Undermining User Privacy on Mobile Devices Using AI

Berk Gulmezoglu, Andreas Zankl, M. Caner Tol, Saad Islam, Thomas Eisenbarth, Berk Sunar

Abstract

Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to user privacy. This is because applications leave distinct footprints in the processor, which malware can use to infer user activities. In this work, we show that these inference attacks can greatly be enhanced with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with deep learning methods including convolutional neural networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zero-permission app in well under a minute. The app detects running applications, opened websites, and streaming videos with up to 98% accuracy and a profiling phase of at most 6 seconds. This is possible, as deep learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users.
OriginalspracheEnglisch
TitelProceedings of the 2019 ACM Asia Conference on Computer and Communications Security
Seitenumfang14
ErscheinungsortNew York, NY, USA
Herausgeber (Verlag)ACM
Erscheinungsdatum2019
Seiten214-227
ISBN (Print)978-1-4503-6752-3
DOIs
PublikationsstatusVeröffentlicht - 2019

Fingerprint

Untersuchen Sie die Forschungsthemen von „Undermining User Privacy on Mobile Devices Using AI“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren