Indoor localization using device sensors: A threat to privacy

IF 1.9 4区计算机科学 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Microprocessors and Microsystems Pub Date : 2024-03-06 DOI:10.1016/j.micpro.2024.105041

Hitesh Verma , Smita Naval , Balaprakasa Rao Killi , Vinod P.

{"title":"Indoor localization using device sensors: A threat to privacy","authors":"Hitesh Verma , Smita Naval , Balaprakasa Rao Killi , Vinod P.","doi":"10.1016/j.micpro.2024.105041","DOIUrl":null,"url":null,"abstract":"<div><p>The localization techniques used in today’s smartphone are mainly based on Global Positioning System (GPS). However, GPS Sensors cannot work properly under in-door and underground locations. Therefore, many applications utilize device sensors such as accelerometer, gyrometer, and magnetometer for indoor localization. In this paper, we present a misuse case of how device sensors can be used to exploit the privacy of a user by geo-tracking. We propose an attack model through which the user location can be compromised without using the GPS sensors. The proposed attack model comprises of two stages. The first stage consists of deployment of the malicious application on the users’ smart-phones and gathering the information of various sensors in the background. The collected sensor data is uploaded to the malicious cloud server set up by the adversary. The second stage consists of pre-processing the sensor data received from the malicious cloud server and plot the user’s trajectory onto a graph in real-time. The proposed attack model is evaluated by developing two applications. The victim application tracks location, direction, and trajectory of the user without any location permission from the user. The proposed model achieves an accuracy of 98% without using special infrastructure and separate training phase. Further, we have discussed three mitigation schemes, which can be adapted by the Android developers in order to protect the user’s privacy.</p></div>","PeriodicalId":49815,"journal":{"name":"Microprocessors and Microsystems","volume":"106 ","pages":"Article 105041"},"PeriodicalIF":1.9000,"publicationDate":"2024-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Microprocessors and Microsystems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S014193312400036X","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The localization techniques used in today’s smartphone are mainly based on Global Positioning System (GPS). However, GPS Sensors cannot work properly under in-door and underground locations. Therefore, many applications utilize device sensors such as accelerometer, gyrometer, and magnetometer for indoor localization. In this paper, we present a misuse case of how device sensors can be used to exploit the privacy of a user by geo-tracking. We propose an attack model through which the user location can be compromised without using the GPS sensors. The proposed attack model comprises of two stages. The first stage consists of deployment of the malicious application on the users’ smart-phones and gathering the information of various sensors in the background. The collected sensor data is uploaded to the malicious cloud server set up by the adversary. The second stage consists of pre-processing the sensor data received from the malicious cloud server and plot the user’s trajectory onto a graph in real-time. The proposed attack model is evaluated by developing two applications. The victim application tracks location, direction, and trajectory of the user without any location permission from the user. The proposed model achieves an accuracy of 98% without using special infrastructure and separate training phase. Further, we have discussed three mitigation schemes, which can be adapted by the Android developers in order to protect the user’s privacy.

查看原文本刊更多论文

使用设备传感器进行室内定位：对隐私的威胁

当今智能手机使用的定位技术主要基于全球定位系统（GPS）。然而，GPS 传感器无法在室内和地下位置正常工作。因此，许多应用利用加速计、陀螺仪和磁力计等设备传感器进行室内定位。在本文中，我们提出了一个滥用案例，说明如何利用设备传感器通过地理跟踪来侵犯用户隐私。我们提出了一种攻击模型，通过这种模型，可以在不使用 GPS 传感器的情况下泄露用户位置。所提出的攻击模型包括两个阶段。第一阶段包括在用户的智能手机上部署恶意应用程序，并在后台收集各种传感器的信息。收集到的传感器数据被上传到敌方设置的恶意云服务器。第二阶段包括对从恶意云服务器接收到的传感器数据进行预处理，并将用户的轨迹实时绘制到图形上。通过开发两个应用程序来评估所提出的攻击模型。受害者应用程序在未获得用户任何定位许可的情况下跟踪用户的位置、方向和轨迹。在不使用特殊基础设施和单独训练阶段的情况下，所提出的模型达到了 98% 的准确率。此外，我们还讨论了三种缓解方案，安卓开发人员可对其进行调整，以保护用户隐私。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Microprocessors and Microsystems 工程技术-工程：电子与电气

CiteScore

6.90

自引率

3.80%

发文量

204

审稿时长

172 days

期刊介绍： Microprocessors and Microsystems: Embedded Hardware Design (MICPRO) is a journal covering all design and architectural aspects related to embedded systems hardware. This includes different embedded system hardware platforms ranging from custom hardware via reconfigurable systems and application specific processors to general purpose embedded processors. Special emphasis is put on novel complex embedded architectures, such as systems on chip (SoC), systems on a programmable/reconfigurable chip (SoPC) and multi-processor systems on a chip (MPSoC), as well as, their memory and communication methods and structures, such as network-on-chip (NoC). Design automation of such systems including methodologies, techniques, flows and tools for their design, as well as, novel designs of hardware components fall within the scope of this journal. Novel cyber-physical applications that use embedded systems are also central in this journal. While software is not in the main focus of this journal, methods of hardware/software co-design, as well as, application restructuring and mapping to embedded hardware platforms, that consider interplay between software and hardware components with emphasis on hardware, are also in the journal scope.