Thermal covert channel in bluetooth low energy networks

Claeys, Timothy; Rousseau, Franck; Simunovic, Boris; Tourancheau, Bernard

doi:10.1145/3317549.3319730

Cited by 8 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We analyze the feasibility of the thermal sensor in distinguishing cache access (i.e., cache hit) from physical memory access. In previous studies [8], [11], [12], [28], remnant heat or heat propagation occurring during the execution of a compute-intensive application were exploited to construct a covert channel. However, because of the limited capacity (i.e., resolution and sampling rate), these approaches are impractical for implementing side-channel attacks.…”

Section: B Distinguishing Memory Accessmentioning

confidence: 99%

See 1 more Smart Citation

ThermalBleed: A Practical Thermal Side-Channel Attack

Shin

2022

IEEE Access

View full text Add to dashboard Cite

Modern OSs expose an interface for monitoring CPU temperature to unprivileged users for effective user decision-based thermal management. Due to the low sampling rate and resolution, thermal sensors have generally been restricted to the construction of covert channels. However, exposing the thermal interface to unprivileged users may be problematic, because the heat emission inside a CPU core is affected by program execution on the core; an attacker may be able to infer the secret information of the program by exploiting the thermal interface as a side-channel. In this paper, we extensively analyze digital thermal sensors in Intel CPUs and show that it is possible to implement a software-based thermal side-channel attack. Specifically, by analyzing some properties of the thermal sensors, we inferred that the thermal sensor makes it possible to distinguish between a cache hit and a physical memory access in memory load operations. Based on the analysis results, we implement ThermalBleed, a thermal side-channel attack that breaks kernel address space layout randomization (KASLR) in Linux systems. Moreover, by conducting an in-depth analysis, we identify useful hidden properties of the Intel thermal sensors. Our analysis establishes a stepping stone to build a more precise and effective thermal side-channel attack in the future. To the best of our knowledge, this is the first work that extends a thermal covert channel to a practical side-channel attack by exploring the properties of Intel digital thermal sensors.INDEX TERMS Breaking KASLR, Digital thermal sensor, Thermal side-channel attack.

show abstract

Section: B Distinguishing Memory Accessmentioning

confidence: 99%

“…[11], [12], [28] explored the observed phenomenon without conducting a thorough analysis of the thermal sensor. This 669 restricted the current research to a simple thermal covert 670 channel, rather than a precise and effective thermal side-671 channel attack.…”

Section: In-depth Analysis Of Thermal Sensorsmentioning

confidence: 99%

ThermalBleed: A Practical Thermal Side-Channel Attack

Shin

2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Therefore, low power consumption can affect the systems' temperatures; • Last, but not least, is easy implementation. Some of the proposed countermeasure methods may need special types of equipment or labs, which may be costly or hard to implement, such as [32,37,52]. However, the proposed countermeasure can easily be employed for any device or system.…”

Section: Referencesmentioning

confidence: 99%

Selective Noise Based Power-Efficient and Effective Countermeasure against Thermal Covert Channel Attacks in Multi-Core Systems

Rahimi

Singh

Wang

2022

JLPEA

View full text Add to dashboard Cite

With increasing interest in multi-core systems, such as any communication systems, infra-structures can become targets for information leakages via covert channel communication. Covert channel attacks lead to leaking secret information and data. To design countermeasures against these threats, we need to have good knowledge about classes of covert channel attacks along with their properties. Temperature–based covert communication channel, known as Thermal Covert Channel (TCC), can pose a threat to the security of critical information and data. In this paper, we present a novel scheme against such TCC attacks. The scheme adds selective noise to the thermal signal so that any possible TCC attack can be wiped out. The noise addition only happens at instances when there are chances of correct information exchange to increase the bit error rate (BER) and keep the power consumption low. Our experiments have illustrated that the BER of a TCC attack can increase to 94% while having similar power consumption as that of state-of-the-art

show abstract