1 / 17

Defending against Sniffing Attacks on Mobile Phones

Defending against Sniffing Attacks on Mobile Phones . Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen (University of California, Davis) MobiHeld 2009, An ACM SIGCOMM 2009 workshop . Outline. Problem scope How app. Use sensors?

joann
Download Presentation

Defending against Sniffing Attacks on Mobile Phones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen (University of California, Davis) MobiHeld 2009, An ACM SIGCOMM 2009 workshop

  2. Outline • Problem scope • How app. Use sensors? • 3 key modules & Framework • Distinction • Novel solutions • Contribution • Future research

  3. Problem scope • Privacy based on sensors of mobile devices. • Mainly: microphone, camera, and GPS receiver. • Not consider about what attacks have been investigated extensively on desktop computers.

  4. Problem scope • Threat model • Assumption 1: the attacker can install malware on mobile device. • Assumption 2: the attacker have no physical access to compromised mobile device; only via voice or data channels: phone calls, SMS, MMS, TCP connections. • Assumption 3: the attacker cannot compromise the operating system. And if OS is vulnerable, we could move the mechanisms into VM/firmware.

  5. How app. Use sensors? • Dominated by sensors: start, end. • Supported by sensors: start, end. • Context Provided by sensors: continuously. • And a hardware switch might work hard.

  6. 3 key modules • User interaction • Policy engine • Interceptor

  7. Framework

  8. Module 1: Policy Engine & App monitoring • Whitelisting & blacklisting • Information flow tracking(no network) • Airscanner Mobile Sniffer

  9. Module 2: User interaction • User authorization(to sensor) • Sensor in using notification

  10. Module 3: interceptor • Locking – by a daemon program opening it • bad • Blocking – yet have the risk of losing critical data. • Then?

  11. Distinction • Distinctions between sniffing attacks and general malware attacks: • Sensor-sniffing: could use allow but notify approach. • General malware: For the confidentiality of the file may be violated immediately, the approach is inappropriate.

  12. Novel solutions 1: Context-aware • require no user interaction • Location tagging • Activity inference • Disappoints • maybe imprecise • only to certain sensors, e.g., difficult for GPS.

  13. Novel solutions 2: Leveraging • 利用現有的 • E.g.: hangup button & talk button to microphone(hardware).

  14. Novel solutions 3: Through encryption • Ensuring both security and reliable sensory data capture • When the decision is wrong, the sensory data are lost forever; this dilemma might encourage users to always authorize access. • To ensure both • 1. All app. can access the sensors • 2.Encrypt sensory data and save them unless OS determines that the app. is benign(良性) • Disappoint • App. may need to be rewritten.

  15. Contribution • Propose a framework which consists of 3 modules: policy engine, user interaction, interceptor, and explore different mechanisms for each module. • Provide the 3 novel mechanisms.

  16. Future research • Mobile user behavior (to Sol 3) • Algorithms for automatic context inference(to Sol 1) • Operating system primitives(to Mod 1)

  17. Thank for your attention • QA

More Related