Executive Powers: Deanonymizing User Web Traffic via AC Power Analysis Shane S. Clark 1 , Jacob Sorber 2 , Kevin Fu 1 , and Erik Learned-Miller 1 1 Computer Science Department, University of Massachusetts Amherst 2 Institute for Security, Technology, and Society, Dartmouth College November 16, 2011 Abstract Many otherwise secure systems are vulnerable to side channel attacks. By analyzing unintended outputs in the RF, optical, power, or other domains, attackers can re- cover sensitive material such as cryptographic keys or the contents of a display. In this work we identify a novel side channel, AC power. Rather than measure the electrical power drawn by individual system components, we con- sider the information leaked in the aggregate power signa- ture of a system, which reflects all system activities and is subject to high volumes of noise. Using measurements of a PC’s system-wide power consumption gathered at a wall outlet, we demonstrate that sensitive information leaks via this channel. In our preliminary experiments, we are able to identify which webpage a user is viewing based only on changes in power consumption as a result of download and rendering. We also develop three classifiers to iden- tify unique fingerprints produced by loading a given page. The current results show that we can successfully identify which webpage a user navigates to from a known corpus with ∼82% accuracy. We also propose defenses against our attacks and a number of extensions to our work that could improve matching results. 1 Introduction The security subdiscipline of side channel analysis is the study of private information leaked by the physical im- plementation of an otherwise secure system. The first public analysis of security risks based on side channels was published by Wim van Eck in 1985 [25], but declas- sified documents and other sources indicate that multiple government intelligence organizations have been aware of such risks since at least the 1960s [18, 27, 7]. Side chan- nels explored by the academic community include: tim- ing [23, 13], power consumption [14], electromagnetic radiation [9, 7, 25, 26, 18, 16, 17], optical eavesdrop- ping [15, 2], and fault injection [3]. Side channels are typically attacked via unintended outputs from the chan- nel carrying a sensitive signal. In this work we examine one of the lesser known side channels: AC power from the wall outlet and partially quantify the sensitive information that it leaks. The AC power channel is compelling because it is an easily acces- sible attack vector compared to those addressed in prior work, some of which require dissolving layers of a chip with acids or precisely measuring a small portion of a mi- croprocessor using an electromagnetic probe and a high- frequency oscilloscope [22, 9]. The AC power channel is also becoming more appealing as computer hardware de- velops. The introduction of ever more intelligent and effi- cient power savings modes has the potential to drastically increase the signal-to-noise ratio on the channel by re- ducing unnecessary background power consumption [11]. The key question addressed in this work is the extent to which user privacy can be compromised by AC power channel attacks. 1