research-article

Electromagnetic Fingerprinting of Memory Heartbeats: System and Applications

Authors:

Jingshu ChenAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 6, Issue 3

Article No.: 138, Pages 1 - 23

https://doi.org/10.1145/3550295

Published: 07 September 2022 Publication History

Abstract

This paper presents MemScope, a system that fingerprints devices via electromagnetic sensing of their memory heartbeats, i.e., the clock signal that synchronizes memory and memory controller. MemScope leverages the enhanced resolution and security of memory heartbeat fingerprint, which has enriched spectral features thanks to the spread spectrum generation of memory clock, and cannot be concealed as long as the device accesses its memory during computing. MemScope employs signal processing algorithms that allow it to hear the memory heartbeats of devices from a distance, in the presence of noise, and in crowded environments where multiple devices coexist. It then fingerprints memory heartbeats using machine learning tools. Measurements on a set of 65 devices over a month validate the robustness of fingerprint against time variation, and show a high precision and recall. We then use the neural network to build a detector to defend against possible replay attacks. Finally, we further demonstrate the effectiveness of MemScope in two application scenarios, (i) detecting wireless identity spoofing and (ii) identifying and localizing unauthorized hidden cameras.

References

[1]

Gianmarco Baldini, Gary Steri, Franc Dimc, Raimondo Giuliani, and Roman Kamnik. 2016. Experimental identification of smartphones using fingerprints of built-in micro-electro mechanical systems (MEMS). Sensors 16, 6 (2016), 818.

[2]

Kevin Bauer, Harold Gonzales, and Damon McCoy. 2008. Mitigating evil twin attacks in 802.11. In 2008 IEEE International Performance, Computing and Communications Conference. IEEE, 513--516.

[3]

Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking. 116--127.

Digital Library

[4]

Yushi Cheng, Xiaoyu Ji, Tianyang Lu, and Wenyuan Xu. 2018. Dewicam: Detecting hidden wireless cameras via smartphones. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 1--13.

Digital Library

[5]

Yushi Cheng, Xiaoyu Ji, Juchuan Zhang, Wenyuan Xu, and Yi-Chao Chen. 2019. Demicpu: Device fingerprinting with magnetic signals radiated by cpu. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1149--1170.

Digital Library

[6]

T Cross and T Takahashi. 2011. Secure open wireless access. Black Hat USA (2011).

[7]

Sanorita Dey, Nirupam Roy Wenyuan Xu, Romit Roy Choudhury, and Srihari Nelakuditi. 2014. AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable. In NDSS. Citeseer.

[8]

Daniel B Faria and David R Cheriton. 2006. Detecting identity-based attacks in wireless networks using signalprints. In Proceedings of the 5th ACM workshop on Wireless security. 43--52.

Digital Library

[9]

Driver Fingerprinting. 2008. Passive Data Link Layer 802.11 Wireless Device. (2008).

[10]

Great Scott Gadgets. 2014. HackRF One. https://hackrf.readthedocs.io/en/latest/hackrf_one.html.

[11]

Harold Gonzales, Kevin Bauer, Janne Lindqvist, Damon McCoy, and Douglas Sicker. 2010. Practical defenses for evil twin attacks in 802.11. In 2010 IEEE Global Telecommunications Conference GLOBECOM 2010. IEEE, 1--6.

[12]

Yeswanth Guddeti, Raghav Subbaraman, Moein Khazraee, Aaron Schulman, and Dinesh Bharadia. 2019. Sweepsense: Sensing 5 ghz in 5 milliseconds with low-cost radios. In 16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19). 317--330.

[13]

Fanglu Guo and Tzi-cker Chiueh. 2005. Sequence number-based MAC address spoof detection. In International Workshop on Recent Advances in Intrusion Detection. Springer, 309--329.

[14]

Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Yuval Elovici. 2015. GSMem: Data Exfiltration from Air-Gapped Computers over {GSM} Frequencies. In 24th {USENIX} Security Symposium ({USENIX} Security 15). 849--864.

[15]

Jeyanthi Hall, Michel Barbeau, and Evangelos Kranakis. 2005. Radio frequency fingerprinting for intrusion detection in wireless networks. IEEE Transactions on Defendable and Secure Computing 12 (2005), 1--35.

[16]

Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, and Athina Petropulu. 2017. Watch me, but don't touch me! contactless control flow monitoring via electromagnetic emanations. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 1095--1108.

Digital Library

[17]

Haitham Hassanieh, Lixin Shi, Omid Abari, Ezzeldine Hamed, and Dina Katabi. 2013. Bigband: Ghz-wide sensing and decoding on commodity radios. (2013).

[18]

hsd1503. 2020. Resnet1d. https://github.com/hsd1503/resnet1d.

[19]

Jun Huang, Wahhab Albazrqaoe, and Guoliang Xing. 2014. Blueid: A practical system for bluetooth device identification. In IEEE INFOCOM 2014-IEEE Conference on Computer Communications. IEEE, 2849--2857.

[20]

Omar Adel Ibrahim, Savio Sciancalepore, Gabriele Oligeri, and Roberto Di Pietro. 2020. MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions. ACM Trans. Embed. Comput. Syst. 20, 1, Article 8 (dec 2020), 26 pages. https://doi.org/10.1145/3422308

Digital Library

[21]

Taebeom Kim, Haemin Park, Hyunchul Jung, and Heejo Lee. 2012. Online detection of fake access points using received signal strengths. In 2012 IEEE 75th vehicular technology conference (VTC Spring). IEEE, 1--5.

[22]

Tadayoshi Kohno, Andre Broido, and Kimberly C Claffy. 2005. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (2005), 93--108.

Digital Library

[23]

Gierad Laput, Chouchang Yang, Robert Xiao, Alanson Sample, and Chris Harrison. 2015. EM-Sense: Touch Recognition of Uninstrumented, Electrical and Electromechanical Objects. In Proceedings of the 28th Annual ACM Symposium on User Interface Software amp; Technology (Charlotte, NC, USA) (UIST '15). New York, NY, USA, 157--166.

Digital Library

[24]

Xiang-Yang Li, Huiqi Liu, Lan Zhang, Zhenan Wu, Yaochen Xie, Ge Chen, Chunxiao Wan, and Zhongwei Liang. 2019. Finding the Stars in the Fireworks: Deep Understanding of Motion Sensor Fingerprint. IEEE/ACM Transactions on Networking 27, 5 (2019), 1945--1958. https://doi.org/10.1109/TNET.2019.2933269

Digital Library

[25]

Pengfei Liu, Panlong Yang, Wen-Zhan Song, Yubo Yan, and Xiang-Yang Li. 2019. Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features. In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. 190--198. https://doi.org/10.1109/INFOCOM.2019.8737455

Digital Library

[26]

Tian Liu, Ziyu Liu, Jun Huang, Rui Tan, and Zhen Tan. 2018. Detecting wireless spy cameras via stimulating and probing. In Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services. 243--255.

Digital Library

[27]

Laura J. Mariano, Alexander Aubuchon, Troy Lau, Onur Ozdemir, Tomo Lazovich, and John Coakley. 2020. Classification of Electronic Devices and Software Processes via Unintentional Electronic Emissions With Neural Decoding Algorithms. IEEE Transactions on Electromagnetic Compatibility 62, 2 (2020), 470--477. https://doi.org/10.1109/TEMC.2019.2903232

[28]

Diogo Mónica and Carlos Ribeiro. 2011. Wifihop-mitigating the evil twin attack through multi-hop detection. In European Symposium on Research in Computer Security. Springer, 21--39.

[29]

Daniel Moser, Patrick Leu, Vincent Lenders, Aanjhan Ranganathan, Fabio Ricciato, and Srdjan Capkun. 2016. Investigation of Multi-Device Location Spoofing Attacks on Air Traffic Control and Possible Countermeasures (MobiCom '16). Association for Computing Machinery, New York, NY, USA, 375--386. https://doi.org/10.1145/2973750.2973763

Digital Library

[30]

Alireza Nazari, Nader Sehatbakhsh, Monjur Alam, Alenka Zajic, and Milos Prvulovic. 2017. Eddie: Em-based detection of deviations in program execution. In Proceedings of the 44th Annual International Symposium on Computer Architecture. 333--346.

Digital Library

[31]

Michael W Noel, WM Griffith, and TF Gallagher. 1998. Frequency-modulated excitation of a two-level atom. Physical Review A 58, 3 (1998), 2265.

[32]

Nuand. 2016. BladeRF x40. https://www.nuand.com/product/bladerf-x40/.

[33]

Nuand. 2018. BladeRF micro 2.0 xA4. https://www.nuand.com/product/bladerf-xa4/.

