Browser-based CPU Fingerprinting

Trampert, Leon and Rossow, Christian and Schwarz, Michael
(2022) Browser-based CPU Fingerprinting.
In: 27th European Symposium on Research in Computer Security (ESORICS) 2022, 26-30 Sep 2022, Copenhagen, Denmark.
Conference: ESORICS European Symposium On Research In Computer Security
(In Press)


Download (396kB) | Preview


Mounting microarchitectural attacks, such as Spectre or Rowhammer, is possible from browsers. However, to be realistically exploitable, they require precise knowledge about microarchitectural properties. While a native attacker can easily query many of these properties, the sandboxed environment in browsers prevents this. In this paper, we present eight side-channel-related benchmarks that reveal CPU properties, such as cache sizes or cache associativities. Our benchmarks are implemented in JavaScript and run in unmodified browsers on multiple platforms. Based on a study with 834 participants using 297 different CPU models, we show that we can infer microarchitectural properties with an accuracy of up to 100%. Combining multiple properties also allows identifying the CPU vendor with an accuracy of 97.5%, and the microarchitecture and CPU model each with an accuracy of above 60%. The benchmarks are unaffected by current side-channel and browser fingerprinting mitigations, and can thus be used for more targeted attacks and to increase the entropy in browser fingerprinting.


Actions (login required)

View Item View Item