Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 13556))
Included in the following conference series:
3023Accesses
Abstract
Mounting microarchitectural attacks, such as Spectre or Rowhammer, is possible from browsers. However, to be realistically exploitable, they require precise knowledge about microarchitectural properties. While a native attacker can easily query many of these properties, the sandboxed environment in browsers prevents this. In this paper, we present six side-channel-related benchmarks that reveal CPU properties, such as cache sizes or cache associativities. Our benchmarks are implemented in JavaScript and run in unmodified browsers on multiple platforms. Based on a study with 834 participants using 297 different CPU models, we show that we can infer microarchitectural properties with an accuracy of up to 100%. Combining multiple properties also allows identifying the CPU vendor with an accuracy of 97.5%, and the microarchitecture and CPU model each with an accuracy of above 60%. The benchmarks are unaffected by current side-channel and browser fingerprinting mitigations, and can thus be used for more targeted attacks and to increase the entropy in browser fingerprinting.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agarwal, A., et al.: Spook.js: Attacking chrome strict site isolation via speculative execution (2022)
Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup Est machina: memory deduplication as an advanced exploitation vector. In: S &P (2016)
Canella, C., et al.: Leaking Data on Meltdown-resistant CPUs. In: CCS (2019)
Canella, C., et al.: A Systematic Evaluation of Transient Execution Attacks and Defenses. In: USENIX Security Symposium, extended classification tree and PoCs (2019).https://transient.fail/
Cao, Y., Li, S., Wijmans, E.: Browser Fingerprinting via OS and Hardware Level Features. In: NDSS (2017)
Easdon, C., Schwarz, M., Schwarzl, M., Gruss, D.: Rapid Prototyping for Microarchitectural Attacks. In: USENIX Security (2022)
Eckersley, P.: How unique is your web browser? In: PETS (2010)
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS (2016)
Gras, B., Razavi, K.: ASLR on the Line: Practical Cache Attacks on the MMU. In: NDSS (2017)
Gruss, D., Bidner, D., Mangard, S.: Practical memory deduplication attacks in sandboxed javascript. In: ESORICS (2015)
Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript. In: DIMVA (2016)
Handley, M.: M1 Exploration - v0.70 (2021)
Herath, N., Fogh, A.: These are Not Your Grand Daddys CPU Performance Counters - CPU Hardware Performance Counters for Security. In: Black Hat Briefings (2015)
Intel: Intel 64 and IA-32 Architectures Optimization Reference Manual (2019)
Kim, Y., et al.: Flipping Bits in Memory Without Accessing Them: an Experimental Study of DRAM Disturbance Errors. In: ISCA (2014)
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: S &P (2019)
Kohlbrenner, D., Shacham, H.: Trusted browsers for uncertain times. In: USENIX Security Symposium (2016)
Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey. In: ACM Transactions on the Web (2020)
Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: S &P (2016)
Lipp, M., et al.: Meltdown: reading Kernel memory from user space. In: USENIX Security Symposium (2018)
Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting information in JavaScript implementations. In: W2SP (2011)
Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: W2SP (2012)
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In: Security and privacy (SP) (2013)
Olejnik, L., Englehardt, S., Narayanan, A.: Battery status not included: assessing privacy in web standards. In: Workshop on Privacy Engineering (IWPE) (2017)
Payer, M.: HexPADS: a platform to detect "stealth" attacks. In: ESSoS (2016)
Pedregosa, F., et al.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res.12, pp. 2825–2830 (2011)
Ragab, H., Milburn, A., Razavi, K., Bos, H., Giuffrida, C.: CrossTalk: speculative data leaks across cores are real. In: S &P (2021)
Röttger, S.: Escaping the Chrome Sandbox with RIDL (2020).https://googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html
Saito, T., et al.: Estimating CPU features by browser fingerprinting. In: International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS) (2016)
Saito, T., Yasuda, K., Tanabe, K., Takahashi, K.: Web browser tampering: Inspecting CPU features from side-channel information. In: International Conference on Broad-Band Wireless Computing, Communication and Applications, BWCCA (2017)
Sanchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting. In: CCS (2018)
van Schaik, S., et al.: RIDL: Rogue In-flight Data Load. In: S &P (2019)
Schwarz, M., Lackner, F., Gruss, D.: Javascript template attacks: automatically inferring host information for targeted exploits. In: NDSS (2019)
Schwarz, M., Lipp, M., Gruss, D.: Javascript zero: real javascript and zero side-channel attacks. In: NDSS (2018)
Schwarz, M., et al.: ZombieLoad: cross-privilege-boundary data sampling. In: CCS (2019)
Schwarz, M., Maurice, C., Gruss, D., Mangard, S.: fantastic timers and where to find them: high-resolution microarchitectural attacks in javascript. In: FC (2017)
Schwarzl, M., et al.: Dynamic process isolation.arXiv:2110.04751 (2021)
Shusterman, A., Agarwal, A., O’Connell, S., Genkin, D., Oren, Y., Yarom, Y.: Prime+probe 1, javascript 0: overcoming browser-based side-channel defenses. In: USENIX Security Symposium (2021)
Röttger, S., Janc, A.: A Spectre proof-of-concept for a Spectre-proof web (2021).https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
Van Bulck, J., et al.: LVI: hijacking transient execution through microarchitectural load value injection. In: S &P (2020)
Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: Fp-stalker: Tracking browser fingerprint evolutions. In: S &P (2018)
Vila, P., Köpf, B., Morales, J.: Theory and practice of finding eviction sets. In: S &P (2019)
VUSec: RIDL test suite and exploits (GitHub) (2020).https://github.com/vusec/ridl
Wang, H., Sayadi, H., Sasan, A., Rafatirad, S., Homayoun, H.: Hybrid-shield: accurate and efficient cross-layer countermeasure for run-time detection and mitigation of cache-based side-channel attacks. In: ICCAD (2020)
Acknowledgments
We would like to thank all participants of our study. This work has been supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) - 491039149. We further thank the Saarbrücken Graduate School of Computer Science for their funding and support.
Author information
Authors and Affiliations
CISPA Helmholtz Center for Information Security, Saarbrücken, SL, Germany
Leon Trampert, Christian Rossow & Michael Schwarz
- Leon Trampert
You can also search for this author inPubMed Google Scholar
- Christian Rossow
You can also search for this author inPubMed Google Scholar
- Michael Schwarz
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toLeon Trampert.
Editor information
Editors and Affiliations
Rutgers University, Newark, NJ, USA
Vijayalakshmi Atluri
Hamad Bin Khalifa University, Doha, Qatar
Roberto Di Pietro
Technical University of Denmark, Kongens Lyngby, Denmark
Christian D. Jensen
Technical University of Denmark, Kongens Lyngby, Denmark
Weizhi Meng
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Trampert, L., Rossow, C., Schwarz, M. (2022). Browser-Based CPU Fingerprinting. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham. https://doi.org/10.1007/978-3-031-17143-7_5
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-031-17142-0
Online ISBN:978-3-031-17143-7
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative