High-Confidence Computing (Dec 2023)
A novel GPU based Geo-Location Inference Attack on WebGL framework
Abstract
In the past few years, graphics processing units (GPUs) have become an indispensable part of modern computer systems, not only for graphics rendering but also for intensive parallel computing. Given that many tasks running on GPUs contain sensitive information, security concerns have been raised, especially about potential GPU information leakage. Previous works have shown such concerns by showing that attackers can use GPU memory allocations or performance counters to measure victim side effects. However, such an attack has a critical drawback that it requires a victim to install desktop applications or mobile apps yielding it uneasy to be deployed in the real world. In this paper, we solve this drawback by proposing a novel GPU-based side-channel Geo-Privacy inference attack on the WebGL framework, namely, GLINT (stands for Geo-Location Inference Attack). GLINT merely utilizes a lightweight browser extension to measure the time elapsed to render a sequence of frames on well-known map websites, e.g., Google Maps, or Baidu Maps. The measured stream of time series is then employed to infer geologically privacy-sensitive information, such as a search on a specific location. Upon retrieving the stream, we propose a novel online segmentation algorithm for streaming data to determine the start and end points of privacy-sensitive time series. We then combine the DTW algorithm and KNN algorithm on these series to conclude the final inference on a user’s geo-location privacy.We conducted real-world experiments to testify our attack. The experiments show that GeoInfer can correctly infer more than 83% of user searches regardless of the locations and map websites, meaning that our Geo-Privacy inference attack is accurate, practical, and robust. To counter this attack, we implemented a defense strategy based on Differential Privacy to hinder obtaining accurate rendering data. We found that this defense mechanism managed to reduce the average accuracy of the attack model by more than 70%, indicating that the attack was no longer effective. We have fully implemented GLINT and open-sourced it for future follow-up research.