Key points are not available for this paper at this time.
Energy consumption trends from reporting interfaces like Running Average Power Limit (RAPL) can be leveraged by remote adversaries to mount software counterparts of power based side-channel attacks. In response to software based power-side channel attacks on Intel processors, countermeasures such as randomizing power readings (i.e. filtering measurements) are deployed in microcode by Intel. In this work, we demonstrate the incompleteness of such randomized filtering. We show that transitive effects of varied power consumption by processors are manifested in forms like heat, and are not covered by Intel's countermeasure. We hence use thermal zone measurements from unprivileged thermal sensors to build side-channels on recent Intel processors. We demonstrate the feasibility of our thermal side-channels in a variety of use-cases. First, we demonstrate how an unprivileged adversary can use coarse-grained thermal zone scoped measurements to fingerprint websites (on Chrome and Tor). Secondly, we use such measurements to also fingerprint deep-neural network architectures. Our findings stress the need to find, evaluate, and filter not just the power measurements but also relevant transitive effects; which may (as in this work) inadvertently open newer exfiltration channels for reopening apparently mitigated attack scenarios.
Mishra et al. (Mon,) studied this question.