More Web Proxy on the site http://driver.im/

research-article

Public Access

Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side Channel

Authors:

Mohammad A. Islam,

Kiran Ranganath,

Shaolei RenAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 2, Issue 1

Article No.: 6, Pages 1 - 33

https://doi.org/10.1145/3179409

Published: 03 April 2018 Publication History

Abstract

The common practice of power infrastructure oversubscription in data centers exposes dangerous vulnerabilities to well-timed power attacks (i.e., maliciously timed power loads to overload the infrastructure capacity), possibly creating outages and resulting in multimillion-dollar losses. In this paper, we focus on the emerging threat of power attacks in a multi-tenant data center, where a malicious tenant (i.e., attacker) aims at compromising the data center availability through power attacks. We discover a novel acoustic side channel resulting from servers' cooling fan noise, which can help the attacker time power attacks at the moments when benign tenants' power usage is high. Concretely, we exploit the acoustic side channel by: (1) employing a high-pass filter to filter out the air conditioner's noise; (2) applying non-negative matrix factorization with sparsity constraint to demix the received aggregate noise and detect periods of high power usage by benign tenants; and (3) designing a state machine to guide power attacks. We run experiments in a practical data center environment as well as simulation studies, and demonstrate that the acoustic side channel can assist the attacker with detecting more than 50% of all attack opportunities, representing state-of-the-art timing accuracy.

References

[1]

NRDC, "Scaling up energy efficiency across the data center industry: Evaluating key drivers and barriers," Issue Paper, Aug. 2014.

[2]

M. A. Islam, H. Mahmud, S. Ren, and X. Wang, "Paying to save: Reducing cost of colocation data center via rewards," in HPCA, 2015.

[3]

"Colocation market - worldwide market forecast and analysis (2013 - 2018)," http://www.marketsandmarkets.com/ResearchInsight/colocation.asp.

[4]

Apple, "Environmental responsibility report," 2016.

[5]

Colocation America, "Data center standards (Tiers I-IV)," 2017, https://www.colocationamerica.com/data-center/tier-standards-overview.htm.

[6]

Telecommunications Industry Association, "Data center standards overview," TIA 942, 2005 (amended in 2014).

[7]

W. P. Turner, J. H. Seader, and K. G. Brill, "Tier classifications define site infrastructure performance," Uptime Institute White Paper 17, 2006.

[8]

S. Pelley, D. Meisner, P. Zandevakili, T. F. Wenisch, and J. Underwood, "Power routing: Dynamic power provisioning in the data center," in ASPLOS, 2010.

Digital Library

[9]

A. Greenberg, J. Hamilton, D. A. Maltz, and P. Patel, "The cost of a cloud: Research problems in data center networks," SIGCOMM Comput. Commun. Rev., vol. 39, Dec. 2008.

Digital Library

[10]

Q. Wu, Q. Deng, L. Ganesh, C.-H. R. Hsu, Y. Jin, S. Kumar, B. Li, J. Meza, and Y. J. Song, "Dynamo: Facebook's data center-wide power management system," in ISCA, 2016.

Digital Library

[11]

M. A. Islam, X. Ren, S. Ren, A. Wierman, and X. Wang, "A market approach for handling power emergencies in multi-tenant data center," in HPCA, 2016.

[12]

Hornbaker Group, "Determining kilowatt capacity of data center space," http://www.hornbakergroup.com/pdf/Considerations-when-leasing-Data-Center-space-by-the-kilowatt.pdf.

[13]

United States District Court, "Layton v. Terremark North America, LLC," 2014.

[14]

C. Li, Z. Wang, X. Hou, H. Chen, X. Liang, and M. Guo, "Power attack defense: Securing battery-backed data centers," in ISCA, 2016.

Digital Library

[15]

S. Govindan, D. Wang, A. Sivasubramaniam, and B. Urgaonkar, "Leveraging stored energy for handling power emergencies in aggressively provisioned datacenters," in ASPLOS, 2012.

Digital Library

[16]

Ponemon Institute, "2016 cost of data center outages," 2016, http://goo.gl/6mBFTV.

