Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

{"title":"How talkative is your mobile device?: an experimental study of Wi-Fi probe requests","authors":"Julien Freudiger","doi":"10.1145/2766498.2766517","DOIUrl":"https://doi.org/10.1145/2766498.2766517","url":null,"abstract":"The IEEE 802.11 standard defines Wi-Fi probe requests as a active mechanism with which mobile devices can request information from access points and accelerate the Wi-Fi connection process. Researchers in previous work have identified privacy hazards associated with Wi-Fi probe requests, such as leaking past access points identifiers and user mobility. Besides several efforts to develop privacy-preserving alternatives, modern mobile devices continue to use Wi-Fi probe requests. In this work, we quantify Wi-Fi probe requests' threat to privacy by conducting an experimental study of the most popular smartphones in different settings. Our objective is to identify how different factors influence the probing frequency and the average number of broadcasted probes. Our conclusions are worrisome: On average, some mobile devices send probe requests as often as 55 times per hour, thus revealing their unique MAC address at high frequency. Even if a mobile device is not charging and in sleep mode, it might broadcast about 2000 probes per hour. We also evaluate a commercially deployed MAC address randomization mechanism, and demonstrate a simple method to re-identify anonymized probes.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"14 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131593890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Is your commute driving you crazy?: a study of misbehavior in vehicular platoons","authors":"Bruce DeBruhl, Sean Weerakkody, B. Sinopoli, P. Tague","doi":"10.1145/2766498.2766505","DOIUrl":"https://doi.org/10.1145/2766498.2766505","url":null,"abstract":"Traffic is not only a source of frustration but also a leading cause of death for people under 35 years of age. Recent research has focused on how driver assistance technologies can be used to mitigate traffic fatalities and create more enjoyable commutes. In this work, we consider cooperative adaptive cruise control (CACC) or platooning, a driver assistance technology that controls the speed of vehicles and inter-vehicle spacing. CACC equipped cars use radar to fine tune inter-vehicle spacing and dedicated short-range communication (DSRC) to collaboratively accelerate and decelerate. Platooning can reduce fuel consumption by over 5% and increases the density of cars on a highway. Previous work on platooning has focused on proving string stability, which guarantees that the error between cars does not grow with the length of a platoon, but little work has considered the impact an attacker can have on a platoon. To design safe distributed controllers and networks it is essential to understand the possible attacks that could be mounted against platoons. In this work, we design a set of insider attacks and abnormal behaviors that occur in a platoon of cars. For example, we introduce the collision induction attack where an attacker exploits the platoon controller to cause a high-speed accident with the car following it. To mitigate these insider attacks we design a model-based detection scheme that leverages the broadcast nature of DSRC. Each car uses DSRC messages from other cars in the platoon to model the expected behavior of the car directly preceding it. If the expected behavior and actual behavior differ the monitoring vehicle switches to non-cooperative ACC, relying solely on radar, to mitigate the impact of the attack. We show that our detection scheme is able to detect many of our proposed insider attacks and when combined with a well designed ACC controller can avoid collisions. We propose combining our detection scheme with a global reputation scheme to detect when a car is malicious or needs maintenance.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121250601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Securacy: an empirical investigation of Android applications' network usage, privacy and security","authors":"Denzil Ferreira, V. Kostakos, A. Beresford, J. Lindqvist, A. Dey","doi":"10.1145/2766498.2766506","DOIUrl":"https://doi.org/10.1145/2766498.2766506","url":null,"abstract":"Smartphone users do not fully know what their apps do. For example, an applications' network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users' privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122860361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"UWB rapid-bit-exchange system for distance bounding","authors":"Nils Ole Tippenhauer, H. Luecken, M. Kuhn, Srdjan Capkun","doi":"10.1145/2766498.2766504","DOIUrl":"https://doi.org/10.1145/2766498.2766504","url":null,"abstract":"Distance bounding protocols enable one device (the verifier) to securely establish an upper bound on its distance to another device (the prover). These protocols can be used for secure location verification and detection of relay attacks, even in presence of strong attackers. The rapid-bit-exchange is the core of distance bounding protocols---the verifier sends single bit challenges, which the prover is expected to answer with minimal and stable processing delay. Based on the measured round trip time of flight, the verifier calculates its upper bound to the prover. Although several aspects of distance bounding implementations have been discussed in the past, no full implementation of a wireless distance bounding system has been presented so far. In this work, we present the first full realization of a rapid bit exchange system for distance bounding. Our system consists of an Ultra-Wideband (UWB) ranging radio and of an efficient digital processing implemented on an Field-Programmable-Gate-Array (FPGA) board; it achieves a ranging accuracy of 7:5 cm and a short processing delay at the prover (< 100 ns). This minimal processing delay is the lowest reported so far for provers that demodulate the challenge before responding.