Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic Emanations
Pages 660 - 673
Abstract
External disks (abbr., disks) are common data storage peripherals for hosts. Verifying the disk’s legitimacy is crucial to prevent security issues on a host like privacy leakage and virus propagation before interaction setup. To address this issue, we propose DiskPrint, a novel non-intrusive and replay-resistant disk authentication system that relies on unintentional electromagnetic (EM) emanations from disks’ internal components. The core idea of DiskPrint is that EM signals emitted during data writing can reflect hardware discrepancies among different disks. Based on electromagnetic principles, we establish a theoretical model associating EM signals with built-in electronic components to demonstrate the feasibility of extracting disk fingerprints from such EM emanations. We also propose a series of signal enhancement methods to remove the EM interface and improve the signal-to-noise ratio (SNR) of the EM measurements. To boost the security of DiskPrint, we propose a device-agnostic replay-resistant method by introducing randomness into leaked EM signals. Real-world experiments with 60 disks including hard disk drives (HDDs) and solid state drives (SSDs) from seven brands and 14 models indicate that DiskPrint achieves a 99%+ authentication success rate. Robustness analysis demonstrates DiskPrint’s stability over time. Security study shows its ability to defend against various attacks.
References
[1]
3dBi SubG Antenna. 2023. 3dBi Antenna. https://store.rakwireless.com/products/3-dbi-lora-antenna.
[2]
Zhongjie Ba, Sixu Piao, Xinwen Fu, Dimitrios Koutsonikolas, Aziz Mohaisen, and Kui Ren. 2018. ABC: Enabling Smartphone Authentication with Built-in Camera. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society. https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_03B-3_Ba_paper.pdf
[3]
Sebastian Biedermann, Stefan Katzenbeisser, and Jakub Szefer. 2015. Hard drive side-channel attacks using smartphone magnetic field sensors. In International Conference on Financial Cryptography and Data Security. Springer, 489–496.
[4]
Encyclopaedia Britannica. 2023. Maxwell’s equation. https://www.britannica.com/science/Maxwells-equations.
[5]
Robert Callan, Alenka Zajić, and Milos Prvulovic. 2015. FASE: Finding amplitude-modulated side-channel emanations. ACM SIGARCH Computer Architecture News 43, 3S (2015), 592–603.
[6]
CHRISTIAN CAWLEY. 2018. 5 Ways Data Can Be Stolen From Your PC or Network. https://www.makeuseof.com/tag/how-data-gets-stolen/.
[7]
Yushi Cheng, Xiaoyu Ji, Juchuan Zhang, Wenyuan Xu, and Yi-Chao Chen. 2019. DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS).
[8]
COM-POWER. 2023. EMI And EMC Testing. https://www.com-power.com/blog/why-emi-emc-testing-necessary.
[9]
Casey Crane. 2021. What Is a Device Certificate? Device Certificates Explained. https://www.thesslstore.com/blog/what-is-a-device-certificate-device-certificates-explained/.
[10]
Patrick Cronin, Xing Gao, Haining Wang, and Chase Cotton. 2022. Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
[11]
Boris Danev, Davide Zanetti, and Srdjan Capkun. 2012. On physical-layer identification of wireless devices. Comput. Surveys 45, 1 (2012), 6:1–6:29.
[12]
Dian Ding, Lanqing Yang, Yi-Chao Chen, and Guangtao Xue. 2021. Leakage or Identification: Behavior-irrelevant User Identification Leveraging Leakage Current on Laptops. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 4 (2021), 152:1–152:23. https://doi.org/10.1145/3494984
[13]
Mohammad Ebrahimabadi, Mohamed Younis, Wassila Lalouani, and Naghmeh Karimi. 2021. A novel modeling-attack resilient arbiter-PUF design. In Proceedings of the International Conference on VLSI Design and 2021 20th International Conference on Embedded Systems (VLSID).
[14]
Jason Franklin and Damon McCoy. 2006. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proceedings of the USENIX Security Symposium.
[15]
Fanglu Guo and Tzi-cker Chiueh. 2005. Sequence Number-Based MAC Address Spoof Detection. In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID).
[16]
Yi Han, Sriharsha Etigowni, Hua Liu, Saman A. Zonouz, and Athina P. Petropulu. 2017. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS).
[17]
Computer Hope. 2022. Serial number. https://www.computerhope.com/jargon/v/vendorid.htm.
[18]
Omar Adel Ibrahim, Savio Sciancalepore, Gabriele Oligeri, and Roberto Di Pietro. 2021. MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions. ACM Transactions on Embedded Computing Systems (TECS) 20, 1 (2021), 8:1–8:26.
[19]
Foresight Intelligent. 2023. Foresight low noise amplifier (FST-RFAMP02). https://m.tb.cn/h.UrzGmIQ?tk=ipnmd9AHgeC.
[20]
Rich Kolko. 2021. New, out-of-the-box, external hard drives could steal your data. https://winknews.com/2021/01/11/new-out-of-the-box-external-hard-drives-could-steal-your-data/.
[21]
Ho Seong Lee, Dong Hoon Choi, Kyuhong Sim, and Jong-Gwan Yook. 2018. Information recovery using electromagnetic emanations from display devices under realistic environment. IEEE Transactions on Electromagnetic Compatibility 61, 4 (2018), 1098–1106.
[22]
Jianwei Liu, Wenfan Song, Leming Shen, Jinsong Han, Xian Xu, and Kui Ren. 2021. MandiPass: Secure and Usable User Authentication via Earphone IMU. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS).
[23]
Jianwei Liu, Xiang Zou, Jinsong Han, Feng Lin, and Kui Ren. 2020. BioDraw: Reliable Multi-Factor User Authentication with One Single Finger Swipe. In Proceedings of the IEEE/ACM International Symposium on Quality of Service (IWQoS).
[24]
Jianwei Liu, Xiang Zou, Leqi Zhao, Yusheng Tao, Sideng Hu, Jinsong Han, and Kui Ren. 2022. Privacy Leakage in Wireless Charging. IEEE Transactions on Dependable and Secure Computing (TDSC) (2022).
[25]
Zhuoran Liu, Niels Samwel, Leo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, and Martha A. Larson. 2021. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).
[26]
RVE Lovelace, JM Sutton, and EE Salpeter. 1969. Digital search methods for pulsars. Nature 222 (1969), 231–233.
[27]
Dominik Christian Maier, Henrik Erb, Patrick Mullan, and Vincent Haupert. 2020. Camera Fingerprinting Authentication Revisited. In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID).
[28]
Len Luet Ng, Kim Ho Yeap, Magdalene Wan Ching Goh, and Veerendra Dakulagi. 2022. Power Consumption in CMOS Circuits. In Electromagnetic Field in Advancing Science and Technology. IntechOpen.
[29]
Kim Thuat Nguyen, Maryline Laurent, and Nouha Oualha. 2015. Survey on secure communication protocols for the Internet of Things. Ad Hoc Networks 32 (2015), 17–31.
[30]
Michael Ossmann. 2021. HackRF One. https://greatscottgadgets.com/hackrf/one/.
[31]
Pierluigi Paganini. 2014. How cybercrime exploits digital certificates. https://resources.infosecinstitute.com/topic/cybercrime-exploits-digital-certificates/.
[32]
Hong Pan, Mohsen Azimi, Guoqing Gui, Fei Yan, and Zhibin Lin. 2018. Vibration-based support vector machine for structural health monitoring. In Experimental Vibration Analysis for Civil Structures: Testing, Sensing, Monitoring, and Control 7. Springer, 167–178.
[33]
Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 2007. 802.11 user fingerprinting. In Proceedings of the Annual International Conference on Mobile Computing and Networking (MobiCom).
[34]
Jeong Hoon Park, Sang Jin Kim, Jeong Ho Lee, Chang Joon Yoo, Hyo Jin Kang, Byung Cheol Lee, and Jae Goan Jeong. 2016. Effect of CoSi2 formation process on CMOS transistor electrical properties for sub-100-nm memory applications. ECS Journal of Solid State Science and Technology 5, 5 (2016), P264.
[35]
RANDY. 2022. Can an External Hard Drive Get A Virus?https://whatsabyte.com/can-external-hard-drive-get-virus/.
[36]
RebellionResearch. 2023. What are the advantages and disadvantages of random forest?https://www.rebellionresearch.com/what-are-the-advantages-and-disadvantages-of-random-forest.
[37]
Doug Rollins. 2012. An Overview of SSD Write Caching. https://static.spiceworks.com/attachments/post/0013/5918/ssd_write_caching_tech_brief_lo.pdf.
[38]
Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).
[39]
Sudip Sengupta. 2022. What is Password Attack. https://crashtest-security.com/password-attack/.
[40]
Cheng Shen, Tian Liu, Jun Huang, and Rui Tan. 2021. When LoRa Meets EMR: Electromagnetic Covert Channels Can Be Super Resilient. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
[41]
Riccardo Spolaor, Hao Liu, Federico Turrin, Mauro Conti, and Xiuzhen Cheng. 2023. Plug and Power: Fingerprinting USB Powered Peripherals via Power Side-channel. In IEEE INFOCOM 2023 - IEEE Conference on Computer Communications, New York City, NY, USA, May 17-20, 2023. IEEE, 1–10. https://doi.org/10.1109/INFOCOM53939.2023.10229048
[42]
Hyuk Sun, Kazuki Sobue, Koichi Hamashita, Tejasvi Anand, and Un-Ku Moon. 2019. A 951-fs rms period jitter 3.2% modulation range in-band modulation spread-spectrum clock generator. IEEE Journal of Solid-State Circuits 55, 2 (2019), 426–438.
