1,720,979 research outputs found
Security and Privacy Threats on Mobile Devices through Side-Channels Analysis
Full text linkIn recent years, mobile devices (such as smartphones and tablets) have become essential tools in everyday life for billions of people all around the world.
Users continuously carry such devices with them and use them for daily communication activities and social network interactions.
Hence, such devices contain a huge amount of private and sensitive information.
For this reason, mobile devices become popular targets of attacks.
In most attack settings, the adversary aims to take local or remote control of a device to access user sensitive information.
However, such violations are not easy to carry out since they need to leverage a vulnerability of the system or a careless user (i.e., install a malware app from an unreliable source).
A different approach that does not have these shortcomings is the side-channels analysis.
In fact, side-channels are physical phenomenon that can be measured from both inside or outside a device.
They are mostly due to the user interaction with a mobile device, but also to the context in which the device is used, hence they can reveal sensitive user information such as identity and habits, environment, and operating system itself.
Hence, this approach consists of inferring private information that is leaked by a mobile device through a side-channel.
Besides, side-channel information is also extremely valuable to enforce security mechanisms such as user authentication, intrusion and information leaks detection.
This dissertation investigates novel security and privacy challenges on the analysis of side-channels of mobile devices.
This thesis is composed of three parts, each focused on a different side-channel:
(i) the usage of network traffic analysis to infer user private information;
(ii) the energy consumption of mobile devices during battery recharge as a way to identify a user and as a covert channel to exfiltrate data; and
(iii) the possible security application of data collected from built-in sensors in mobile devices to authenticate the user and to evade sandbox detection by malware.
In the first part of this dissertation, we consider an adversary who is able to eavesdrop the network traffic of the device on the network side (e.g., controlling a WiFi access point).
The fact that the network traffic is often encrypted makes the attack even more challenging.
Our work proves that it is possible to leverage machine learning techniques to identify user activity and apps installed on mobile devices analyzing the encrypted network traffic they produce.
Such insights are becoming a very attractive data gathering technique for adversaries, network administrators, investigators and marketing agencies.
In the second part of this thesis, we investigate the analysis of electric energy consumption. In this case, an adversary is able to measure with a power monitor the amount of energy supplied to a mobile device.
In fact, we observed that the usage of mobile device resources (e.g., CPU, network capabilities) directly impacts the amount of energy retrieved from the supplier, i.e., USB port for smartphones, wall-socket for laptops.
Leveraging energy traces, we are able to recognize a specific laptop user among a group and detect intruders (i.e., user not belonging to the group).
Moreover, we show the feasibility of a covert channel to exfiltrate user data which relies on temporized energy consumption bursts.
In the last part of this dissertation, we present a side-channel that can be measured within the mobile device itself.
Such channel consists of data collected from the sensors a mobile device is equipped with (e.g., accelerometer, gyroscope).
First, we present DELTA, a novel tool that collects data from such sensors, and logs user and operating system events.
Then, we develop MIRAGE, a framework that relies on sensors data to enhance sandboxes against malware analysis evasion
DELTA: Data Extraction and Logging Tool for Android
No full textIn the past few years, the use of smartphones has increased exponentially,
and so have the capabilities of such devices. Together with an increase in raw
processing power, modern smartphones are equipped with a wide variety of
sensors and expose an extensive set of API (Accessible Programming Interface).
These capabilities allow us to extract a wide spectrum of data that ranges from
information about the environment (e.g., position, orientation) to user habits
(e.g., which apps she uses and when), as well as about the status of the
operating system itself (e.g., memory, network adapters). This data can be
extremely valuable in many research fields such as user authentication,
intrusion detection and detection of information leaks. For these reasons,
researchers need to use a solid and reliable logging tool to collect data from
mobile devices.
In this paper, we first survey the existing logging tools available on the
Android platform, comparing the features offered by different tools and their
impact on the system, and highlighting some of their shortcomings. Then, we
present DELTA - Data Extraction and Logging Tool for Android, which improves
the existing Android logging solutions in terms of flexibility, fine-grained
tuning capabilities, extensibility, and available set of logging features. We
performed a full implementation of DELTA and we run a thorough evaluation on
its performance. The results show that our tool has low impact on the
performance of the system, on battery consumption, and on user experience.
Finally, we make the DELTA source code and toolset available to the research
community
CovertPower: A Covert Channel on Android Devices Through USB Power Line
No full textAndroid operating system restricts access to data by enabling data control flow and permission systems to reduce the risk of information theft. Therefore, attackers are constantly looking for alternative and stealthy approaches to exfiltrate private data from a targeted device. This paper presents CovertPower, a covert channel attack that exfiltrates user data by actively inducing power consumption on Android devices. At the transmitting end, our CovertPower app modulates binary data into a timed resource workload (e.g., processor, write-on-memory), producing power consumption bursts. On the receiving end, we acquire power consumption traces via a low-cost hardware tool that can be easily concealed in USB wall-socket adapters or powerbanks. Therefore, a signal processing-based decoder analyzes such traces and retrieves the exfiltrated information. We demonstrate the feasibility of our attack with a thorough experimental evaluation on 14 mobile devices and various real-world settings such as display state, ongoing activities, and charging technologies. Our attack achieves a transfer speed of up to 10bps with a high bit sequence similarity on most devices and settings considered
Analyzing Android Encrypted Network Traffic to Identify User Actions
Full text linkMobile devices can be maliciously exploited to violate the privacy of people. In most attack scenarios, the adversary takes the local or remote control of the mobile device, by leveraging a vulnerability of the system, hence sending back the collected information to some remote web service. In this paper, we consider a different adversary, who does not interact actively with the mobile device, but he is able to eavesdrop the network traffic of the device from the network side (e.g., controlling a Wi-Fi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. In this paper, we investigate to what extent such an external attacker can identify the specific actions that a user is performing on her mobile apps. We design a system that achieves this goal using advanced machine learning techniques. We built a complete implementation of this system, and we also run a thorough set of experiments, which show that our attack can achieve accuracy and precision higher than 95%, for most of the considered actions. We compared our solution with the three state-of-the-art algorithms, and confirming that our system outperforms all these direct competitors
- …