[34]

Osmocom. 2012. RTL-SDR. https://www.rtl-sdr.com/about-rtl-sdr/.

[35]

Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 2007. 11 user fingerprinting. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking. 99--110.

Digital Library

[36]

Vern Paxson. 1998. On calibrating measurements of packet transit times. In Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems. 11--21.

Digital Library

[37]

Saeed Ur Rehman, Kevin W. Sowerby, and Colin Coghill. 2014. Analysis of impersonation attacks on systems using RF fingerprinting and low-end receivers. J. Comput. System Sci. 80, 3 (2014), 591--601. Special Issue on Wireless Network Intrusion.

Digital Library

[38]

Donald Reising, Joseph Cancelleri, T. Daniel Loveless, Farah Kandah, and Anthony Skjellum. 2021. Radio Identity Verification-Based IoT Security Using RF-DNA Fingerprints and SVM. IEEE Internet of Things Journal 8, 10 (2021), 8356--8371. https://doi.org/10.1109/JIOT.2020.3045305

[39]

Ettus Research. 2014. USRP B210. https://files.ettus.com/manual/page_usrp_b200.html.

[40]

Marco Schwartz. 2016. Internet of Things with ESP8266. Packt Publishing Ltd.

[41]

Nader Sehatbakhsh, Alireza Nazari, Haider Khan, Alenka Zajic, and Milos Prvulovic. 2019. EMMA: Hardware/software attestation framework for embedded systems using electromagnetic signals. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. 983--995.

Digital Library

[42]

Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 1--11.

[43]

Cheng Shen and Jun Huang. 2021. EarFisher: Detecting Wireless Eavesdroppers by Stimulating and Sensing Memory {EMR}. In 18th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 21). 873--886.

[44]

C. Shen, T. Liu, J. Huang, and R. Tan. 2021. When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient. In 2021 2021 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 529--542. https://doi.org/10.1109/SP40001.2021.00031

[45]

Mridula Singh, Patrick Leu, AbdelRahman Abdou, and Srdjan Capkun. 2019. UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 73--88. https://www.usenix.org/conference/usenixsecurity19/presentation/singh

[46]

Mridula Singh, Marc Roeschlin, Aanjhan Ranganathan, and Srdjan Capkun. 2020. V-Range: Enabling Secure Ranging in 5G Wireless Networks. (2020). https://doi.org/10.3929/ethz-b-000440601

[47]

Yimin Song, Chao Yang, and Guofei Gu. 2010. Who is peeping at your passwords at Starbucks?---To catch an evil twin access point. In 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN). IEEE, 323--332.

[48]

David H Staelin. 1969. Fast folding algorithm for detection of periodic pulse trains. Proc. IEEE 57, 4 (1969), 724--725.

[49]

Michael C Whitlock. 2005. Combining probability from independent tests: the weighted Z-method is superior to Fisher's approach. Journal of evolutionary biology 18, 5 (2005), 1368--1373.

[50]

Chouchang Yang and Alanson P. Sample. 2016. EM-ID: Tag-less identification of electrical devices via electromagnetic emissions. In 2016 IEEE International Conference on RFID (RFID). 1--8. https://doi.org/10.1109/RFID.2016.7488014

[51]

Ting-Fang Yen, Yinglian Xie, Fang Yu, Roger Peng Yu, and Martin Abadi. 2012. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In NDSS, Vol. 62. 66.

[52]

Z. Zhan, Z. Zhang, S. Liang, F. Yao, and X. Koutsoukos. 2022. Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors. In 2022 2022 IEEE Symposium on Security and Privacy (SP) (SP). IEEE Computer Society, Los Alamitos, CA, USA, 1253--1270. ttps://doi.org/10.1109/SP46214.2022.00073

[53]

Jiexin Zhang, Alastair R. Beresford, and Ian Sheret. 2019. SensorID: Sensor Calibration Fingerprinting for Smartphones. In 2019 IEEE Symposium on Security and Privacy (SP). 638--655. https://doi.org/10.1109/SP.2019.00072

[54]

Zhenkai Zhang, Zihao Zhan, Daniel Balasubramanian, Bo Li, Peter Volgyesi, and Xenofon Koutsoukos. 2020. Leveraging EM Side-Channel Information to Detect Rowhammer Attacks. In 2020 IEEE Symposium on Security and Privacy (S&P'20). 862--879.