[43]
Kuniyasu Suzaki, Yohei Hori, Kazukuni Kobara, and Mohammad Mannan. 2019. DeviceVeil: Robust Authentication for Individual USB Devices Using Physical Unclonable Functions. In 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Portland, OR, USA, June 24-27, 2019. IEEE, 302–314. https://doi.org/10.1109/DSN.2019.00041
[44]
TheHack.com.br. 2019. Hackers Attack Uber Vendor Leaking Some User Credentials. https://blog.axur.com/en/credential-leaks-how-they-work-and-why-you-should-be-concerned.
[45]
Vijay. 2023. Top 11 Best External Hard Disk. https://www.softwaretestinghelp.com/best-external-hard-disk/.
[46]
Ge Wang, Haofan Cai, Chen Qian, Jinsong Han, Xin Li, Han Ding, and Jizhong Zhao. 2018. Towards Replay-resilient RFID Authentication. In Proceedings of the Annual International Conference on Mobile Computing and Networking (MobiCom).
[47]
Ge Wang, Haofan Cai, Chen Qian, Jinsong Han, Shouqian Shi, Xin Li, Han Ding, Wei Xi, and Jizhong Zhao. 2020. Hu-Fu: Replay-Resilient RFID Authentication. IEEE/ACM Transactions on Networking (TON) 28, 2 (2020), 547–560.
[48]
Wikipedia. 2023. Median Absolute Deviation. https://en.wikipedia.org/wiki/Median_absolute_deviation.
[49]
Wikipedia. 2023. Microprocessor chronology. https://en.wikipedia.org/wiki/Microprocessor_chronology.
[50]
Wikipedia. 2023. Password. https://en.wikipedia.org/wiki/Password.
[51]
Wikipedia. 2023. Serial number. https://en.wikipedia.org/wiki/Serial_number.
[52]
Weiye Xu, Wenfan Song, Jianwei Liu, Yajie Liu, Xin Cui, Yuanqing Zheng, Jinsong Han, Xinhuai Wang, and Kui Ren. 2022. Mask does not matter: anti-spoofing face authentication using mmWave without on-site registration. In Proceedings of the Annual International Conference on Mobile Computing and Networking (Mobicom).
[53]
Lanqing Yang, Yi-Chao Chen, Hao Pan, Dian Ding, Guangtao Xue, Linghe Kong, Jiadi Yu, and Minglu Li. 2020. MagPrint: Deep Learning Based User Fingerprinting Using Electromagnetic Signals. In 39th IEEE Conference on Computer Communications, INFOCOM 2020, Toronto, ON, Canada, July 6-9, 2020. IEEE, 696–705. https://doi.org/10.1109/INFOCOM41043.2020.9155534
[54]
Ting-Fang Yen, Yinglian Xie, Fang Yu, Roger Peng Yu, and Martín Abadi. 2012. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).
[55]
Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. 2014. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS).
Index Terms
- Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic Emanations
Recommendations
Intra-disk Parallelism: An Idea Whose Time Has Come
Server storage systems use a large number of disks to achieve high performance, thereby consuming a significant amount of power. In this paper, we propose to significantly reduce the power consumed by such storage systems via intra-disk parallelism, ...
Intra-disk Parallelism: An Idea Whose Time Has Come
ISCA '08: Proceedings of the 35th Annual International Symposium on Computer ArchitectureServer storage systems use a large number of disks to achieve high performance, thereby consuming a significant amount of power. In this paper, we propose to significantly reduce the power consumed by such storage systems via intra-disk parallelism, ...
A multiple-file write scheme for improving write performance of small files in Fast File System
Fast File System (FFS) stores files to disk in separate disk writes, each of which incurs a disk positioning (seek + rotation) limiting the write performance for small files. We propose a new scheme called co-writing to accelerate small file writes in ...
Comments
Information & Contributors
Information
Published In
September 2024
719 pages
ISBN:9798400709593
DOI:10.1145/3678890
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 September 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- ``Pioneer' and ``Leading Goose' R\&D Program of Zhejiang
- Postdoctoral Fellowship Program of CPSF
- National Natural Science Foundation of China
Conference
RAID '24
RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses
September 30 - October 2, 2024
Padua, Italy
Acceptance Rates
RAID '24 Paper Acceptance Rate 43 of 173 submissions, 25%;
Overall Acceptance Rate 43 of 173 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 166Total Downloads
- Downloads (Last 12 months)166
- Downloads (Last 6 weeks)24
Reflects downloads up to 08 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in