微信服务号

微信订阅号

2025年3月25日 22:23 星期二
首页 > 过刊浏览>2019年第30卷第8期 >2392-2414. DOI:10.13328/j.cnki.jos.005760
PDF HTML阅读 XML下载 导出引用 引用提醒
基于Laplace机制的普适运动传感器侧信道防御方案
作者:
作者简介:

唐奔宵(1991-),男,湖北黄石人,博士,CCF学生会员,主要研究领域为Android隐私保护,机器学习;赵磊(1985-),男,博士,副教授,博士生导师,CCF专业会员,主要研究领域为系统安全,软件分析;王丽娜(1964-),女,博士,教授,博士生导师,主要研究领域为系统安全,信息隐藏;陈青松(1995-),男,学士,主要研究领域为移动隐私保护;汪润(1991-),男,博士,主要研究领域为移动设备隐私保护,机器学习.

通讯作者:

王丽娜,E-mail:lnwang@whu.edu.cn

中图分类号:

TP309

基金项目:

国家自然科学基金(61876134,61672394);国家重点研发计划(2016YFB0801100);国家自然科学联合基金(U1536204)


General Side Channel Defense Schema of Motion Sensor Based on Laplace Mechanism
Author:
Fund Project:

National Natural Science Foundation of China (61876134, 61672394); National Key Research and Development Program of China (2016YFB0801100); Programs of Joint Funds of National Natural Science Foundation of China (U1536204)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [53]
    • |
  • 相似文献
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    针对移动设备中运动传感器侧信道的防御研究面临很多困难,已有的解决方案无法有效实现用户体验与防御能力之间的平衡,也难以覆盖各种类型的运动传感器侧信道.为了解决上述问题,系统地分析了运动传感器侧信道攻击的通用模型,针对侧信道构建过程,提出了一种基于差分隐私Laplace机制的传感器信号混淆方案.该方案实施于系统框架层,通过无差别地向传感器信号中实时注入少量受控噪声,干扰侧信道学习"用户行为-设备状态-传感器读数"之间的映射关系.构建了侧信道的通用模型,结合典型的侧信道,从理论层面详细地分析了信号混淆抵抗传感器侧信道攻击的原理,证明防御方案具有优异的普适性、可用性和灵活性,能够有效地对抗实验以外的已知或未知运动传感器侧信道攻击.最后,筛选出11种典型的运动传感器侧信道进行对抗实验,验证了该防御方案对抗实际攻击的有效性.

    Abstract:

    The privacy issue under the motion sensor-based side channel is a fundamental and critical research topic with many challenges. The existing solutions do not solve some significant problems in practice, for example, the protection mechanism should balance user experience with defensive effectiveness. Moreover, extra settings should not be required. As an effort towards this issue, the common pattern of motion sensor-based side-channel attacks is analyzed, and it finds that the key step of these side-channel attacks is learning the mapping relationship among user behavior, device status, and sensor reading. In addition, a protection method is proposed which applies differential privacy scheme and injects random noise to sensor readings indiscriminately to reduce the effect of learning mapping relationship. This defense method is implemented in system framework, thus it is transparent to both users and attackers. Moreover, the mechanism of proposed defense method is analyzed theoretically to demonstrate how this method decrease the attack success rate and prove that this method can work for any other known and unknown motion sensor side-channel attacks. Finally, the proposed schema is evaluated by conducting experiments against 11 typical motion sensor-based side-channel attacks.

    参考文献
    [1] Spreitzer R, Moonsamy V, Korak T, Mangard S. Systematic classification of side-channel attacks:A case study for mobile devices. IEEE Communications Surveys & Tutorials, 2018,20(1):465-488.[doi:10.1109/COMST.2017.2779824]
    [2] Nahapetian A. Side-Channel attacks on mobile and wearable systems. In:Proc. of the Consumer Communications & Networking Conf. Piscataway:IEEE, 2016. 243-247.[doi:10.1109/CCNC.2016.7444763]
    [3] Cai L, Chen H. On the practicality of motion based keystroke inference attack. In:Katzenbeisser S, ed. Proc. of the 5th Int'l Conf. on Trust and Trustworthy Computing. Berlin:Springer-Verlag, 2012. 273-290.[doi:10.1007/978-3-642-30921-2_16]
    [4] Lee YJ. Detection of movement and shake information using android sensor. Advanced Science and Technology Letters, 2015,90:52-56.[doi:10.14257/astl.2015.90.12]
    [5] Shala U, Rodriguez A. Indoor positioning using sensor-fusion in android devices[MS. Thesis]. Kristianstad:Kristianstad University, 2011.
    [6] Das A, Borisov N, Caesar M. Tracking mobile Web users through motion sensors:Attacks and defenses. In:Proc. of the Network and Distributed System Security Symp. Rosten:Internet Society, 2016.[doi:10.14722/ndss.2016.23390]
    [7] Das A, Borisov N, Chou E. Every move you make:Exploring practical issues in smartphone motion sensor fingerprinting and countermeasures. Proc. on Privacy Enhancing Technologies, 2018,2018(1):88-108.[doi:10.1515/popets-2018-0005]
    [8] Dey S, Roy N, Xu W, Choudhury RR, Nelakuditi S. AccelPrint:Imperfections of accelerometers make smartphones trackable. In:Proc. of the Network and Distributed System Security Symp. Rosten:Internet Society, 2014.[doi:10.14722/ndss.2014.23059]
    [9] Tang BX, Wang ZB, Wang R, Zhao L, Wang LN. Niffler:A context-aware and user-independent side-channel attack system for password inference. Wireless Communications and Mobile Computing, 2018,2018:Article ID 4627108.[doi:10.1155/2018/4627108]
    [10] Zhang W, He H, Zhang QZ, Kim T. PhoneProtector:Protecting user privacy on the android-based mobile platform. Int'l Journal of Distributed Sensor Networks, 2014,10(2):1-10.[doi:10.1155/2014/282417]
    [11] Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. Stealing pins via mobile sensors:Actual risk versus user perception. Int'l Journal of Information Security, 2018,17(3):291-313.[doi:10.1007/s10207-017-0369-x]
    [12] Mohamed M, Shrestha B, Saxena N. SMAshed:Sniffing and manipulating android sensor data for offensive purposes. IEEE Trans. on Information Forensics and Security, 2017,12(4):901-913.[doi:10.1109/TIFS.2016.2620278]
    [13] Cai L, Machiraju S, Chen H. Defending against sensor-sniffing attacks on mobile phones. In:Proc. of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds. New York:ACM Press, 2009. 31-36.[doi:10.1145/1592606. 1592614]
    [14] Maiti A, Jadliwala M, He J, Bilogrevic I. (Smart) watch your taps:Side-channel keystroke inference attacks using smartwatches. In:Proc. of the ACM Int'l Symp. on Wearable Computers. New York:ACM Press, 2015. 27-30.[doi:10.1145/2802083.2808397]
    [15] Owusu E, Han J, Das S, Perrig A, Zhang J. ACCessory:Password inference using accelerometers on smartphones. In:Proc. of the 12th Workshop on Mobile Computing Systems & Applications. New York:ACM Press, 2012. 1-6.[doi:10.1145/2162081. 2162095]
    [16] Conti M, Nguyen VTN, Crispo B. CRePE:Context-related policy enforcement for Android. In:Burmester M, ed. Proc. of the 13th Int'l Conf. on Information Security. Berlin:Springer-Verlag, 2010. 331-345.
    [17] Ryu YS, Koh DH, Aday BL, Gutierrez XA, Platt JD. Usability evaluation of randomized keypad. Journal of Usability Studies, 2012, 5(2):65-75.
