Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen.

Published byCierra Worton Modified over 9 years ago

Similar presentations

Presentation on theme: "Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen."— Presentation transcript:

1 Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen (University of California, Davis) MobiHeld 2009, An ACM SIGCOMM 2009 workshop 1

2 Outline Problem scope How app. Use sensors? 3 key modules & Framework Distinction Novel solutions Contribution Future research 2

3 Problem scope Privacy based on sensors of mobile devices. – Mainly: microphone, camera, and GPS receiver.GPS Not consider about what attacks have been investigated extensively on desktop computers. 3

4 Problem scope Threat model – Assumption 1: the attacker can install malware on mobile device. – Assumption 2: the attacker have no physical access to compromised mobile device; only via voice or data channels: phone calls, SMS, MMS, TCP connections. – Assumption 3: the attacker cannot compromise the operating system. And if OS is vulnerable, we could move the mechanisms into VM/firmware. 4

5 How app. Use sensors? Dominated by sensors: start, end. Supported by sensors: start, end. Context Provided by sensors: continuously. And a hardware switch might work hard. 5

6 3 key modules User interaction Policy engine Interceptor 6

7 Framework 7

8 Module 1: Policy Engine & App monitoring Whitelisting & blacklisting Information flow tracking(no network) – Airscanner Mobile Sniffer Airscanner Mobile Sniffer 8

9 Module 2: User interaction User authorization(to sensor) Sensor in using notification 9

10 Module 3: interceptor Locking – by a daemon program opening it – bad Blocking – yet have the risk of losing critical data. Then? 10

11 Distinction Distinctions between sniffing attacks and general malware attacks: – Sensor-sniffing: could use allow but notify approach. – General malware: For the confidentiality of the file may be violated immediately, the approach is inappropriate. 11

12 Novel solutions 1: Context-aware require no user interaction – Location tagging – Activity inference Disappoints – maybe imprecise – only to certain sensors, e.g., difficult for GPS. 12

13 Novel solutions 2: Leveraging 利用現有的 – E.g.: hangup button & talk button to microphone(hardware). 13

14 Novel solutions 3: Through encryption Ensuring both security and reliable sensory data capture – When the decision is wrong, the sensory data are lost forever; this dilemma might encourage users to always authorize access. – To ensure both 1. All app. can access the sensors 2.Encrypt sensory data and save them unless OS determines that the app. is benign( 良性 ) Disappoint – App. may need to be rewritten. 14

15 Contribution Propose a framework which consists of 3 modules: policy engine, user interaction, interceptor, and explore different mechanisms for each module. Provide the 3 novel mechanisms. 15

16 Future research Mobile user behavior (to Sol 3) Algorithms for automatic context inference(to Sol 1) Operating system primitives(to Mod 1) 16

17 Thank for your attention QA 17

Download ppt "Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
SDN Security Matt Bishop, Brian Perry University of California at Davis 1GEC 22, March 24th, 2015.

SDN Security Matt Bishop, Brian Perry University of California at Davis 1GEC 22, March 24th, 2015.
Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.

Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Department Of Computer Engineering

Department Of Computer Engineering
A Survey of Mobile Phone Sensing Michael Ruffing CS 495.

A Survey of Mobile Phone Sensing Michael Ruffing CS 495.
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google