[17]

Emerson Network Power, "Addressing the leading root causes of downtime," 2013, http://goo.gl/b14XaF.

[18]

Reuters, "British Airways $100M outage was caused by worker pulling wrong plug," Jun. 02 2017.

[19]

365DataCenters, "Master services agreement," http://www.365datacenters.com/master-services-agreement/.

[20]

Internap, "Colocation services and SLA," http://www.internap.com/internap/wp-content/uploads/2014/06/Attachment-3-Colocation-Services-SLA.pdf.

[21]

Z. Xu, H. Wang, Z. Xu, and X. Wang, "Power attack: An increasing threat to data centers," in NDSS, 2014.

[22]

M. A. Islam, S. Ren, and A. Wierman, "Exploiting a thermal side channel for power attacks in multi-tenant data centers," in CCS, 2017.

Digital Library

[23]

M. A. Islam, S. Ren, and A. Wierman, "A first look at power attacks in multi-tenant data centers," in GreenMetrics, 2017.

[24]

Mohammad A. Islam, "Server noise trace," https://sites.google.com/site/mdatiqislam1985/server_noise_trace.

[25]

Uptime Institute, "Tier certifications," https://uptimeinstitute.com/TierCertification/.

[26]

G. Wang, S. Wang, B. Luo, W. Shi, Y. Zhu, W. Yang, D. Hu, L. Huang, X. Jin, and W. Xu, "Increasing large-scale data center capacity by statistical power control," in EuroSys, 2016.

Digital Library

[27]

Z. Liu, Y. Chen, C. Bash, A. Wierman, D. Gmach, Z. Wang, M. Marwah, and C. Hyser, "Renewable and cooling aware workload management for sustainable data centers," in SIGMETRICS, 2012.

Digital Library

[28]

J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and ddos defense mechanisms," SIGCOMM Comput. Commun. Rev., vol. 34, pp. 39--53, Apr. 2004.

Digital Library

[29]

S. Yu, Y. Tian, S. Guo, and D. O. Wu, "Can we beat ddos attacks in clouds?," IEEE Transactions on Parallel and Distributed Systems, vol. 25, pp. 2245--2254, September 2014.

[30]

Raritan, "Data center power overload protection," White Paper, 2016.

[31]

Y. Sverdlik, "Verizon data center outage delays JetBlue flights," in DataCenterKnowledge, January 2016.

[32]

C. E. P. Dell, "Dell enterprise acoustics," 2011, https://www.dell.com/downloads/global/products/pedge/en/acoustical-education-dell-enterprise-white-paper.pdf.

[33]

I. Manousakis, I. n. Goiri, S. Sankar, T. D. Nguyen, and R. Bianchini, "Coolprovision: Underprovisioning datacenter cooling," in SoCC, 2015.

Digital Library

[34]

D. L. Moss, "Dynamic control optimizes facility airflow delivery," Dell White Paper, March 2012.

[35]

The New York Blower Company, "Fan laws and system curves," http://www.nyb.com/pdf/Catalog/Letters/EL-02.pdf.

[36]

R. H. Lyon and A. E. Bergles, "Noise and cooling in electronics packages," IEEE Transactions on Components and Packaging Technologies, vol. 29, no. 3, pp. 535--542, 2006.

[37]

Dell Product Group - Server Engineering, "Cooling options for thermal control in dell poweredge servers," 2015, http://en.community.dell.com/techcenter/extras/m/white_papers/20441060/download.

[38]

myNoise: Custom Background Noise Machines, "Data center server room noise generator," https://mynoise.net/NoiseMachines/dataCenterNoiseGenerator.php.

[39]

V. Zarzoso and A. Nandi, "Blind source separation," in Blind Estimation Using Higher-Order Statistics, pp. 167--252, Springer, 1999.

[40]

H. Laurberg and L. K. Hansen, "On Affine Non-negative Matrix Factorization," in ICASSP, 2007.

[41]

J. Eggert and E. Korner, "Sparse coding and NMF," in IJCNN, 2004.

[42]

P. Paatero and U. Tapper, "Positive matrix factorization: A non-negative factor model with optimal utilization of error estimates of data values," Environmetrics, vol. 5, no. 2, pp. 111--126, 1994.

