By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
OpenAI may use Associated Press archive for AI training
July 14, 2023
EU users can hold conversations with Google Bard from training set
July 14, 2023
Aptos, the new default font for Microsoft Office
July 14, 2023
BlackLotus UEFI bootkit sources published on GitHub
July 14, 2023
Hackers from the XDSpy cyber-espionage group attacked Russian organizations on behalf of the Ministry of Emergency Situations
July 14, 2023
Aa
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Reading: Rowhammer attack proposed to be used for device fingerprinting
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > Rowhammer attack proposed to be used for device fingerprinting
News

Rowhammer attack proposed to be used for device fingerprinting

Last updated: 2023/07/09 at 4:36 AM
Security Parrot Editorial Team Published July 9, 2023
Share
SHARE

Centauri: Scientists Propose Using Rowhammer Attack to Create Unique Device Fingerprints

Scientists from the University of California at Davis have proposed using the Rowhammer attack to create unique “fingerprints” of devices, even if they are devices from the same manufacturer, with identical hardware and software characteristics. The attack created for this purpose was called Centauri by experts.

What is the Rowhammer Attack?

The original Rowhammer attack was invented back in 2014 by experts from Carnegie Mellon University. Its essence boils down to the fact that a certain impact on memory cells can lead to the fact that electromagnetic radiation will affect neighboring cells, and the values ​​of the bits in them will change. Over the years that have passed since then, researchers have managed to prove that a wide variety of memory can be vulnerable to Rowhammer attacks, and they also learned how to exploit the attack through JavaScript, managed to adapt it for attacks on Microsoft Edge and Linux virtual machines. There is also a variation of Rowhammer that is dangerous for Android devices, and the effectiveness of attacks has been improved with the help of video cards. In response, manufacturers have implemented Target Row Refresh (TRR), a combination of various software and hardware fixes created over the years, into their products. Basically, these mechanisms were effective and they were enough to protect the then new DDR4 memory. However, Blacksmith’s fuzzing-based attack, introduced in 2021, proved that Rowhammer attacks even on modern memory are possible and allow bypassing defense mechanisms.

Using Rowhammer for Device Fingerprinting

Typically, device fingerprinting involves compiling a list of software and hardware specifications for a particular device. Each of these characteristics (for example, screen resolution) is considered to represent one bit of entropy. With enough bits of entropy, you can get a value that is likely to be unique within a certain set and work as a unique device identifier.
The Centauri authors write that the same can be extended to memory: checking memory using the Rowhammer attack can reveal the characteristics of the RAM, which can then be used for hardware fingerprinting. The researchers emphasize that when performing Rowhammer attacks, the response of RAM and the distribution of bits that are flipped will be unique to each computer’s memory.
“According to our analysis, Centauri testing on 98 DIMMs in six sets of identical DRAM modules from two manufacturers showed that [this method] can extract high-entropy and stable fingerprints with an overall accuracy of 99.91%,” the researchers write.
At the same time, the attack reaches 99.91% accuracy in about three minutes. Faster fingerprinting is also possible, but at the cost of some loss of precision. So, Centauri can extract a “fingerprint” in just 9.92 seconds, and at the same time the accuracy will deteriorate by only 0.64.
Scientists say they overcame a number of problems while developing Centauri. In particular, they had to figure out how to deal with non-deterministic (unpredictable) bit flips in memory.

Conclusion

The Centauri attack is a novel approach to device fingerprinting, as it uses the Rowhammer attack to extract unique characteristics from RAM. This method is fast and accurate, and can be used to identify devices even if they are from the same manufacturer and have identical hardware and software characteristics.

Weekly Updates For Our Loyal Readers!

Security Parrot Editorial Team July 9, 2023
Share this Article
Facebook Twitter Email Copy Link Print

Archives

  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • February 2023
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

You Might Also Like

News

OpenAI may use Associated Press archive for AI training

July 14, 2023
News

EU users can hold conversations with Google Bard from training set

July 14, 2023
News

Aptos, the new default font for Microsoft Office

July 14, 2023
News

BlackLotus UEFI bootkit sources published on GitHub

July 14, 2023

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • Parrot Media Group
  • Privacy Policy
  • Terms and Conditions
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?