Date of Award

8-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

School of Computing

Committee Chair/Advisor

Dr. Zhenkai Zhang

Committee Member

Dr. Rong Ge

Committee Member

Dr. Long Cheng

Committee Member

Dr. Mert Pesé

Abstract

Side-channel information consists of side effects of computation that range from microarchitectural to physical phenomena. Empirical studies have demonstrated the practical exploitability of these side effects in real-world systems for malicious attacks and effective defenses. In this dissertation, we discover, analyze, and exploit certain physical side-channel information for end-to-end attacks and defense across three studies.

In the first study, we demonstrate a new DNN model extraction attack named Clairvoyance that exploits certain far-field electromagnetic signals emitted from a GPU to steal DNN models several meters away from the victim machine, even with some physical obstacles in between. Using Clairvoyance, an attacker can effectively deduce DNN architectures and layer configurations.

In the second study, we discover that the vibrations of a system's mechanical components are strongly correlated with the computational activities of running applications. Based on this observation, we propose a new application fingerprinting technique named mmFingerprint with the help of mmWave sensing. To showcase its use in cybersecurity for defensive purposes, we deploy it in a real computer system to detect the execution of reputable Rowhammer attack tools, achieving very high accuracy in practical scenarios.

In the third study, we introduce a new physical side-channel attack vector named FanBleed that exploits the CPU cooling fan's mechanical movements to infer sensitive information about ongoing computational activities. We demonstrate the real-world impacts of FanBleed through two attacks: a website fingerprinting attack and a cryptanalytic attack targeting the SIKE secret key. Our work highlights the CPU cooling fan as a widely available and unexplored side channel, urging the need to assess its security implications and develop effective countermeasures against FanBleed-like attacks.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.