    [18] Shrestha P, Mohamed M, Saxena N. Slogger:Smashing motion-based touchstroke logging with transparent system noise. In:Proc. of the 9th ACM Conf. on Security & Privacy in Wireless and Mobile Networks. New York:ACM Press, 2016. 67-77.[doi:10. 1145/2939918.2939924]
    [19] Qing SH. Research progress on Android security. Ruan Jian Xue Bao/Journal of Software, 2016,27(1):45-71(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4914.htm[doi:10.13328/j.cnki.jos.004914]
    [20] Dwork C, Mcsherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. In:Halevi S, ed. Proc. of the Theory of Cryptography Conf. Berlin:Springer-Verlag, 2006. 265-284.
    [21] Tang BX, Wang LN, Wang R, Zhao L, Wang DL. A defensive method against android physical sensor-based side-channel attack based on differential privacy. Joural of Computer Research and Development, 2018,55(7):1371-1392(in Chinese with English abstract).[doi:10.7544/issn1000-1239.2018.20170982]
    [22] Wang YJ, Wu JZ, Zeng HT, Ding LP, Liao XF. Covert channel research. Ruan Jian Xue Bao/Journal of Software, 2010,21(9):2262-2288(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3880.htm[doi:10.3724/SP.J.1001.2010.03880]
    [23] Laskov P, Lippmann R. Machine learning in adversarial environments. Machine Learning, 2010,81(2):115-119.[doi:10.1007/s10994-010-5207-6]
    [24] Auer P, Cesa-Bianchi N. On-Line learning with malicious noise and the closure algorithm. Annals of Mathematics & Artificial Intelligence, 1998,23(1-2):83-99.
    [25] Malkin N, Harbach M, De Luca A, Egelman S. The anatomy of smartphone unlocking:Why and how Android users around the world lock their phones. GetMobile:Mobile Computing and Communications, 2016,20(3):42-46.[doi:10.1145/3036699.3036712]
    [26] Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. Touchsignatures:Identification of user touch actions and pins based on mobile sensor data via javascript. Journal of Information Security and Application, 2016,26:23-38.[doi:10.1016/j.jisa.2015.11.007]
    [27] Mehrnezhad M, Toreini E, Shahandashti SF, Hao F. Stealing pins via mobile sensors:Actual risk versus user perception. Int'l Journal of Information Security, 2018,17(3):291-313.[doi:10.1007/s10207-017-0369-x]
    [28] Ping D, Sun X, Mao B. Textlogger:Inferring longer inputs on touch screen using motion sensors. In:Proc. of the 8th ACM Conf. on Security & Privacy in Wireless and Mobile Networks. New York:ACM Press, 2015. No.24.[doi:10.1145/2766498.2766511]
    [29] Miluzzo E, Varshavsky A, Balakrishnan S, Choudhury RR. Tapprints:Your finger taps have fingerprints. In:Proc. of the 10th Int'l Conf. on Mobile Systems, Applications, and Services. New York:ACM Press, 2012. 323-336.[doi:10.1145/2307636.2307666]
    [30] Xu Z, Bai K, Zhu SC. TapLogger:Inferring user inputs on smartphone touchscreens using on-board motion sensors. In:Proc. of the 15th ACM Conf. on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2012. 113-124.[doi:10.1145/2185448.2185465]
    [31] Shen C, Pei SC, Yang ZY, Guan XH. Input extraction via motion sensor behavior analysis on smartphones. Computers & Security, 2015,53:143-155.[doi:10.1016/j.cose.2015.06.013]
    [32] Aviv AJ, Sapp B, Blaze M, Smith JM. Practicality of accelerometer side channels on smartphones. In:Proc. of the 28th Annual Computer Security Applications Conf. New York:ACM Press, 2012. 41-50.[doi:10.1145/2420950.2420957]
    [33] Zheng N, Bai K, Huang H, Wang H. You are how you touch:User verification on smartphones via tapping behaviors. In:Proc. of the IEEE 22nd Int'l Conf. on Network Protocols. Piscataway:IEEE, 2014. 221-232.[doi:10.1109/ICNP.2014.43]
    [34] Peng HC, Long FH, Ding C. Feature selection based on mutual information:Criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. on Pattern Analysis & Machine Intelligence, 2005,27(8):1226-1238.[doi:10.1109/TPAMI.2005.159]
