE Trans. Very Large Scale Integr. Syst. 25(3), 1085–1097 (2017)
Tian, S., Xiong, W., Giechaskiel, I., Rasmussen, K., Szefer, J.: Fingerprinting cloud FPGA infrastructures. In: FPGA (2020)
Trampert, L., Rossow, C., Schwarz, M.: Browser-based CPU fingerprinting. In: ESORICS (2022)
Vijayakumar, A., Kundu, S.: A novel modeling attack resistant PUF design based on non-linear voltage transfer characteristics. In: DATE, pp. 653–658. ACM (2015)
Wang, Y., Paccagnella, R., He, E.T., Shacham, H., Fletcher, C.W., Kohlbrenner, D.: Hertzbleed: turning power side-channel attacks into remote timing attacks on x86. In: USENIX Security Symposium (2022)
Yang, L.,et al.: Remote attacks on speech recognition systems using sound from power supply. In: USENIX Security Symposium (2023)
Acknowledgments
Code to collect power consumption traces is based on Gras et al. [8]. This work has been partly funded by the ANR-19-CE39-0007 MIAOUS. Experiments presented in this paper were carried out using the Grid’5000 testbed, supported by a scientific interest group hosted by Inria and including CNRS, RENATER and several Universities as well as other organizations (see https://www.grid5000.fr).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Botvinnik, M., Laor, T., Rokicki, T., Maurice, C., Oren, Y. (2023). The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption. In: Gruss, D., Maggi, F., Fischer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2023. Lecture Notes in Computer Science, vol 13959. Springer, Cham. https://doi.org/10.1007/978-3-031-35504-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-35504-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35503-5
Online ISBN: 978-3-031-35504-2
eBook Packages: Computer ScienceComputer Science (R0)