News

Rowhammer attack proposed to be used for device fingerprinting

Security Parrot Editorial Team

Centauri: Scientists Propose Using Rowhammer Attack to Create Unique Device Fingerprints

Scientists from the University of California at Davis have proposed using the Rowhammer attack to create unique “fingerprints” of devices, even if they are devices from the same manufacturer, with identical hardware and software characteristics. The attack created for this purpose was called Centauri by experts.

What is the Rowhammer Attack?

The original Rowhammer attack was invented back in 2014 by experts from Carnegie Mellon University. Its essence boils down to the fact that a certain impact on memory cells can lead to the fact that electromagnetic radiation will affect neighboring cells, and the values ​​of the bits in them will change. Over the years that have passed since then, researchers have managed to prove that a wide variety of memory can be vulnerable to Rowhammer attacks, and they also learned how to exploit the attack through JavaScript, managed to adapt it for attacks on Microsoft Edge and Linux virtual machines. There is also a variation of Rowhammer that is dangerous for Android devices, and the effectiveness of attacks has been improved with the help of video cards. In response, manufacturers have implemented Target Row Refresh (TRR), a combination of various software and hardware fixes created over the years, into their products. Basically, these mechanisms were effective and they were enough to protect the then new DDR4 memory. However, Blacksmith’s fuzzing-based attack, introduced in 2021, proved that Rowhammer attacks even on modern memory are possible and allow bypassing defense mechanisms.

Using Rowhammer for Device Fingerprinting

Typically, device fingerprinting involves compiling a list of software and hardware specifications for a particular device. Each of these characteristics (for example, screen resolution) is considered to represent one bit of entropy. With enough bits of entropy, you can get a value that is likely to be unique within a certain set and work as a unique device identifier.
The Centauri authors write that the same can be extended to memory: checking memory using the Rowhammer attack can reveal the characteristics of the RAM, which can then be used for hardware fingerprinting. The researchers emphasize that when performing Rowhammer attacks, the response of RAM and the distribution of bits that are flipped will be unique to each computer’s memory.
“According to our analysis, Centauri testing on 98 DIMMs in six sets of identical DRAM modules from two manufacturers showed that [this method] can extract high-entropy and stable fingerprints with an overall accuracy of 99.91%,” the researchers write.
At the same time, the attack reaches 99.91% accuracy in about three minutes. Faster fingerprinting is also possible, but at the cost of some loss of precision. So, Centauri can extract a “fingerprint” in just 9.92 seconds, and at the same time the accuracy will deteriorate by only 0.64.
Scientists say they overcame a number of problems while developing Centauri. In particular, they had to figure out how to deal with non-deterministic (unpredictable) bit flips in memory.

Conclusion

The Centauri attack is a novel approach to device fingerprinting, as it uses the Rowhammer attack to extract unique characteristics from RAM. This method is fast and accurate, and can be used to identify devices even if they are from the same manufacturer and have identical hardware and software characteristics.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?