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130089995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A hybrid approach for mobile security threat analysis","authors":"Wanqing You, K. Qian, Minzhe Guo, P. Bhattacharya, Ying Qian, Lixin Tao","doi":"10.1145/2766498.2774987","DOIUrl":"https://doi.org/10.1145/2766498.2774987","url":null,"abstract":"Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation; nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on Android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134462099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding","authors":"Elena Pagnin, Anjia Yang, G. Hancke, Aikaterini Mitrokotsa","doi":"10.1145/2766498.2766516","DOIUrl":"https://doi.org/10.1145/2766498.2766516","url":null,"abstract":"Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The HB+ protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency identification (RFID) tags. However, it has been shown that the HB+ protocol as well as many of its variants are vulnerable to a simple man-in-the-middle attack. We demonstrate that this attack could be mitigated using physical layer measures from distance-bounding and simple modifications to devices' radio receivers. Our hybrid solution (HB+DB) is shown to provide both effective distance-bounding using a lightweight HB+-based response function, and resistance against the man-in-the-middle attack to HB+. We provide experimental evaluation of our results as well as a brief discussion on practical requirements for secure implementation.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123166317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TextLogger: inferring longer inputs on touch screen using motion sensors","authors":"Dan Ping, Xin Sun, Bing Mao","doi":"10.1145/2766498.2766511","DOIUrl":"https://doi.org/10.1145/2766498.2766511","url":null,"abstract":"Today's smartphones are equipped with precise motion sensors like accelerometer and gyroscope, which can measure tiny motion and rotation of devices. While they make mobile applications more functional, they also bring risks of leaking users' privacy. Researchers have found that tap locations on screen can be roughly inferred from motion data of the device. They mostly utilized this side-channel for inferring short input like PIN numbers and passwords, with repeated attempts to boost accuracy. In this work, we study further for longer input inference, such as chat record and e-mail content, anything a user ever typed on a soft keyboard. Since people increasingly rely on smartphones for daily activities, their inputs directly or indirectly expose privacy about them. Thus, it is a serious threat if their input text is leaked. To make our attack practical, we utilize the shared memory side-channel for detecting window events and tap events of a soft keyboard. The up or down state of the keyboard helps triggering our Trojan service for collecting accelerometer and gyroscope data. Machine learning algorithms are used to roughly predict the input text from the raw data and language models are used to further correct the wrong predictions. We performed experiments on two real-life scenarios, which were writing emails and posting Twitter messages, both through mobile clients. Based on the experiments, we show the feasibility of inferring long user inputs to readable sentences from motion sensor data. By applying text mining technology on the inferred text, more sensitive information about the device owners can be exposed.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127413615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CICC: a fine-grained, semantic-aware, and transparent approach to preventing permission leaks for Android permission managers","authors":"Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, R. Deng","doi":"10.1145/2766498.2766518","DOIUrl":"https://doi.org/10.1145/2766498.2766518","url":null,"abstract":"Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131391720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security by mobility in location and track verification","authors":"Matthias Schäfer, Daniel S. Berger, Vincent Lenders, J. Schmitt","doi":"10.1145/2766498.2774988","DOIUrl":"https://doi.org/10.1145/2766498.2774988","url":null,"abstract":"This poster presents the idea of exploiting mobility to improve the security in location and track verification. Unlike traditional approaches which require tight time synchronization or two-way communication, mobility can be used to derive lightweight verification schemes. By ensuring independent movement of the verifiers, our scheme can provide security guarantees even if the verifiers' positions are known to the attacker. We also give an outlook on more general opportunities for mobility-aided security.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134476740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Harvesting developer credentials in Android apps","authors":"Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang","doi":"10.1145/2766498.2766499","DOIUrl":"https://doi.org/10.1145/2766498.2766499","url":null,"abstract":"Developers often integrate third-party services into their apps. To access a service, an app must authenticate itself to the service with a credential. However, credentials in apps are often not properly or adequately protected, and might be easily extracted by attackers. A leaked credential could pose serious privacy and security threats to both the app developer and app users. In this paper, we propose CredMiner to systematically study the prevalence of unsafe developer credential uses in Android apps. CredMiner can programmatically identify and recover (obfuscated) developer credentials unsafely embedded in Android apps. Specifically, it leverages data flow analysis to identify the raw form of the embedded credential, and selectively executes the part of the program that builds the credential to recover it. We applied CredMiner to 36,561 apps collected from various Android markets to study the use of free email services and Amazon AWS. There were 237 and 196 apps that used these two services, respectively. CredMiner discovered that 51.5% (121/237) and 67.3% (132/196) of them were vulnerable. In total, CredMiner recovered 302 unique email login credentials and 58 unique Amazon AWS credentials, and verified that 252 and 28 of these credentials were still valid at the time of the experiments, respectively.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122295698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}