RAM-ramming Rowhammer is back – to uniquely fingerprint devices
Just use it sparingly, as it may crash equipment or burn out memory
Boffins at the University of California, Davis have devised a purportedly practical way to apply a memory abuse technique called Rowhammer to build unique, stable device fingerprints.
UC Davis researchers Hari Venugopalan, Kaustav Goswami, Zainul Abi Din, Jason Lowe-Power, Samuel King, and Zubair Shafiq have found they can use Rowhammer to create device fingerprints in a brief amount of time that are unique and unchanging, even when the devices come from the same maker, with identical hardware and software configurations.
They call their fingerprinting technique Centauri.
Device fingerprinting generally involves cataloging a device's software and hardware characteristics. Each of these characteristics (e.g. screen resolution or manufacturer) is said to represent one bit of entropy. With enough bits of entropy, you get a value that's highly likely to be unique among a specific set and thus functions as a unique identifier.
And this, we're told, can be extended to memory: Rowhammer-style probing can reveal characteristics of RAM that can be used to fingerprint hardware. The key thing to understand here is that when performing Rowhammer-like attacks on memory, the way the RAM reacts and the distribution of bits that flip is unique to each computer's memory, and that can be used to fingerprint the machine.
"Our evaluation of Centauri on 98 DIMMs across six sets of identical DRAM modules from two manufacturers showed that it can extract high entropy and stable fingerprints with an overall accuracy of 99.91 percent while being robust and efficient," they claimed [PDF].
Their approach, they say, is potentially useful for fraud detection. However, they acknowledge the system does have some flaws – it could crash fingerprinted devices or wear out their memory modules for example.
First proposed in 2014, Rowhammer is a way to induce memory errors in modern DRAM chips by repeatedly "hammering" rows of memory cells with a burst of read or write operations.
Doing so can flip bits – turning a capacitor on or off – in a particular memory address by repeatedly accessing adjacent memory addresses. Essentially, the technique creates electrical interference between rows of memory cells that leads to memory corruption.
Rowhammer is generally not a practical attack when the context involves running arbitrary code on the victim's device. If that's the threat scenario, there are easier options to hijack or interfere with a computer once you're already running your own arbitrary code on it.
But it has elicited some concern as a way to take over a victim's virtual machine in a cloud environment, even with a memory defense called Target Row Refresh (TRR), via an attack called Blacksmith. Rowhammer has also been used to develop a not particularly speedy browser-based attack called Smash.
Centauri doesn't measure attributes of this sort. Rather it looks at contiguous 2MB chunks of memory addresses for a unique set of flipped bits when a Rowhammer attack takes place. The distribution of those flipped bits help fingerprint the device.
The computer scientists overcame a number of challenges to make their approach work. They had to figure out how to handle bit flips being non-deterministic (unpredictable) across memory chunks, how to deal with memory allocation constraints to ensure they could access the same chunks of memory repeatedly, and how to implement established techniques for bypassing Rowhammer memory defenses (TRR).
Centauri is the first technique to demonstrate the extraction of unique and stable fingerprints on the largest scale using Rowhammer
"Centauri is the first technique to demonstrate the extraction of unique and stable fingerprints on the largest scale using Rowhammer while overcoming practical limitations enforced by the operating system and by Rowhammer mitigations such as TRR," they explain.
Centauri as prototyped involves running native code on the user's desktop, but the researchers believe it can be adapted to run from a web app in a browser. A few extra steps would be required: those trying to record memory fingerprints would have to infer the user's microarchitecture using Rowhammer.js and use the Smash attack to create the necessary patterns to trigger bit flips. After that, Centauri could be applied.
The native-code attack involves three phases: a templating phase, in which memory is probed with the Blacksmith fuzzer to identify bit flip patterns that can be used to evade TRR; a hammering phase, in which bits are flipped; and a matching phase, in which the fingerprints extracted are compared with reference data to create a probability distribution for each capacitor to flip within a memory chunk.
Based on the observation that the distribution of bit flips in a 2MB chunk of memory is both highly unique and consistent, the researchers created their fingerprint from these distributions.
"From the information recorded in the hammering phase, we identify the relative positions and counts of the capacitors that flipped within the contiguous 2MB chunk (indexed from 0 to 1,048,576 in case of 1Rx8 DIMMs)," the boffins explain. "We then use these counts to create an empirical probability distribution for each capacitor to flip within the chunk."
- When the world ends, all that will be left are cockroaches and new Rowhammer attacks: RAM defenses broken again
- Complexity has broken computer security, says academic who helped spot Meltdown and Spectre flaws
- Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc
The researchers claim Centauri can achieve accuracy of 99.91 percent, though that takes about three minutes. An expedited fingerprint is possible at the expense of some accuracy.
"Centauri is able to extract a fingerprint in as little as 9.92 seconds, reducing the overhead by more than 95.01 percent while degrading accuracy by just 0.64," they state in their paper.
One possible use of this sort of fingerprinting is fraud detection – eg: spotting bots. A computer that attempts to pretend to be multiple machines would be revealed by its unique fingerprint. But there's a catch.
"Centauri’s promise in detecting fraudsters comes with a non-zero risk to benign users," the researchers admit. "While triggering bit flips to extract fingerprints, Centauri could accidentally crash a user’s device by flipping a sensitive bit reserved for the OS. In our experience, however, we see that such occurrences are extremely rare."
To avoid this, the boffins propose having operating system vendors ensure that memory allocated to the operating system isn't physically adjacent to that reserved for other applications.
"Another risk presented by Centauri is that it could wear out memory modules if it is used to constantly trigger bit flips for fingerprinting," they explain.
"Centauri’s approach of triggering bit flips with fewer accesses to aggressors helps mitigate this concern. Such concerns can also be mitigated by only employing other fingerprinting techniques for the common cases and sparingly employing Centauri to only handle the critical cases." ®