arXiv:1611.03748v1
e7az7vG
e7az7vG
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Fingerprinting devices [102]<br />
SIDE-CHANNEL VECTOR<br />
Logical<br />
Properties<br />
(SW)<br />
Physical<br />
Properties<br />
(HW)<br />
Physical<br />
Properties<br />
(HW)<br />
Power analysis [31]<br />
EM analysis [33] EM analysis [60]<br />
NAND mirroring [119]<br />
Laser/optical [116]<br />
Clock/power glitch [113]<br />
WiFi signal monitoring [63] Speech recognition [109]<br />
Reflections/hands [41]<br />
Soundcomber [110]<br />
Smudges [35]<br />
Temperature variation [120]<br />
EMFI [114]<br />
Network traffic analysis [57]<br />
User identification [61]<br />
Data-usage statistics [15]<br />
Page deduplication [68]<br />
procfs leaks [25]<br />
Cache attacks [78]<br />
Location inference [104]<br />
Fingerprinting devices [97]<br />
Sensor-based keyloggers [10]<br />
Rowhammer [126]<br />
Active Passive<br />
MODE OF ATTACK<br />
Logical<br />
Properties<br />
(SW)<br />
Network traffic analysis [122]<br />
Chip Device Wire/Communication Software Web<br />
ATTACKER<br />
Local<br />
Scope of smartcard attacks<br />
Scope of cloud attacks<br />
Vicinity<br />
Remote<br />
Passive attacks<br />
Active attacks<br />
Figure 6. Classification of side-channel attacks: (1) active vs passive, (2) logical properties vs physical properties, (3) local vs vicinity vs remote.<br />
has already been impressively exploited to gain root access<br />
on Android devices [126]. Although software-induced fault<br />
attacks have not been investigated extensively in the past,<br />
we expect further research to be conducted in this context.<br />
Exploiting Physical and Logical Properties. In contrast<br />
to physical properties, logical properties (software<br />
features) do not result from any physical interaction with<br />
the device, but due to dedicated features provided via<br />
software. While traditional side-channel attacks mostly exploited<br />
physical properties and required dedicated equipment,<br />
more recent side-channel attacks exploit physical<br />
properties as well as logical properties. Interestingly, the<br />
immense number of sensors in smartphones also allows<br />
to exploit physical properties by means of software-only<br />
attacks, which was not possible on smartcards. Although the<br />
majority of attacks on mobile devices still exploits physical<br />
properties, the exploitation of logical properties also receives<br />
increasing attention. Especially the procfs seems to provide<br />
an almost inexhaustible source for possible information<br />
leaks. For example, the memory footprint released via the<br />
procfs has been used infer visited websites [25], or the<br />
number of context switches has been used to infer swipe<br />
input [12]. Besides, information that is available via official<br />
APIs is in some cases also available via the procfs like, e.g.,<br />
the data-usage statistics that have been exploited to infer a<br />
user’s identity [15] and to infer visited websites [26].<br />
Empty Areas. As can be observed, a few areas in this<br />
categorization system are not (yet) covered. For instance,<br />
there is currently no active side-channel attack that exploits<br />
logical properties (software features) to induce faults.<br />
However, by considering existing passive attacks, one could<br />
come up with more advanced attacks by introducing an<br />
13