[55]

Tianhang Zheng, Zhi Sun, and Kui Ren. 2019. FID: Function Modeling-based Data-Independent and Channel-Robust Physical-Layer Identification. In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. 199--207. https://doi.org/10.1109/INFOCOM.2019.8737597

Digital Library

Cited By

Zhang QLiu DZhang XCao ZZeng FJiang HJin WBalzarotti DXu W(2024)Eye of sauronProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698907(109-126)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698907
Zhou RJi XChen HYan CXu W(2024)Detecting Hidden Voice Recorders via ADC Electromagnetic RadiationACM Transactions on Sensor Networks10.1145/3700595Online publication date: 22-Oct-2024
https://doi.org/10.1145/3700595
Li YYan ZJin WNing ZLiu DQin ZLiu YZhu HLi MLuo BLiao XXu JKirda ELie D(2024)GPSBuster: Busting out Hidden GPS Trackers via MSoC Electromagnetic RadiationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690362(3302-3316)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690362
Show More Cited By

Index Terms

Electromagnetic Fingerprinting of Memory Heartbeats: System and Applications
1. Human-centered computing
  1. Ubiquitous and mobile computing
2. Security and privacy
  1. Security in hardware
    1. Embedded systems security

Recommendations

DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

With the widespread use of smart devices, device authentication has received much attention. One popular method for device authentication is to utilize internally-measured device fingerprints, such as device ID, software or hardware-based ...
Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic Emanations
RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses

External disks (abbr., disks) are common data storage peripherals for hosts. Verifying the disk’s legitimacy is crucial to prevent security issues on a host like privacy leakage and virus propagation before interaction setup. To address this issue, we ...
Device Fingerprinting with Magnetic Induction Signals Radiated by CPU Modules
With the widespread use of smart devices, device authentication has received much attention. One popular method for device authentication is to utilize internally measured device fingerprints, such as device ID, software or hardware-based characteristics. ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 6, Issue 3

September 2022

1612 pages

EISSN:2474-9567

DOI:10.1145/3563014

Issue’s Table of Contents

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2022

Published in IMWUT Volume 6, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
445
Total Downloads

Downloads (Last 12 months)79
Downloads (Last 6 weeks)4

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang QLiu DZhang XCao ZZeng FJiang HJin WBalzarotti DXu W(2024)Eye of sauronProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698907(109-126)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698907
Zhou RJi XChen HYan CXu W(2024)Detecting Hidden Voice Recorders via ADC Electromagnetic RadiationACM Transactions on Sensor Networks10.1145/3700595Online publication date: 22-Oct-2024
https://doi.org/10.1145/3700595
Li YYan ZJin WNing ZLiu DQin ZLiu YZhu HLi MLuo BLiao XXu JKirda ELie D(2024)GPSBuster: Busting out Hidden GPS Trackers via MSoC Electromagnetic RadiationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690362(3302-3316)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690362
Shen XYu CWang XLiang CChen HShi Y(2024)MouseRing: Always-available Touchpad Interaction with IMU RingsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642225(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642225
Iyer VRezac JBooth J(2024)Using Near-Field Electromagnetic Side Channels for Efficiently Fingerprinting Wireless Modules2024 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE62042.2024.10792731(1-6)Online publication date: 12-Nov-2024
https://doi.org/10.1109/PAINE62042.2024.10792731
Zhang QWang PLi YHu JZheng HZeng FLiu CJiang H(2024)CamShield: Tracing Electromagnetics to Steer Ultrasound Against Illegal CamerasIEEE Internet of Things Journal10.1109/JIOT.2024.342847511:20(33296-33311)Online publication date: 15-Oct-2024
https://doi.org/10.1109/JIOT.2024.3428475
Noakoasteen OAbedi MChristodoulou CHemmady SSchamiloglu E(2024)Synthetic Electromagnetic Emissions: A New Approach to EMC Compliance Testing2024 IEEE International Symposium on Antennas and Propagation and INC/USNC‐URSI Radio Science Meeting (AP-S/INC-USNC-URSI)10.1109/AP-S/INC-USNC-URSI52054.2024.10687049(905-906)Online publication date: 14-Jul-2024
https://doi.org/10.1109/AP-S/INC-USNC-URSI52054.2024.10687049
Feng JZhao TSarkar SKonrad DJacques TCabric DSehatbakhsh N(2023)Fingerprinting IoT Devices Using Latent Physical Side-ChannelsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962477:2(1-26)Online publication date: 12-Jun-2023
https://doi.org/10.1145/3596247

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents