发布求助
文献互助 智能选刊 最新文献

Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
Don't Touch that Column: Portable, Fine-Grained Access Control for Android's Native Content Providers 不要碰那个专栏:Android原生内容提供商的可移植、细粒度访问控制
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939927
Aisha I. Ali-Gombe, G. Richard, Irfan Ahmed, Vassil Roussev
{"title":"Don't Touch that Column: Portable, Fine-Grained Access Control for Android's Native Content Providers","authors":"Aisha I. Ali-Gombe, G. Richard, Irfan Ahmed, Vassil Roussev","doi":"10.1145/2939918.2939927","DOIUrl":"https://doi.org/10.1145/2939918.2939927","url":null,"abstract":"Android applications access native SQLite databases through their Universal Resource Identifiers (URIs), exposed by the Content provider library. By design, the SQLite engine used in the Android system does not enforce access restrictions on database content nor does it log database accesses. Instead, Android enforces read and write permissions on the native providers through which databases are accessed via the mandatory applications permissions system. This system is very coarse grained, however, and can allow applications far greater access to sensitive data than a user might intend. In this paper, we present a novel technique called priVy that merges static bytecode weaving and database query rewriting to achieve low-level access control for Android native providers at the application level. priVy defines access control for both database schema and entities and does not require any modifications to the underlying operating system and/or framework code. Instead, it provides a new Controller stub which is statically woven into the target application and a Controller interface for setting access levels, thus making it accessible and easily adoptable by average users. We provide an evaluation in terms of the resilience of applications to instrumentation as well as static and runtime instrumentation overhead. In our testing, priVy incurs an average of 1032 additional method calls or joinpoints created and it takes an average of 15 seconds to recompile an app and imposes virtually no runtime overhead.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116316389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Secure Motion Verification using the Doppler Effect 使用多普勒效应的安全运动验证
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939920
Matthias Schäfer, Patrick Leu, Vincent Lenders, J. Schmitt
{"title":"Secure Motion Verification using the Doppler Effect","authors":"Matthias Schäfer, Patrick Leu, Vincent Lenders, J. Schmitt","doi":"10.1145/2939918.2939920","DOIUrl":"https://doi.org/10.1145/2939918.2939920","url":null,"abstract":"Future transportation systems highly rely on the integrity of spatial information provided by their means of transportation such as vehicles and planes. In critical applications (e.g. collision avoidance), tampering with this data can result in life-threatening situations. It is therefore essential for the safety of these systems to securely verify this information. While there is a considerable body of work on the secure verification of locations, movement of nodes has only received little attention in the literature. This paper proposes a new method to securely verify spatial movement of a mobile sender in all dimensions, i.e., position, speed, and direction. Our scheme uses Doppler shift measurements from different locations to verify a prover's motion. We provide formal proof for the security of the scheme and demonstrate its applicability to air traffic communications. Our results indicate that it is possible to reliably verify the motion of aircraft in currently operational systems with an equal error rate of zero.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116895248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
Fingerprinting Wi-Fi Devices Using Software Defined Radios 使用软件定义无线电识别Wi-Fi设备
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939936
T. Vo-Huu, T. D. Vo-Huu, G. Noubir
{"title":"Fingerprinting Wi-Fi Devices Using Software Defined Radios","authors":"T. Vo-Huu, T. D. Vo-Huu, G. Noubir","doi":"10.1145/2939918.2939936","DOIUrl":"https://doi.org/10.1145/2939918.2939936","url":null,"abstract":"Wi-Fi (IEEE 802.11), is emerging as the primary medium for wireless Internet access. Cellular carriers are increasingly offloading their traffic to Wi-Fi Access Points to overcome capacity challenges, limited RF spectrum availability, cost of deployment, and keep up with the traffic demands driven by user generated content. The ubiquity of Wi-Fi and its emergence as a universal wireless interface makes it the perfect tracking device. The Wi-Fi offloading trend provides ample opportunities for adversaries to collect samples (e.g., Wi-Fi probes) and track the mobility patterns and location of users. In this work, we show that RF fingerprinting of Wi-Fi devices is feasible using commodity software defined radio platforms. We developed a framework for reproducible RF fingerprinting analysis of Wi-Fi cards. We developed a set of techniques for distinguishing Wi-Fi cards, most are unique to the IEEE802.11a/g/p standard, including scrambling seed pattern, carrier frequency offset, sampling frequency offset, transient ramp-up/down periods, and a symmetric Kullback-Liebler divergence-based separation technique. We evaluated the performance of our techniques over a set of 93 Wi-Fi devices spanning 13 models of cards. In order to assess the potential of the proposed techniques on similar devices, we used 3 sets of 26 Wi-Fi devices of identical model. Our results, indicate that it is easy to distinguish between models with a success rate of 95%. It is also possible to uniquely identify a device with 47% success rate if the samples are collected within a 10s interval of time.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117313078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
Interleaving Jamming in Wi-Fi Networks Wi-Fi网络中的交叉干扰
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939935
T. D. Vo-Huu, T. Vo-Huu, G. Noubir
{"title":"Interleaving Jamming in Wi-Fi Networks","authors":"T. D. Vo-Huu, T. Vo-Huu, G. Noubir","doi":"10.1145/2939918.2939935","DOIUrl":"https://doi.org/10.1145/2939918.2939935","url":null,"abstract":"The increasing importance of Wi-Fi in today's wireless communication systems, both as a result of Wi-Fi offloading and its integration in IoT devices, makes it an ideal target for malicious attacks. In this paper, we investigate the structure of the combined interleaver/convolutional coding scheme of IEEE 802.11a/g/n. The analysis of the first and second-round permutations of the interleaver allows us to design deterministic jamming patterns across subcarriers that when de-interleaved results in an interference burst. We show that a short burst across carefully selected sub-carriers exceeds the error correction capability of Wi-Fi. We implemented this attack as a reactive interleaving jammer on the firmware of the low-cost HackRF SDR. Our experimental evaluation shows that this attack can completely block the Wi-Fi transmissions with jamming power less than 1% of the communication (measured at the receiver) and block 95% of the packets with less than 0.1% energy. Furthermore, it is at least 5dB and up to 15dB more power-efficient than jamming attacks that are unaware of the Wi-Fi interleaving structure.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132450527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise 振动断路器:确保振动配对与故意的声学噪音
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939934
S. Anand, Nitesh Saxena
{"title":"Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise","authors":"S. Anand, Nitesh Saxena","doi":"10.1145/2939918.2939934","DOIUrl":"https://doi.org/10.1145/2939918.2939934","url":null,"abstract":"Pairing between wireless devices may be secured by the use of an auxiliary channel such as audio, visuals or vibrations. A simple approach to pairing involves one of the devices initiating the transmission of a key, or keying material like a short password, over the auxiliary channel to the other device. A successful pairing is achieved when the receiving device is able to decode the key without any errors while the attacker is unable to eavesdrop the key. In this paper, we focus on the security of the vibration channel when used for the key transmission. As shown in some recent work, sending the keying material over a clear vibrational channel poses a significant risk of an acoustic side channel attack. Specifically, an adversary can listen onto the acoustic sounds generated by the vibration motor of the sending device and infer the keying material with a high accuracy. To counteract this threat, we propose a novel pairing scheme, called Vibreaker (a ``Vibrating speaker''), that involves active injection of acoustic noise in order to mask the key signal. In this scheme, the sending device artificially injects noise in the otherwise clear audio channel while transmitting the keying material via vibrations. We experiment with several choices for the noise signal and demonstrate that the security of the audio channel is significantly enhanced with Vibreaker when appropriate noise is used. The scheme requires no additional effort by the user, and imposes minimum hardware requirement and hence can be applied to many different contexts, such as pairing of IoT and implanted devices, wearables and other commodity gadgets.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132069180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
POSTER: Assessing the Impact of 802.11 Vulnerabilities using Wicability 海报:使用Wicability评估802.11漏洞的影响
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942421
Pieter Robyns, B. Bonné, P. Quax, W. Lamotte
{"title":"POSTER: Assessing the Impact of 802.11 Vulnerabilities using Wicability","authors":"Pieter Robyns, B. Bonné, P. Quax, W. Lamotte","doi":"10.1145/2939918.2942421","DOIUrl":"https://doi.org/10.1145/2939918.2942421","url":null,"abstract":"Wicability is an open platform created for researchers, that aims to provide insights into the spatial and temporal impact of both novel and past 802.11 security vulnerabilities. This is achieved through the automated collection and analysis of large datasets containing 802.11 Information Elements (IEs) transmitted by access points and stations. The results of this analysis are anonymized and provided free of charge to researchers through a web interface.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131807734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
DEMO: Demonstrating Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems 演示:演示无线MIMO系统中针对物理层安全的实际已知明文攻击
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942418
Matthias Schulz, Adrian Loch, M. Hollick
{"title":"DEMO: Demonstrating Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems","authors":"Matthias Schulz, Adrian Loch, M. Hollick","doi":"10.1145/2939918.2942418","DOIUrl":"https://doi.org/10.1145/2939918.2942418","url":null,"abstract":"After being widely studied in theory, physical layer security schemes are getting closer to enter the consumer market. Still, a thorough practical analysis of their resilience against attacks is missing. In this work, we use software-defined radios to implement such a physical layer security scheme, namely, orthogonal blinding. To this end, we use orthogonal frequency-division multiplexing (OFDM) as a physical layer, similarly to WiFi. In orthogonal blinding, a multi-antenna transmitter overlays the data it transmits with noise in such a way that every node except the intended receiver is disturbed by the noise. Still, our known-plaintext attack can extract the data signal at an eavesdropper by means of an adaptive filter trained using a few known data symbols. Our demonstrator illustrates the iterative training process at the symbol level, thus showing the practicability of the attack.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113953951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Ultimate Frontier for Privacy and Security: Medicine 隐私和安全的终极前沿:医学
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939939
J. Hubaux
{"title":"The Ultimate Frontier for Privacy and Security: Medicine","authors":"J. Hubaux","doi":"10.1145/2939918.2939939","DOIUrl":"https://doi.org/10.1145/2939918.2939939","url":null,"abstract":"Personalized medicine brings the promise of better diagnoses, better treatments, a higher quality of life and increased longevity. To achieve these noble goals, it exploits a number of revolutionary technologies, including genome sequencing and DNA editing, as well as wearable devices and implantable or even edible biosensors. In parallel, the popularity of \"quantified self\" gadgets shows the willingness of citizens to be more proactive with respect to their own health. Yet, this evolution opens the door to all kinds of abuses, notably in terms of discrimination, blackmailing, stalking, and subversion of devices. After giving a general description of this situation, in this talk we will expound on some of the main concerns, including the temptation to permanently and remotely monitor the physical (and metabolic) activity of individuals. We will describe the potential and the limitations of techniques such as cryptography (including secure multi-party computation), trusted hardware and differential privacy. We will also discuss the notion of consent in the face of the intrinsic correlations of human data. We will argue in favor of a more systematic, principled and cross-disciplinary research effort in this field and will discuss the motives of the various stakeholders.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126771406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DEMO: Using NexMon, the C-based WiFi firmware modification framework 演示:使用NexMon,基于c语言的WiFi固件修改框架
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942419
Matthias Schulz, D. Wegemer, M. Hollick
{"title":"DEMO: Using NexMon, the C-based WiFi firmware modification framework","authors":"Matthias Schulz, D. Wegemer, M. Hollick","doi":"10.1145/2939918.2942419","DOIUrl":"https://doi.org/10.1145/2939918.2942419","url":null,"abstract":"FullMAC WiFi chips have the potential to realize modifications to WiFi implementations that exceed the limits of current standards or to realize the implementation of new standards, such as 802.11p, on off-the-shelve hardware. As a developer, one, however, needs access to the firmware source code to implement these modifications. In general, WiFi firmwares are closed source and do not allow any modifications. With our C-based programming framework, NexMon, we allow the extension of existing firmware of Broadcom's FullMAC WiFi chips. In this work, we demonstrate how to get started by running existing example projects and by creating a new project to transmit arbitrary frames with a Nexus 5 smartphone.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115776283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
POSTER: Experimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps 海报:流行的匿名、短暂和端到端加密应用的实验分析
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942424
Lucky Onwuzurike, Emiliano De Cristofaro
{"title":"POSTER: Experimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps","authors":"Lucky Onwuzurike, Emiliano De Cristofaro","doi":"10.1145/2939918.2942424","DOIUrl":"https://doi.org/10.1145/2939918.2942424","url":null,"abstract":"As social networking takes to the mobile world, smartphone apps provide users with ever-changing ways to interact with each other. Over the past couple of years, an increasing number of apps have entered the market offering end-to-end encryption, self-destructing messages, or some degree of anonymity. However, little work thus far has examined the properties they offer. We present a taxon- omy of 18 of these apps: we first look at the features they promise in their appeal to broaden their reach and focus on 8 of the more popular ones. We present a technical evaluation, based on static and dynamic analysis, and identify a number of gaps between the claims and reality of their promises.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128217219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信