Current Events: Identifying Webpages by Tapping the Electrical Outlet

  • Shane S. Clark
  • Hossen Mustafa
  • Benjamin Ransford
  • Jacob Sorber
  • Kevin Fu
  • Wenyuan Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8134)

Abstract

Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of 441 pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    iMacros for Firefox (loaded September 2011), http://www.iopus.com/imacros/firefox/
  2. 2.
    Alexa Internet, Inc. Top 1,000,000 sites (updated daily) (loaded February 12, 2012), http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
  3. 3.
    Barisani, A., Bianco, D.: Sniffing keystrokes with lasers/voltmeters. CanSecWest (March 2009), Presentation slidesGoogle Scholar
  4. 4.
    Becker, G.T., Strobel, D., Paar, C., Burleson, W.: Detecting software theft in embedded systems: A side-channel approach. IEEE Transactions on Information Forensics and Security 7(4) (August 2012)Google Scholar
  5. 5.
    Chang, C.-C., Lin, C.-J.: LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2 (2011)Google Scholar
  6. 6.
    Clark, S.S., Ransford, B., Fu, K.: Potentia est scientia: Security and privacy implications of energy-proportional computing. In: HotSec 2012 (August 2012)Google Scholar
  7. 7.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: USENIX Security Symposium (August 2004)Google Scholar
  8. 8.
    Enev, M., Gupta, S., Kohno, T., Patel, S.: Televisions, video privacy, and powerline electromagnetic interference. In: ACM Conference on Computer and Communications Security (CCS) (October 2011)Google Scholar
  9. 9.
    Federal Communications Commission. Code of Federal Regulations, Title 47, Part 15, Sections 101–103 (October 2010)Google Scholar
  10. 10.
    Freedman, M.J., Freudenthal, E., Mazières, D.: Democratizing content publication with Coral. In: USENIX/ACM Symposium on Networked Systems Design and Implementation (NSDI) (March 2004)Google Scholar
  11. 11.
    Gupta, S., Reynolds, M.S., Patel, S.N.: ElectriSense: Single-point sensing using EMI for electrical event detection and classification in the home. In: International Conference on Ubiquitous Computing (UbiComp) (September 2010)Google Scholar
  12. 12.
    Hart, G.W.: Residential energy monitoring and computerized surveillance via utility power flows. IEEE Technology and Society Magazine (June 1989)Google Scholar
  13. 13.
    Hart, G.W.: Nonintrusive appliance load monitoring. Proceedings of the IEEE 80(12) (1992)Google Scholar
  14. 14.
    Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Internet Archive. Internet archive wayback machine (loaded March 2013), http://archive.org/web/web.php
  17. 17.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  18. 18.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. 19.
    Kuhn, M.G.: Electromagnetic eavesdropping risks of flat-panel displays. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 88–107. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Kuhn, M.G.: Security limits for compromising emanations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 265–279. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Kuhn, M.G., Anderson, R.J.: Soft tempest: Hidden data transmission using electromagnetic emanations. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 124–142. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: ACM Conference on Computer and Communications Security (CCS) (October 2006)Google Scholar
  23. 23.
    Lu, L., Chang, E.-C., Chan, M.C.: Website fingerprinting and identification using ordered feature sequences. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 199–214. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Molina-Markham, A., Shenoy, P., Fu, K., Cecchet, E., Irwin, D.: Private memoirs of a smart meter. In: ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Buildings (BuildSys) (November 2010)Google Scholar
  25. 25.
    P3 International. P3 — Kill A Watt (loaded February 13, 2012), http://www.p3international.com/products/special/P4400/P4400-CE.html
  26. 26.
    Patel, S.N., Robertson, T., Kientz, J.A., Reynolds, M.S., Abowd, G.D.: At the flick of a switch: Detecting and classifying unique electrical events on the residential power line (Nominated for the best paper award). In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 271–288. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Rott, J.: Intel Advanced Encryption Standard instructions (AES-NI) (February 2012), http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni
  28. 28.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium (August 2001)Google Scholar
  29. 29.
    Sun, Q., et al.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy (May 2002)Google Scholar
  30. 30.
    United States Environmental Protection Agency. ENERGY STAR program requirements for computers (July 2009), http://www.energystar.gov/ia/partners/prod_development/revisions/downloads/computer/Version5.0_Computer_Spec.pdf
  31. 31.
    van Eck, W.: Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4(4) (December 1985)Google Scholar
  32. 32.
    Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: USENIX Security Symposium (August 2009)Google Scholar
  33. 33.
    White, A.M., Matthews, A.R., Snow, K.Z., Monrose, F.: Phonotactic reconstruction of encrypted VoIP conversations: Hookt on Fon-iks. In: IEEE Symposium on Security and Privacy (May 2011)Google Scholar
  34. 34.
    Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: USENIX Security Symposium (August 2007)Google Scholar
  35. 35.
    Yee, B., Sehr, D., Dardyk, G., Chen, B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A sandbox for portable, untrusted x86 native code. In: IEEE Symposium on Security and Privacy (May 2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Shane S. Clark
    • 1
  • Hossen Mustafa
    • 2
  • Benjamin Ransford
    • 3
  • Jacob Sorber
    • 4
  • Kevin Fu
    • 5
  • Wenyuan Xu
    • 2
    • 6
  1. 1.University of Massachusetts AmherstUSA
  2. 2.University of South CarolinaUSA
  3. 3.University of WashingtonUSA
  4. 4.Clemson UniversityUSA
  5. 5.University of MichiganUSA
  6. 6.Zhejiang UniversityChina

Personalised recommendations