(2022) Browser-based CPU Fingerprinting.
|
Text
paper.pdf Download (396kB) | Preview |
Abstract
Mounting microarchitectural attacks, such as Spectre or Rowhammer, is possible from browsers. However, to be realistically exploitable, they require precise knowledge about microarchitectural properties. While a native attacker can easily query many of these properties, the sandboxed environment in browsers prevents this. In this paper, we present eight side-channel-related benchmarks that reveal CPU properties, such as cache sizes or cache associativities. Our benchmarks are implemented in JavaScript and run in unmodified browsers on multiple platforms. Based on a study with 834 participants using 297 different CPU models, we show that we can infer microarchitectural properties with an accuracy of up to 100%. Combining multiple properties also allows identifying the CPU vendor with an accuracy of 97.5%, and the microarchitecture and CPU model each with an accuracy of above 60%. The benchmarks are unaffected by current side-channel and browser fingerprinting mitigations, and can thus be used for more targeted attacks and to increase the entropy in browser fingerprinting.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Divisions: | Christian Rossow (System Security Group, SysSec) Michael Schwarz (MS) |
| Conference: | ESORICS European Symposium On Research In Computer Security |
| Depositing User: | Leon Trampert |
| Date Deposited: | 12 Aug 2022 11:59 |
| Last Modified: | 26 Aug 2022 06:27 |
| Primary Research Area: | NRA3: Threat Detection and Defenses |
| URI: | https://publications.cispa.saarland/id/eprint/3745 |
Actions
Actions (login required)
 |
View Item |