Catch Me If You Can: Using Power Analysis to Identify HPC Activity

Monitoring users on large computing platforms such as high performance computing (HPC) and cloud computing systems is non-trivial. Utilities such as process viewers provide limited insight into what users are running, due to granularity limitation, and other sources of data, such as system call tracing, can impose significant operational overhead. However, despite technical and procedural measures, instances of users abusing valuable HPC resources for personal gains have been documented in the past \cite{hpcbitmine}, and systems that are open to large numbers of loosely-verified users from around the world are at risk of abuse. In this paper, we show how electrical power consumption data from an HPC platform can be used to identify what programs are executed. The intuition is that during execution, programs exhibit various patterns of CPU and memory activity. These patterns are reflected in the power consumption of the system and can be used to identify programs running. We test our approach on an HPC rack at Lawrence Berkeley National Laboratory using a variety of scientific benchmarks. Among other interesting observations, our results show that by monitoring the power consumption of an HPC rack, it is possible to identify if particular programs are running with precision up to and recall of 95\% even in noisy scenarios

I Know What You Did Last Summer: Your Smart Home Internet of Things and Your iPhone Forensically Ratting You Out

The adoption of smart home Internet of Things (IoT) devices continues to grow. What if your devices can snitch on you and let us know where you are at any given point in time? In this work we examined the forensic artifacts produced by Nest devices, and in specific, we examined the logical backup structure of an iPhone used to control a Nest thermostat, Nest Indoor Camera and a Nest Outdoor Camera. We also integrated the Google Home Mini as another method of controlling the studied Smart Home devices. Our work is the primary account for the examination of Nest artifacts produced by an iPhone, and is also the first open source research to produce a usable forensics tool we name the Forensic Evidence Acquisition and Analysis System (FEAAS). FEAAS consolidates evidentiary data into a readable report that can infer user events (like entering or leaving a home) and what triggered an event (whether it was the Google Assistant through a voice command, or the use of an iPhone application). Our results are important for the advancement of digital forensics, as there are cases starting to emerge in which smart home IoT devices have already been used as culpatory evidence

Modeling Systems Using Side Channel Information

Side channel analysis is the process of examining information leaked by a computing device during use, and leveraging such data to make inferences about various aspects of the system. Historically, side channels have been exploited for malicious purposes, from inferring sensitive data to infringing on the privacy of users. For example, power consumption has been exploited to reveal secret cryptographic keys, and features of wireless network traffic have been leveraged to reveal web browsing activity of a user. The goal of this dissertation is not only to explore the potential of using side channels to determine what types of activity a computing system is engaged in but also study the relationship between the operations performed by the system and the side channel.In this dissertation we present two key concepts: the application of side channel analysis for security and privacy purposes, particularly for monitoring systems, and the development of a model for defining the relationship between side channel information and the operations performed by the system. The empirical studies presented in this dissertation demonstrate that side channel information can be leveraged to monitor the behavior of systems and describe advantages for doing so over alternative methods. In addition, we outline a model that describes how the operations performed by a system are represented in side channel information and how the information loss can be estimated. The goal of these two directions is to expand the understanding of side channels, their benefits and drawbacks, from both a practical point of view as well as theoretical. Our work shows how the outlined model can measure the information loss in side channels while our empirical studies show that despite information being lost, in many cases, side channels contain enough information to successfully monitor the behavior of systems and provide a non-intrusive, minimal impact method for doing so