发布求助
文献互助 智能选刊 最新文献

Security and Privacy in Smartphones and Mobile Devices最新文献

筛选
英文 中文
Please slow down!: the impact on tor performance from mobility 请慢一点!:机动性对性能的影响
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516773
S. Doswell, N. Aslam, D. Kendall, G. Sexton
{"title":"Please slow down!: the impact on tor performance from mobility","authors":"S. Doswell, N. Aslam, D. Kendall, G. Sexton","doi":"10.1145/2516760.2516773","DOIUrl":"https://doi.org/10.1145/2516760.2516773","url":null,"abstract":"The number of mobile devices, connecting to the Internet, is predicted to surpass desktop connections by 2014. The likely growth in their mobile client base will offer an additional challenge for anonymity networks, such as Tor, in maintaining an efficient privacy service. We have conducted a simple experiment that illustrates this challenge. We have simulated the performance achieved by a mobile Tor node as it roams at varying speeds between wireless networks. The results show that the impact on performance for the mobile user, and potentially the wider Tor network, is significant when roaming, and as expected, increases with higher mobility speeds and longer recovery times. We review a range of solutions and suggest that, although the use of a lighter transport protocol and/or adaptive client throttling may reduce the performance impact of mobility, a better strategy is to provide a persistent connection to the Tor network for roaming mobile users.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115317389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Native code execution control for attack mitigation on android 针对android攻击缓解的本机代码执行控制
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516765
Rafael Fedler, Marcel Kulicke, J. Schütte
{"title":"Native code execution control for attack mitigation on android","authors":"Rafael Fedler, Marcel Kulicke, J. Schütte","doi":"10.1145/2516760.2516765","DOIUrl":"https://doi.org/10.1145/2516760.2516765","url":null,"abstract":"Sophisticated malware targeting the Android mobile operating system increasingly utilizes local root exploits. These allow for the escalation of privileges and subsequent automatic, unnoticed, and permanent infection of a target device. Poor vendor patch policy leaves customer devices vulnerable for many months. All current local root exploits are exclusively implemented as native code and can be dynamically downloaded and run by any app. Hence, the lack of control mechanisms for the execution of native code poses a major threat to the security of Android devices. In this paper, we present different approaches to prevent local root exploits by means of gradually controlling native code execution. The proposed alterations to the Android operating system protect against all current local root exploits, while limiting the user experience as little as possible. Thus, the approaches we present help to avert automatic privilege escalation and to reduce exploitability and malware infection of Android devices.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127099552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Deadbolt: locking down android disk encryption Deadbolt:锁定android磁盘加密
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516771
Adam Skillen, David Barrera, P. V. Oorschot
{"title":"Deadbolt: locking down android disk encryption","authors":"Adam Skillen, David Barrera, P. V. Oorschot","doi":"10.1145/2516760.2516771","DOIUrl":"https://doi.org/10.1145/2516760.2516771","url":null,"abstract":"Android devices use volume encryption to protect private data storage. While this paradigm has been widely adopted for safeguarding PC storage, the always-on mobile usage model makes volume encryption a weaker proposition for data confidentiality on mobile devices. PCs are routinely shut down which effectively secures private data and encryption keys. Mobile devices, on the other hand, typically remain powered-on for long periods and rely on a lock-screen for protection. This leaves lock-screen protection, something routinely bypassed, as the only barrier securing private data and encryption keys. Users are unlikely to embrace a practice of shutting down their mobile phones, as it impairs their communication and computing abilities. We propose Deadbolt: a method for maintaining most mobile computing functionality, while offering the security benefits of a powered off device with respect to storage encryption. Deadbolt prevents access to internal storage even if the adversary can exploit a lock screen bypass vulnerability or perform a cold boot attack. Users can gracefully switch between the Deadbolt and unlocked modes in less time than a system reboot. Deadbolt offers the additional benefit of an incognito environment in which logs and actions will not be recorded.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114255425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
PIN skimmer: inferring PINs through the camera and microphone PIN略读器:通过摄像头和麦克风推断PIN
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516770
Laurent Simon, Ross J. Anderson
{"title":"PIN skimmer: inferring PINs through the camera and microphone","authors":"Laurent Simon, Ross J. Anderson","doi":"10.1145/2516760.2516770","DOIUrl":"https://doi.org/10.1145/2516760.2516770","url":null,"abstract":"Today's smartphones provide services and uses that required a panoply of dedicated devices not so long ago. With them, we listen to music, play games or chat with our friends; but we also read our corporate email and documents, manage our online banking; and we have started to use them directly as a means of payment. In this paper, we aim to raise awareness of side-channel attacks even when strong isolation protects sensitive applications. Previous works have studied the use of the phone accelerometer and gyroscope as side channel data to infer PINs. Here, we describe a new side-channel attack that makes use of the video camera and microphone to infer PINs entered on a number-only soft keyboard on a smartphone. The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation, and correlate it to the position of the digit tapped by the user.\u0000 We present the design, implementation and early evaluation of PIN Skimmer, which has a mobile application and a server component. The mobile application collects touch-event orientation patterns and later uses learnt patterns to infer PINs entered in a sensitive application.\u0000 When selecting from a test set of 50 4-digit PINs, PIN Skimmer correctly infers more than 30% of PINs after 2 attempts, and more than 50% of PINs after 5 attempts on android-powered Nexus S and Galaxy S3 phones. When selecting from a set of 200 8-digit PINs, PIN Skimmer correctly infers about 45% of the PINs after 5 attempts and 60% after 10 attempts. It turns out to be difficult to prevent such side-channel attacks, so we provide guidelines for developers to mitigate present and future side-channel attacks on PIN input.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131791815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 130
Secure enrollment and practical migration for mobile trusted execution environments 移动可信执行环境的安全注册和实际迁移
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516764
Claudio Marforio, N. Karapanos, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
{"title":"Secure enrollment and practical migration for mobile trusted execution environments","authors":"Claudio Marforio, N. Karapanos, Claudio Soriente, Kari Kostiainen, Srdjan Capkun","doi":"10.1145/2516760.2516764","DOIUrl":"https://doi.org/10.1145/2516760.2516764","url":null,"abstract":"Smartphones can implement various security services from mobile banking to security tokens used for physical access control. System-wide trusted execution environments (TEEs), like ARM TrustZone, allow implementation of these services that withstand malware and operating system compromise. While researchers and developers have focused on secure storage and processing of credentials on such mobile TEEs, secure and practical bootstrapping of security services has been overlooked. The goal of this paper is to put forward the problem of secure user enrollment in the context of mobile system-wide TEEs. We explain why user identity binding to a mobile device is challenging on current smartphone platforms, and argue that current mobile device architectures do not facilitate secure enrollment and migration for such TEEs. We outline possible architecture changes that would enable the realization of secure and practical enrollment, and thus enable more widespread secure deployment of various mobile security services.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115075902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Passwords and interfaces: towards creating stronger passwords by using mobile phone handsets 密码和接口:通过使用手机来创建更强的密码
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516767
S. Haque, M. Wright, Shannon Scielzo
{"title":"Passwords and interfaces: towards creating stronger passwords by using mobile phone handsets","authors":"S. Haque, M. Wright, Shannon Scielzo","doi":"10.1145/2516760.2516767","DOIUrl":"https://doi.org/10.1145/2516760.2516767","url":null,"abstract":"Entering a password on a mobile phone requires more effort than entering it on a PC keyboard, especially when using capital letters, digits, and special characters that are considered important for strong passwords. In this study, we examine how these factors affect the construction of passwords on input-constrained devices such as mobile phones. We conducted a between-group experiment with 72 students from the University of Texas at Arlington (UTA), in which we asked the participants to construct new passwords using PC keyboards and mobile phones with different keypad layouts. Passwords constructed by using PC keyboards were stronger than those constructed by touchscreen keypads. Surprisingly, passwords that were constructed by mobile phones with physical keyboards were stronger than those constructed by PC keyboards. We also designed a custom layout for the touchscreen keypad that offers a more convenient method of typing digits and some special characters. Our results show that this custom layout helped the participants to construct stronger passwords on mobile phones. To address an alternative explanation for better performance of the physical keyboard and custom layout groups, we designed a second experiment by removing the potential bias effects of the first experiment. The results of this within-group experiment confirm that if users are presented with a more convenient method of entering digits and special characters on mobile handsets, they take advantage of it to construct stronger passwords. The results also supplement our finding regarding password construction and user engagement from the first experiment and highlight an important design consideration about password construction pages for mobile versions of websites.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115307148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
This network is infected: HosTaGe - a low-interaction honeypot for mobile devices 此网络被感染:人质-移动设备的低交互蜜罐
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516763
Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, M. Mühlhäuser, Mihai Plasoianu, Lars Pandikow, W. Pfeiffer
{"title":"This network is infected: HosTaGe - a low-interaction honeypot for mobile devices","authors":"Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, M. Mühlhäuser, Mihai Plasoianu, Lars Pandikow, W. Pfeiffer","doi":"10.1145/2516760.2516763","DOIUrl":"https://doi.org/10.1145/2516760.2516763","url":null,"abstract":"In recent years, the number of sophisticated cyber attacks has increased rapidly. At the same time, people tend to utilize unknown, in terms of trustworthiness, wireless networks in their daily life. They connect to these networks, e.g., airports, without knowledge of whether they are safe or infected with actively propagating malware. In traditional networks, malicious behavior can be detected via Intrusion Detection Systems (IDSs). However, IDSs cannot be applied easily to mobile environments and to resource constrained devices. Another common defense mechanism is honeypots, i.e., systems that pretend to be an attractive target to attract malware and attackers. As a honeypot has no productive use, each attempt to access it can be interpreted as an attack. Hence, they can provide an early indication on malicious network environments. Since low interaction honeypots do not demand high CPU or memory requirements, they are suitable to resource constrained devices like smartphones or tablets.\u0000 In this paper we present the idea of Honeypot-To-Go. We envision portable honeypots on mobile devices that aim on the fast detection of malicious networks and thus boost the security awareness of users. Moreover, to demonstrate the feasibility of this proposal we present our prototype HosTaGe, a low-interaction honeypot implemented for the Android OS. We present some initial results regarding the performance of this application as well as its ability to detect attacks in a realistic environment. To the best of our knowledge, HosTaGe is the first implementation of a generic low-interaction honeypot for mobile devices.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128487937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Securitas: user identification through RGB-NIR camera pair on mobile devices Securitas:通过移动设备上的RGB-NIR摄像头对进行用户识别
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516766
Shijia Pan, An Chen, Pei Zhang
{"title":"Securitas: user identification through RGB-NIR camera pair on mobile devices","authors":"Shijia Pan, An Chen, Pei Zhang","doi":"10.1145/2516760.2516766","DOIUrl":"https://doi.org/10.1145/2516760.2516766","url":null,"abstract":"Today mobile devices are equipped with numerous sensors and new ones are being added. In this paper, we propose a method to utilize a new sensor to provide a more secure identification system named Securitas for mobile device users. Securitas is a user identification system through the use of RGB-NIR camera pairs. The system extracts and analyzes geometrical features from a human hand to identify the user for unlocking devices and accessing personal data. Utilizing both RGB and the NIR cameras for real skin detection, it can effectively prevent an impostor from gaining access by using a fake hand photograph of a valid registered user without limitations of contrast, color, and background. Comparing to existing techniques, Securitas demonstrates that by leveraging the sensors on the mobile devices, a user can have a more secure identification mechanism by simply taking a photograph of his hand. Through proof of concept of implementation, our system demonstrates the ability to distinguish users with more than 94% accuracy.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130112026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors AndroTotal:一个灵活的,可扩展的工具箱和服务,用于测试移动恶意软件检测器
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516768
F. Maggi, Andrea Valdi, S. Zanero
{"title":"AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors","authors":"F. Maggi, Andrea Valdi, S. Zanero","doi":"10.1145/2516760.2516768","DOIUrl":"https://doi.org/10.1145/2516760.2516768","url":null,"abstract":"Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype aside, the amount of new Android malware variants is increasing. This trend is mainly due to the fact that, as it happened with traditional malware, the authors are striving to repackage, obfuscate, or otherwise transform the executable code of their malicious apps in order to evade mobile security apps. There are about 85 of these apps only on the official marketplace. However, it is not clear how effective they are. Indeed, the sandboxing mechanism of Android does not allow (security) apps to audit other apps.\u0000 We present AndroTotal, a publicly available tool, malware repository and research framework that aims at mitigating the above challenges, and allow researchers to automatically scan Android apps against an arbitrary set of malware detectors. We implemented AndroTotal and released it to the research community in April 2013. So far, we collected 18,758 distinct submitted samples and received the attention of several research groups (1,000 distinct accounts), who integrated their malware-analysis services with ours.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131431867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
Sleeping android: the danger of dormant permissions 休眠android:休眠权限的危险
Security and Privacy in Smartphones and Mobile Devices Pub Date : 2013-11-08 DOI: 10.1145/2516760.2516774
J. Sellwood, J. Crampton
{"title":"Sleeping android: the danger of dormant permissions","authors":"J. Sellwood, J. Crampton","doi":"10.1145/2516760.2516774","DOIUrl":"https://doi.org/10.1145/2516760.2516774","url":null,"abstract":"An Android app must be authorized for permissions, defined by the Android platform, in order to access certain capabilities of an Android device. An app developer specifies which permissions an app will require and these permissions must be authorized by the user of the device when the app is installed. Permissions, and the tools that are used to manage them, form the basis of the Android permission architecture, which is an essential part of the access control services provided by the Android platform.\u0000 We have analyzed the evolution of the Android permission architecture across six versions of the Android platform, identifying various changes which have occurred during that period and a considerable amount of information about the permission architecture which is not included in the Android documentation. Using this information, we have identified a weakness in the way that the Android platform handles app permissions during platform upgrades. We explain how this weakness may be exploited by a developer to produce malicious software which the average user is unlikely to detect. We conclude with a discussion of potential mitigation techniques for this weakness, highlighting concerns drawn from other research in this area.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121914662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信