Abstract
In the past few years, graphics processing units (GPUs) have become an indispensable part of modern computer systems, not only for graphics rendering but also for intensive parallel computing. Given that many tasks running on GPUs contain sensitive information, security concerns have been raised, especially about potential GPU information leakage. Previous works have shown such concerns by showing that attackers can use GPU memory allocations or performance counters to measure victim side effects. However, such an attack has a critical drawback that it requires a victim to install desktop applications or mobile apps yielding it uneasy to be deployed in the real world. In this paper, we solve this drawback by proposing a novel GPU-based side-channel Geo-Privacy inference attack on the WebGL framework, namely, GLINT (stands for Geo-Location Inference Attack). GLINT merely utilizes a lightweight browser extension to measure the time elapsed to render a sequence of frames on well-known map websites, e.g., Google Maps, or Baidu Maps. The measured stream of time series is then employed to infer geologically privacy-sensitive information, such as a search on a specific location. Upon retrieving the stream, we propose a novel online segmentation algorithm for streaming data to determine the start and end points of privacy-sensitive time series. We then combine the DTW algorithm and KNN algorithm on these series to conclude the final inference on a user’s geo-location privacy.We conducted real-world experiments to testify our attack. The experiments show that GeoInfer can correctly infer more than 83% of user searches regardless of the locations and map websites, meaning that our Geo-Privacy inference attack is accurate, practical, and robust. To counter this attack, we implemented a defense strategy based on Differential Privacy to hinder obtaining accurate rendering data. We found that this defense mechanism managed to reduce the average accuracy of the attack model by more than 70%, indicating that the attack was no longer effective. We have fully implemented GLINT and open-sourced it for future follow-up research.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.