Abstract
Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of 441 pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure.
Keywords
- Power Consumption
- Side Channel
- Background Process
- Threat Model
- Parasitic Modulation
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Chapter PDF
References
iMacros for Firefox (loaded September 2011), http://www.iopus.com/imacros/firefox/
Alexa Internet, Inc. Top 1,000,000 sites (updated daily) (loaded February 12, 2012), http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Barisani, A., Bianco, D.: Sniffing keystrokes with lasers/voltmeters. CanSecWest (March 2009), Presentation slides
Becker, G.T., Strobel, D., Paar, C., Burleson, W.: Detecting software theft in embedded systems: A side-channel approach. IEEE Transactions on Information Forensics and Security 7(4) (August 2012)
Chang, C.-C., Lin, C.-J.: LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2 (2011)
Clark, S.S., Ransford, B., Fu, K.: Potentia est scientia: Security and privacy implications of energy-proportional computing. In: HotSec 2012 (August 2012)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: USENIX Security Symposium (August 2004)
Enev, M., Gupta, S., Kohno, T., Patel, S.: Televisions, video privacy, and powerline electromagnetic interference. In: ACM Conference on Computer and Communications Security (CCS) (October 2011)
Federal Communications Commission. Code of Federal Regulations, Title 47, Part 15, Sections 101–103 (October 2010)
Freedman, M.J., Freudenthal, E., Mazières, D.: Democratizing content publication with Coral. In: USENIX/ACM Symposium on Networked Systems Design and Implementation (NSDI) (March 2004)
Gupta, S., Reynolds, M.S., Patel, S.N.: ElectriSense: Single-point sensing using EMI for electrical event detection and classification in the home. In: International Conference on Ubiquitous Computing (UbiComp) (September 2010)
Hart, G.W.: Residential energy monitoring and computerized surveillance via utility power flows. IEEE Technology and Society Magazine (June 1989)
Hart, G.W.: Nonintrusive appliance load monitoring. Proceedings of the IEEE 80(12) (1992)
Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003)
Hsu, C.-W.: Multi-label classification, http://www.csie.ntu.edu.tw/~cjlin/libsvmtools/#multi_label_classification
Internet Archive. Internet archive wayback machine (loaded March 2013), http://archive.org/web/web.php
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kuhn, M.G.: Electromagnetic eavesdropping risks of flat-panel displays. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 88–107. Springer, Heidelberg (2005)
Kuhn, M.G.: Security limits for compromising emanations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 265–279. Springer, Heidelberg (2005)
Kuhn, M.G., Anderson, R.J.: Soft tempest: Hidden data transmission using electromagnetic emanations. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 124–142. Springer, Heidelberg (1998)
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: ACM Conference on Computer and Communications Security (CCS) (October 2006)
Lu, L., Chang, E.-C., Chan, M.C.: Website fingerprinting and identification using ordered feature sequences. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 199–214. Springer, Heidelberg (2010)
Molina-Markham, A., Shenoy, P., Fu, K., Cecchet, E., Irwin, D.: Private memoirs of a smart meter. In: ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Buildings (BuildSys) (November 2010)
P3 International. P3 — Kill A Watt (loaded February 13, 2012), http://www.p3international.com/products/special/P4400/P4400-CE.html
Patel, S.N., Robertson, T., Kientz, J.A., Reynolds, M.S., Abowd, G.D.: At the flick of a switch: Detecting and classifying unique electrical events on the residential power line (Nominated for the best paper award). In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 271–288. Springer, Heidelberg (2007)
Rott, J.: Intel Advanced Encryption Standard instructions (AES-NI) (February 2012), http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium (August 2001)
Sun, Q., et al.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy (May 2002)
United States Environmental Protection Agency. ENERGY STAR program requirements for computers (July 2009), http://www.energystar.gov/ia/partners/prod_development/revisions/downloads/computer/Version5.0_Computer_Spec.pdf
van Eck, W.: Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4(4) (December 1985)
Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: USENIX Security Symposium (August 2009)
White, A.M., Matthews, A.R., Snow, K.Z., Monrose, F.: Phonotactic reconstruction of encrypted VoIP conversations: Hookt on Fon-iks. In: IEEE Symposium on Security and Privacy (May 2011)
Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: USENIX Security Symposium (August 2007)
Yee, B., Sehr, D., Dardyk, G., Chen, B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A sandbox for portable, untrusted x86 native code. In: IEEE Symposium on Security and Privacy (May 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clark, S.S., Mustafa, H., Ransford, B., Sorber, J., Fu, K., Xu, W. (2013). Current Events: Identifying Webpages by Tapping the Electrical Outlet. In: Crampton, J., Jajodia, S., Mayes, K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-40203-6_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40202-9
Online ISBN: 978-3-642-40203-6
eBook Packages: Computer ScienceComputer Science (R0)