Showing 1–3 of 3 results for author: Dipta, D R

Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments

Authors: Debopriya Roy Dipta, Thore Tiemann, Berk Gulmezoglu, Eduard Marin, Thomas Eisenbarth

Abstract: The cloud computing landscape has evolved significantly in recent years, embracing various sandboxes to meet the diverse demands of modern cloud applications. These sandboxes encompass container-based technologies like Docker and gVisor, microVM-based solutions like Firecracker, and security-centric sandboxes relying on Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV. However,… ▽ More The cloud computing landscape has evolved significantly in recent years, embracing various sandboxes to meet the diverse demands of modern cloud applications. These sandboxes encompass container-based technologies like Docker and gVisor, microVM-based solutions like Firecracker, and security-centric sandboxes relying on Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV. However, the practice of placing multiple tenants on shared physical hardware raises security and privacy concerns, most notably side-channel attacks. In this paper, we investigate the possibility of fingerprinting containers through CPU frequency reporting sensors in Intel and AMD CPUs. One key enabler of our attack is that the current CPU frequency information can be accessed by user-space attackers. We demonstrate that Docker images exhibit a unique frequency signature, enabling the distinction of different containers with up to 84.5% accuracy even when multiple containers are running simultaneously in different cores. Additionally, we assess the effectiveness of our attack when performed against several sandboxes deployed in cloud environments, including Google's gVisor, AWS' Firecracker, and TEE-based platforms like Gramine (utilizing Intel SGX) and AMD SEV. Our empirical results show that these attacks can also be carried out successfully against all of these sandboxes in less than 40 seconds, with an accuracy of over 70% in all cases. Finally, we propose a noise injection-based countermeasure to mitigate the proposed attack on cloud environments. △ Less

Submitted 23 May, 2024; v1 submitted 16 April, 2024; originally announced April 2024.

DF-SCA: Dynamic Frequency Side Channel Attacks are Practical

Authors: Debopriya Roy Dipta, Berk Gulmezoglu

Abstract: The arm race between hardware security engineers and side-channel researchers has become more competitive with more sophisticated attacks and defenses in the last decade. While modern hardware features improve the system performance significantly, they may create new attack surfaces for malicious people to extract sensitive information about users without physical access to the victim device. Alth… ▽ More The arm race between hardware security engineers and side-channel researchers has become more competitive with more sophisticated attacks and defenses in the last decade. While modern hardware features improve the system performance significantly, they may create new attack surfaces for malicious people to extract sensitive information about users without physical access to the victim device. Although many previously exploited hardware and OS features were patched by OS developers and chip vendors, any feature that is accessible from userspace applications can be exploited to perform software-based side-channel attacks. In this paper, we present DF-SCA, which is a software-based dynamic frequency side-channel attack on Linux and Android OS devices. We exploit unprivileged access to cpufreq interface that exposes real-time CPU core frequency values directly correlated with the system utilization, creating a reliable side-channel for attackers. We show that Dynamic Voltage and Frequency Scaling (DVFS) feature in modern systems can be utilized to perform website fingerprinting attacks for Google Chrome and Tor browsers on modern Intel, AMD, and ARM architectures. We further extend our analysis to a wide selection of scaling governors on Intel and AMD CPUs, verifying that all scaling governors provide enough information on the visited web page. Moreover, we extract properties of keystroke patterns on frequency readings, that leads to 95% accuracy to distinguish the keystrokes from other activities on Android phones. We leverage inter-keystroke timings of a user by training a k-th nearest neighbor model, which achieves 88% password recovery rate in the first guess on Bank of America application. Finally, we propose several countermeasures to mask the user activity to mitigate DF-SCA on Linux-based systems. △ Less

Submitted 8 August, 2022; v1 submitted 27 June, 2022; originally announced June 2022.

MAD-EN: Microarchitectural Attack Detection through System-wide Energy Consumption

Authors: Debopriya Roy Dipta, Berk Gulmezoglu

Abstract: Microarchitectural attacks have become more threatening the hardware security than before with the increasing diversity of attacks such as Spectre and Meltdown. Vendor patches cannot keep up with the pace of the new threats, which makes the dynamic anomaly detection tools more evident than before. Unfortunately, previous studies utilize hardware performance counters that lead to high performance o… ▽ More Microarchitectural attacks have become more threatening the hardware security than before with the increasing diversity of attacks such as Spectre and Meltdown. Vendor patches cannot keep up with the pace of the new threats, which makes the dynamic anomaly detection tools more evident than before. Unfortunately, previous studies utilize hardware performance counters that lead to high performance overhead and profile limited number of microarchitectural attacks due to the small number of counters that can be profiled concurrently. This yields those detection tools inefficient in real-world scenarios. In this study, we introduce MAD-EN dynamic detection tool that leverages system-wide energy consumption traces collected from a generic Intel RAPL tool to detect ongoing anomalies in a system. In our experiments, we show that CNN-based MAD-EN can detect 10 different microarchitectural attacks with a total of 15 variants with the highest F1 score of 0.999, which makes our tool the most generic attack detection tool so far. Moreover, individual attacks can be distinguished with a 98% accuracy after an anomaly is detected in a system. We demonstrate that MAD-EN introduces 69.3% less performance overhead compared to performance counter-based detection mechanisms. △ Less

Submitted 31 May, 2022; originally announced June 2022.