[43]

D. D. Lee and H. S. Seung, "Algorithms for non-negative matrix factorization," in NIPS, 2001.

Digital Library

[44]

D. D. Lee and H. S. Seung, "Learning the parts of objects by non-negative matrix factorization," Nature, vol. 401, no. 6755, p. 788, 1999.

[45]

P. O. Hoyer, "Non-negative sparse coding," in NNSP, 2002.

[46]

EdgeConnex, http://www.edgeconnex.com/.

[47]

D. G. Feitelson, D. Tsafrir, and D. Krakov, "Experience with using the parallel workloads archive," Journal of Parallel and Distributed Computing, vol. 74, no. 10, pp. 2967--2982, 2014.

[48]

Parallel Workloads Archive, http://www.cs.huji.ac.il/labs/parallel/workload/.

[49]

X. Fan, W.-D. Weber, and L. A. Barroso, "Power provisioning for a warehouse-sized computer," in ISCA, 2007.

Digital Library

[50]

NENS, "How to reduce the noise from your servers," 2017, https://www.nens.com/reduce-noise-servers/.

[51]

S. Li, T. Abdelzaher, and M. Yuan, "Tapa: Temperature aware power allocation in data center with map-reduce," in IGCC, 2011.

[52]

Z. Wang, C. Bash, N. Tolia, M. Marwah, X. Zhu, and P. Ranganathan, "Optimal fan speed control for thermal management of servers," in InterPACK, (Berkeley, CA, USA), 2009.

[53]

L. Li, W. Zheng, X. D. Wang, and X. Wang, "Coordinating liquid and free air cooling with workload allocation for data center power minimization," in ICAC, 2014.

[54]

D. Wang, C. Ren, A. Sivasubramaniam, B. Urgaonkar, and H. Fathy, "Energy storage in datacenters: what, where, and how much?," in SIGMETRICS, 2012.

Digital Library

[55]

D. S. Palasamudram, R. K. Sitaraman, B. Urgaonkar, and R. Urgaonkar, "Using batteries to reduce the power costs of internet-scale distributed networks," in SoCC, 2012.

Digital Library

[56]

M. Guri, Y. A. Solewicz, A. Daidakulov, and Y. Elovici, "Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers," CoRR, vol. abs/1606.05915, 2016.

[57]

S.-J. Moon, V. Sekar, and M. K. Reiter, "Nomad: Mitigating arbitrary cloud side channels via provider-assisted migration," in CCS, 2015.

Digital Library

[58]

C. Wang, N. Nasiriani, G. Kesidis, B. Urgaonkar, Q. Wang, L. Y. Chen, A. Gupta, and R. Birke, "Recouping energy costs from cloud tenants: Tenant demand response aware pricing design," in eEnergy, 2015.

Digital Library

[59]

N. Nasiriani, C. Wang, G. Kesidis, B. Urgaonkar, L. Y. Chen, and R. Birke, "On fair attribution of costs under peak-based pricing to cloud tenants," in MASCOTS, 2015.

Digital Library

[60]

N. Chen, X. Ren, S. Ren, and A. Wierman, "Greening multi-tenant data center demand response," in IFIP Performance, 2015.

Digital Library

[61]

Z. Liu, I. Liu, S. Low, and A. Wierman, "Pricing data center demand response," in SIGMETRICS, 2014.

Digital Library

[62]

CRN, "Npd group: Top 8 server brands of 2016 q2," http://www.crn.com/slide-shows/storage/300081644/npd-group-top-8-server-brands-of-2016-q2.htm.

[63]

HyperPhysics, "Inverse square law, sound," http://hyperphysics.phy-astr.gsu.edu/hbase/Acoustic/invsqs.html.

Cited By

Sheldon JZhu WAbdullah ABhupathiraju SSugawara TButler KIslam MRampazzi S(2024)AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00201(331-349)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00201
Hou XLi CYang JZheng WLiang XGuo M(2022)Integrated Power Anomaly Defense: Towards Oversubscription-Safe Data CentersIEEE Transactions on Cloud Computing10.1109/TCC.2020.300145410:3(1875-1887)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TCC.2020.3001454
Gao XXiao JWang HStavrou A(2022)Understanding the Security Implication of Aborting Virtual Machine Live MigrationIEEE Transactions on Cloud Computing10.1109/TCC.2020.298290010:2(1275-1286)Online publication date: 1-Apr-2022
https://doi.org/10.1109/TCC.2020.2982900
Show More Cited By

Index Terms

Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side Channel
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

The power capacity of multi-tenant data centers is typically oversubscribed in order to increase the utilization of expensive power infrastructure. This practice can create dangerous situations and compromise data center availability if the designed ...
Ohm's Law in Data Centers: A Voltage Side Channel for Timing Power Attacks
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Maliciously-injected power load, a.k.a. power attack, has recently surfaced as a new egregious attack vector for dangerously compromising the data center availability. This paper focuses on the emerging threat of power attacks in a multi-tenant ...
Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side Channel
SIGMETRICS '18

The common practice of power infrastructure oversubscription in data centers exposes dangerous vulnerabilities to well-timed power attacks (i.e., maliciously timed power loads), possibly creating outages and resulting in multimillion-dollar losses. In ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 2, Issue 1

March 2018

603 pages

EISSN:2476-1249

DOI:10.1145/3203302

Editors:
Augustin Chaintreau
Columbia University
,
Aditya Akella
University of Wisconsin-Madison
,
Adam Wierman
California Institute of Technology

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 April 2018

Published in POMACS Volume 2, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
490
Total Downloads

Downloads (Last 12 months)110
Downloads (Last 6 weeks)15

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sheldon JZhu WAbdullah ABhupathiraju SSugawara TButler KIslam MRampazzi S(2024)AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00201(331-349)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00201
Hou XLi CYang JZheng WLiang XGuo M(2022)Integrated Power Anomaly Defense: Towards Oversubscription-Safe Data CentersIEEE Transactions on Cloud Computing10.1109/TCC.2020.300145410:3(1875-1887)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TCC.2020.3001454
Gao XXiao JWang HStavrou A(2022)Understanding the Security Implication of Aborting Virtual Machine Live MigrationIEEE Transactions on Cloud Computing10.1109/TCC.2020.298290010:2(1275-1286)Online publication date: 1-Apr-2022
https://doi.org/10.1109/TCC.2020.2982900
Liang YGao XSun KXiong WWang H(2022)An Investigation on Data Center Cooling Systems Using FPGA-based Temperature Side Channels2022 41st International Symposium on Reliable Distributed Systems (SRDS)10.1109/SRDS55811.2022.00015(46-57)Online publication date: Sep-2022
https://doi.org/10.1109/SRDS55811.2022.00015
Pothukuchi RPothukuchi SVoulgaris PSchwing ATorrellas JMartínez JDuato JJohn L(2021)MayaProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00074(888-901)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00074
Malla SChristensen K(2020)The effect of server energy proportionality on data center power oversubscriptionFuture Generation Computer Systems10.1016/j.future.2019.10.021104(119-130)Online publication date: Mar-2020
https://doi.org/10.1016/j.future.2019.10.021
Shao ZIslam MRen S(2019)A First Look at Thermal Attacks in Multi-Tenant Data CentersACM SIGMETRICS Performance Evaluation Review10.1145/3305218.330525446:2(93-94)Online publication date: 17-Jan-2019
https://dl.acm.org/doi/10.1145/3305218.3305254
Islam MYang LRanganath KRen S(2018)Why Some Like It LoudACM SIGMETRICS Performance Evaluation Review10.1145/3292040.321964546:1(70-72)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3292040.3219645
Islam MRen SLie DMannan MBackes MWang X(2018)Ohm's Law in Data CentersProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243744(146-162)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243744
Islam MYang LRanganath KRen SPsounis KAkella AWierman A(2018)Why Some Like It LoudAbstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems10.1145/3219617.3219645(70-72)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3219617.3219645

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents