Robust Covert Channels Based on DRAM Power Consumption

To improve the energy efficiency of computing systems, modern CPUs provide registers that give estimates on the power consumption. However, the ability to read the power consumption introduces one class of security concerns called covert channels, which are communication channels that enable one process to transmit a message to another one in a system where these processes were meant to be isolated. Our contribution consists in the first covert channel in which messages are transmitted by modulating the DRAM power consumption. The channel implementation outperforms similar proposals, achieving 1800 bps with 10% error, and 2400 bps with 15% error, when running on a notebook and on a desktop platforms, respectively, To test its robustness against application interference, we considered the channel’s performance when running concurrently with different benchmarks: MRBench, Terasort and LINPACK. When running on the notebook, the channel is fairly robust, achieving between 300 and 600 bps with around 10% error depending on the workload considered.

[1]  Shirley Moore,et al.  Measuring Energy and Power with PAPI , 2012, 2012 41st International Conference on Parallel Processing Workshops.

[2]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[3]  Nael B. Abu-Ghazaleh,et al.  Covert channels through branch predictors: a feasibility study , 2015, HASP@ISCA.

[4]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[5]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[6]  Srdjan Capkun,et al.  Thermal Covert Channels on Multi-core Platforms , 2015, USENIX Security Symposium.

[7]  Milos Doroslovacki,et al.  Are Coherence Protocol States Vulnerable to Information Leakage? , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[8]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[9]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[10]  Klaus Wagner,et al.  Flush+Flush: A Stealthier Last-Level Cache Attack , 2015, ArXiv.

[11]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[12]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[13]  Lothar Thiele,et al.  On the capacity of thermal covert channels in multicores , 2016, EuroSys.

[14]  Sebastian Zander,et al.  Capacity of Temperature-Based Covert Channels , 2011, IEEE Communications Letters.

[15]  Luke Deshotels,et al.  Inaudible Sound as a Covert Channel in Mobile Devices , 2014, WOOT.

[16]  Vincent M. Weaver,et al.  A Validation of DRAM RAPL Power Measurements , 2016, MEMSYS.

[17]  Yingtao Jiang,et al.  Improving the efficiency of thermal covert channels in multi-/many-core systems , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[18]  Lothar Thiele,et al.  The security risks of power measurements in multicores , 2018, SAC.

[19]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[20]  Jack J. Dongarra,et al.  Performance of various computers using standard linear equations software in a FORTRAN environment , 1988, CARN.

[21]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[22]  Heiko Mantel,et al.  How Secure Is Green IT? The Case of Software-Based Energy Side Channels , 2018, ESORICS.

[23]  Kiyoung Kim,et al.  MRBench: A Benchmark for MapReduce Framework , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[24]  Lin Yan,et al.  A Study on Power Side Channels on Mobile Devices , 2015, Internetware.

[25]  Gabi Nakibly,et al.  PowerSpy: Location Tracking Using Mobile Device Power Analysis , 2015, USENIX Security Symposium.