Detection of and Countermeasure Against Thermal Covert Channel in Many-Core Systems

Abstract: The thermal covert channels (TCC's) in many-core systems can cause detrimental data breaches. In this paper, we present a three-step scheme to detect and fight against such TCC attacks. Specifically, in the detection step, each core calculates the spectrum of its own CPU workload traces that are collected over a few fixed time intervals, and then it applies a frequency scanning method to detect if there exists any TCC attack. In the next positioning step, the logical cores running the transmitter threads are l… Show more

“…With heat as communication media and no shared resources (e.g., cache and memory), the thermal covert channel attacks can be launched in many-core systems [2], [3], [5], [7] more easily than other types of covert channels. A typical thermal covert channel is modeled to include a transmitter and a receiver as well as a defender, shown in Fig.…”

“…For example, before a user application is loaded into its own SGX enclave, the transmitter codes can be injected into the user application as a Trojan [9], resulting in that the transmitter is able to run in the secure zone and has access to private data. After implanted into the secure zone, a TCC program can leak private data by deliberately manipulating chip temperatures [2], [3], [5], [6]. The thermal signals can be obtained either by directly reading the thermal sensors through MSR (i.e., Model Specific Register) software interface [10] or by reading the temperature files exposed by some commonly installed temperature-monitoring utility tool (e.g., CoreTemp [11] in Linux system).…”

“…Hereinafter, the TCC models described in [5] are adopted as the baseline TCC model in this paper. In paricular, both 0-hop and 1-hop TCCs are considered.…”

“…1(a)) to 0.9t b (the case shown in Fig. 1(b)), the signal amplitude is so low that the threshold-based detection schemes proposed in [5], [6] will fail to detect any TCC, pushing down the detection accuracy to almost 0 as indicated in Fig. 1(c).…”

“…To fight against TCC attacks, the dynamic voltage and frequency scaling (DVFS) or noise jamming based countermeasures that are supposedly to block any meaningful thermal signal transmission can be applied [5], [6]. Both countermeasures rely on the threshold-based detection methods to detect the existence of a TCC.…”

Detection of Thermal Covert Channel Attacks Based on Classification of Components of the Thermal Signal Features

“…With heat as communication media and no shared resources (e.g., cache and memory), the thermal covert channel attacks can be launched in many-core systems [2], [3], [5], [7] more easily than other types of covert channels. A typical thermal covert channel is modeled to include a transmitter and a receiver as well as a defender, shown in Fig.…”

“…For example, before a user application is loaded into its own SGX enclave, the transmitter codes can be injected into the user application as a Trojan [9], resulting in that the transmitter is able to run in the secure zone and has access to private data. After implanted into the secure zone, a TCC program can leak private data by deliberately manipulating chip temperatures [2], [3], [5], [6]. The thermal signals can be obtained either by directly reading the thermal sensors through MSR (i.e., Model Specific Register) software interface [10] or by reading the temperature files exposed by some commonly installed temperature-monitoring utility tool (e.g., CoreTemp [11] in Linux system).…”

“…Hereinafter, the TCC models described in [5] are adopted as the baseline TCC model in this paper. In paricular, both 0-hop and 1-hop TCCs are considered.…”

“…1(a)) to 0.9t b (the case shown in Fig. 1(b)), the signal amplitude is so low that the threshold-based detection schemes proposed in [5], [6] will fail to detect any TCC, pushing down the detection accuracy to almost 0 as indicated in Fig. 1(c).…”

“…To fight against TCC attacks, the dynamic voltage and frequency scaling (DVFS) or noise jamming based countermeasures that are supposedly to block any meaningful thermal signal transmission can be applied [5], [6]. Both countermeasures rely on the threshold-based detection methods to detect the existence of a TCC.…”

Detection of Thermal Covert Channel Attacks Based on Classification of Components of the Thermal Signal Features

Dual-Tone Multi-Frequency Assisted Acoustic Side Channel Attack to Retrieve Dialled Call Log

Time’s a Thief of Memory