    [35] Liu XH, Li S. An optimized algorithm of decision tree. Ruan Jian Xue Bao/Journal of Software, 1998,9(10):797-800(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/9/797.htm
    [36] Maaten L, Hinton G. Visualizing data using t-SNE. Journal of Machine Learning Research, 2008,9(2008):2579-2605.
    [37] Maaten L. Accelerating t-SNE using tree-based algorithms. Journal of Machine Learning Research, 2014,15(1):3221-3245.
    [38] Bojinov H, Boneh D, Michalevsky Y, Nakibly G. Mobile device identification via sensor fingerprinting. arXiv preprint arXiv:1408.1416, 2014.
    [39] Shen C, Yu T, Yuan S, Guan XH. Performance analysis of motion-sensor behavior for user authentication on smartphones. Sensors, 2016,16(3):345-365.[doi:10.3390/s16030345]
    [40] Cai L, Chen H. TouchLogger:Inferring keystrokes on touch screen from smartphone motion. In:Proc. of the 6th USENIX Workshop on HotSec. New York:ACM Press, 2011. 9-15.
    [41] Noor MFM, Ramsay A, Hughes S, Ogers S, Williamson J, Smith RM. 28 frames later:Predicting screen touches from back-of-device grip changes. In:Proc. of the SIGCHI Conf. on Human Factors in Computing Systems. New York:ACM Press, 2014. 2005-2008.[doi:10.1145/2556288.2557148]
    [42] Negulescu M, Mcgrenere J. Grip change as an information side channel for mobile touch interaction. In:Proc. of the 33rd Annual ACM Conf. on Human Factors in Computing Systems. New York:ACM Press, 2015. 1519-1522.[doi:10.1145/2702123.2702185]
    [43] Marquardt P, Verma A, Carter H, Traynor P. (sp)iPhone:Decoding vibrations from nearby keyboards using mobile phone accelerometers. In:Proc. of the 18th ACM Conf. on Computer and Communications Security. New York:ACM Press, 2011. 551-562.[doi:10.1145/2046707.2046771]
    [44] Luca AD, Hang A, Brudy F, Lindner C, Hussmann H. Touch me once and i know it's you! Implicit authentication based on touch screen patterns. In:Proc. of the SIGCHI Conf. on Human Factors in Computing Systems. New York:ACM Press, 2012. 987-996.[doi:10.1145/2207676.2208544]
    [45] Shahzad M, Liu AX, Samuel A. Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. on Mobile Computing, 2017,16(10):2726-2741.[doi:10.1109/TMC.2016.2635643]
    [46] Liu JY, Zhong L, Wickramasuriya J, Vasudevan V. uWave:Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing, 2009,5(6):657-675.[doi:10.1016/j.pmcj.2009.07.007]
    [47] Andriotis P, Tryfonas T, Oikonomou G, Yildiz C. A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In:Proc. of the 6th ACM Conf. on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2013. 1-6.[doi:10.1145/2462096.2462098]
    [48] Maiti A, Crager K, Jadliwala M, He J, Kwiat K, Kamhoua C. Randompad:Usability of randomized mobile keypads for defeating inference attacks. In:Proc. of the IEEE Euro S&P Workshop on Innovations in Mobile Privacy & Security (IMPS). Piscataway:IEEE, 2016.
    附中文参考文献:
    [19] 卿斯汉.Android安全研究进展.软件学报,2016,27(1):45-71. http://www.jos.org.cn/1000-9825/4914.htm[doi:10.13328/j.cnki.jos. 004914]
    [21] 唐奔宵,王丽娜,汪润,赵磊,王丹磊.基于差分隐私的Android物理传感器侧信道防御方法.计算机研究与发展,2018,55(7):1371-1392.[doi:10.7544/issn1000-1239.2018.20170982]
    [22] 王永吉,吴敬征,曾海涛,丁丽萍,廖晓锋.隐蔽信道研究.软件学报,2010,21(9):2262-2288. http://www.jos.org.cn/1000-9825/3880.htm[doi:10.3724/SP.J.1001.2010.03880]
    [35] 刘小虎,李生.决策树的优化算法.软件学报,1998,9(10):797-800. http://www.jos.org.cn/1000-9825/9/797.htm
    相似文献
    引证文献
引用本文

唐奔宵,王丽娜,汪润,赵磊,陈青松.基于Laplace机制的普适运动传感器侧信道防御方案.软件学报,2019,30(8):2392-2414

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2018-05-21
  • 最后修改日期:2018-09-21
  • 在线发布日期: 2019-04-03
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号