nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Detecting Android Side Channel Probing Attacks Based on System States

verfasst von : Qixiao Lin, Jian Mao, Futian Shi, Shishi Zhu, Zhenkai Liang

Erschienen in: Wireless Algorithms, Systems, and Applications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Side channels are actively exploited by attackers to infer users’ privacy from publicly-available information on Android devices, where attackers probe the states of system components (e.g., CPU and memory), APIs, and device sensors (e.g., gyroscope and microphone). These information can be accessed by applications without any additional permission. As a result, traditional permission-based solutions cannot efficiently prevent/detect these probing attacks. In this paper, we systematically analyze the Android side-channel probing attacks, and observe that the high frequency sensitive data collecting operations from a malicious app caused continuous changes of its process states. Based on this observation, we propose SideGuard, a process-state-based approach to detect side-channel probing attacks. It monitors the process states of the applications and creates the corresponding behavior models described by feature vectors. Based on the application behavior models, we train and obtain classifiers to detect malicious app behaviors by using learning-based classification techniques. We prototyped and evaluated our approach. The experiment results demonstrate the effectiveness of our approach.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Spatiotemporal Feature Extraction for Pedestrian Re-identification

Nächstes Kapitel Online DAG Scheduling with On-Demand Function Configuration in Edge Computing

Share of Android OS of global smartphone shipments from 1st quarter 2011 to 2nd quarter 2018. https://www.statista.com/statistics/236027/global-smartphone-os-market-share-of-android/. Accessed 3 Mar 2019

Babil, G.S., Mehani, O., Boreli, R., Kaafar, M.A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: 2013 International Conference on Security and Cryptography (SECRYPT), pp. 1–8. IEEE (2013)

Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11, 9 (2011)

Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICST, vol. 152, pp. 427–435. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23829-6_29

Chen, Q.A., Qian, Z., Mao, Z.M.: Peeking into your app without actually seeing it: UI state inference and novel android attacks. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 1037–1052 (2014)

Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014). https://doi.org/10.1145/2619091

Hemminki, S., Nurmi, P., Tarkoma, S.: Accelerometer-based transportation mode detection on smartphones. In: Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, p. 13. ACM (2013). https://doi.org/10.1145/2517351.2517367

Ho, B.J., Martin, P., Swaminathan, P., Srivastava, M.: From pressure to path: Barometer-based vehicle tracking. In: Proceedings of the 2nd ACM International Conference on Embedded Systems for Energy-Efficient Built Environments, pp. 65–74. ACM (2015). https://doi.org/10.1145/2821650.2821665

Jana, S., Shmatikov, V.: Memento: learning secrets from process footprints. In: 2012 IEEE Symposium on Security and Privacy, pp. 143–157. IEEE (2012). https://doi.org/10.1109/SP.2012.19

10.

Liang, Y., Cai, Z., Han, Q., Li, Y.: Deep learning based inference of private information using embedded sensors in smart devices. IEEE Netw. Mag. 32(4), 8–14 (2018)

11.

Marforio, C., Ritzdorf, H., Francillon, A., Capkun, S.: Analysis of the communication between colluding applications on modern smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 51–60. ACM (2012). https://doi.org/10.1145/2420950.2420958

12.

Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 1053–1067 (2014)

13.

Michalevsky, Y., Schulman, A., Veerapandian, G.A., Boneh, D., Nakibly, G.: PowerSpy: location tracking using mobile device power analysis. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 785–800 (2015)

14.

Narain, S., Vo-Huu, T.D., Block, K., Noubir, G.: Inferring user routes and locations using zero-permission mobile sensors. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 397–413. IEEE (2016). https://doi.org/10.1109/SP.2016.31

15.

Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012). https://doi.org/10.1145/2162081.2162095

16.

Ping, D., Sun, X., Mao, B.: TextLogger: inferring longer inputs on touch screen using motion sensors. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 24. ACM (2015). https://doi.org/10.1145/2766498.2766511

17.

Spreitzer, R., Kirchengast, F., Gruss, D., Mangard, S.: Procharvester: fully automated analysis of procfs side-channel leaks on android. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 749–763. ACM (2018). https://doi.org/10.1145/3196494.3196510

18.

Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2018). https://doi.org/10.1109/TIFS.2017.2737970

19.

Yan, L., Guo, Y., Chen, X., Mei, H.: A study on power side channels on mobile devices. In: Proceedings of the 7th Asia-Pacific Symposium on Internetware, pp. 30–38. ACM (2015). https://doi.org/10.1145/2875913.2875934

20.

Zhang, L., Cai, Z., Wang, X.: Fakemask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)

21.

Zhang, N., Yuan, K., Naveed, M., Zhou, X., Wang, X.: Leave me alone: app-level protection against runtime information gathering on android. In: 2015 IEEE Symposium on Security and Privacy, pp. 915–930. IEEE (2015). https://doi.org/10.1109/SP.2015.61

22.

Zhou, X., et al.: Identity, location, disease and more: inferring your secrets from android public resources. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1017–1028. ACM (2013). https://doi.org/10.1145/2508859.2516661

Titel: Detecting Android Side Channel Probing Attacks Based on System States
verfasst von: Qixiao Lin
Jian Mao
Futian Shi
Shishi Zhu
Zhenkai Liang
Verlag: Springer International Publishing
Buch: Wireless Algorithms, Systems, and Applications
Print ISBN: 978-3-030-23596-3

Electronic ISBN: 978-3-030-23597-0

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-23597-0_16

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner