A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices

Mobile devices often distribute measurements from a single physical sensor to multiple applications using software-based multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications even if other applications request measurements at lower frequencies. In this paper, we comprehensively demonstrate that this design choice exposes practically exploitable side-channels based on frequency-key shifting. By carefully modulating sensor sampling frequencies in software, we show that unprivileged malicious applications can construct reliable spectral covert channels that bypass existing security mechanisms. Moreover, we present a novel variant that allows an unprivileged malicious observer app to fingerprint other victim applications at a coarse-grained level. Both techniques do not impose any special assumptions beyond accessing standard mobile services from unprivileged applications. As such, our work reports side-channel vulnerabilities that exploit subtle yet insecure design choices in mobile sensor stacks

P2PEdge : A Decentralised, Scalable P2P Architecture for Energy Trading in Real-Time

Author Contributions: Conceptualization, J.K., D.H.-S., R.N.A., B.S. and K.M.; Formal analysis, J.K., D.H.-S. and B.S.; Investigation, J.K.; Methodology, J.K.; Project administration, K.M.; Supervision, K.M. and D.H.-S.; Validation, J.K. and D.H.-S.; Visualization, J.K.; Writing—original draft, J.K.; Writing—review & editing, J.K., K.M., D.H.-S., R.N.A. and B.S. All authors have read and agreed to the published version of the manuscript. Funding: This research received no external funding.Peer reviewedPublisher PD

The evolutionary history of Neanderthal and Denisovan Y chromosomes

Ancient DNA has provided new insights into many aspects of human history. However, we lack comprehensive studies of the Y chromosomes of Denisovans and Neanderthals because the majority of specimens that have been sequenced to sufficient coverage are female. Sequencing Y chromosomes from two Denisovans and three Neanderthals shows that the Y chromosomes of Denisovans split around 700 thousand years ago from a lineage shared by Neanderthals and modern human Y chromosomes, which diverged from each other around 370 thousand years ago. The phylogenetic relationships of archaic and modern human Y chromosomes differ from the population relationships inferred from the autosomal genomes and mirror mitochondrial DNA phylogenies, indicating replacement of both the mitochondrial and Y chromosomal gene pools in late Neanderthals. This replacement is plausible if the low effective population size of Neanderthals resulted in an increased genetic load in Neanderthals relative to modern humans.Q.F. was supported by funding from the Chinese Academy of Sciences (XDB26000000) and the National Natural Science Foundation of China (91731303, 41925009, 41630102). A.R. was funded by Spanish government (MICINN/ FEDER) (grant number CGL2016-75109-P). The reassessment of the Spy collection by H.R., I.C., and P.S. was supported by the Belgian Science Policy Office (BELSPO 2004-2007, MO/36/0112). M.V.S., M.B.K., and A.P.D. were supported by the Russian Foundation for Basic Research (RFBR 17-29-04206). This study was funded by the Max Planck Society and the European Research Council (grant agreement number 694707)

The evolutionary history of Neandertal and Denisovan Y chromosomes

Ancient DNA has allowed the study of various aspects of human history in unprecedented detail. However, because the majority of archaic human specimens preserved well enough for genome sequencing have been female, comprehensive studies of Y chromosomes of Denisovans and Neandertals have not yet been possible. Here we present sequences of the first Denisovan Y chromosomes (Denisova 4 and Denisova 8), as well as the Y chromosomes of three late Neandertals (Spy 94a, Mezmaiskaya 2 and El Sidrón 1253). We find that the Denisovan Y chromosomes split around 700 thousand years ago (kya) from a lineage shared by Neandertal and modern human Y chromosomes, which diverged from each other around 370 kya. The phylogenetic relationships of archaic and modern human Y chromosomes therefore differ from population relationships inferred from their autosomal genomes, and mirror the relationships observed on the level of mitochondrial DNA. This provides strong evidence that gene flow from an early lineage related to modern humans resulted in the replacement of both the mitochondrial and Y chromosomal gene pools in late Neandertals. Although unlikely under neutrality, we show that this replacement is plausible if the low effective population size of Neandertals resulted in an increased genetic load in their Y chromosomes and mitochondrial DNA relative to modern humans.Q.F. was supported by funding from the Chinese Academy of Sciences (XDB26000000), and the National Natural Science Foundation of China (91731303, 41925009,41630102). A.R. was funded by Spanish government (MICINN/FEDER), grant number CGL2016-75109-P. The reassessment of the Spy collection by H.R., I.C. and P.S. was supported by the Belgian Science Policy Office (BELSPO 2004-2007, MO/36/0112). M.S., M.K. and A.D. were supported by the Russian Foundation for Basic Research (RFBR 17-29-04206). This study was funded by the Max Planck Society and the European Research Council (grant agreement number 694707).N

Investigating Black-Box Function Recognition Using Hardware Performance Counters

This paper presents new methods and results for learning information about black-box program functions using hardware performance counters (HPC), where an investigator can only invoke and measure function calls. Important use cases include analysing compiled libraries, e.g. static and dynamic link libraries, and trusted execution environment (TEE) applications. We develop a generic machine learning-based approach to classify a comprehensive set of hardware events, e.g. branch mis-predictions and instruction retirements, to recognise standard benchmarking and cryptographic library functions. This includes various signing, verification and hash functions, and ciphers in numerous modes of operation. Three major architectures are evaluated using off-the-shelf Intel/X86-64, ARM, and RISC-V CPUs. Following this, we develop and evaluate two use cases. Firstly, we show that several known CVE-numbered OpenSSL vulnerabilities can be detected using HPC differences between patched and unpatched library versions. Secondly, we demonstrate that standardised cryptographic functions executing in ARM TrustZone TEE applications can be recognised using non-secure world HPC measurements. High accuracy was achieved in all cases (86.22-99.83%) depending on the application, architectural, and compilation assumptions. Lastly, we discuss mitigations, outstanding challenges, and directions for future research