Researchers at the University of California Davis have developed a groundbreaking technique for creating unique, stable device fingerprints using a memory abuse method known as" Rowhammer." The team, consisting of Hari Venugopalan, Zainul Abi Din, Samuel King, Kaustav Goswami, Jason Lowe-Power, and Zubair Shafiq, has termed the new fingerprinting technique 'Centauri.'
Typically, device fingerprinting involves generating a comprehensive list of hardware and software information. Each characteristic signifies a bit of entropy. A sufficient number of entropy bits can yield unique values, functioning as unique identifiers. Previous research using the Rowhammer technique underscored its potential to reveal and utilize RAM characteristics for hardware identification and fingerprinting.
The Centauri technique takes this a step further, extracting device fingerprints at high speed yet achieving impressive stability and uniqueness.
"Our evaluation of Centauri on 98 DIMMs across six sets of identical DRAM modules from two manufacturers showed that it can extract high entropy and stable fingerprints with an overall accuracy of 99.91 percent while being robust and efficient," said the research team.
The scientists contend that Centauri has significant potential for detecting fraud or uncovering tampering with a device's hardware or software configuration. However, the fingerprinting process could cause devices to crash or exhaust their memory modules.
Rowhammer, the technique underpinning the Centauri research, was introduced in 2014 as a method to induce errors in DRAM chips through intense read/write operations. This "hammering" of memory cells can cause bits to flip and lead to memory corruption. Despite its effectiveness, more practical, less harmful methods exist for compromising a computer, especially when the attacker already has remote code execution privileges.
Centauri examines adjacent 2MB memory address chunks for distinct sets of flipped bits during a Rowhammer attack. This distribution analysis aids in the device's fingerprinting.
"Centauri is the first technique to demonstrate the extraction of unique and stable fingerprints on the largest scale using Rowhammer while overcoming practical limitations enforced by the operating system and by Rowhammer mitigations such as TRR," the scientists said.
Currently, the technique requires running native code on the target machine's desktop. Still, the research team is optimistic about future applications, such as the potential to operate through a web-based application in a browser.
The Centauri approach consists of three phases: a templating phase, where the "Blacksmith "fuzzer probes memory to identify bit flip patterns that can sidestep Rowhammer mitigation; a hammering phase that flips the bits; and a matching phase, where actual fingerprinting takes place through comparison with reference data.
According to the researchers, Centauri could be pivotal in identifying fraud, such as detecting bots that simulate multiple machines. However, the technique carries the risk of crashing a user's device by flipping a sensitive, OS-reserved bit. While the researchers deem this occurrence rare, they recommend that OS vendors ensure their allocated memory isn't physically adjacent to memory reserved for other applications.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024