Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
SDN Security Matt Bishop, Brian Perry University of California at Davis 1GEC 22, March 24th, 2015.
Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
CSA 223 network and web security Chapter one
Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Department Of Computer Engineering
A Survey of Mobile Phone Sensing Michael Ruffing CS 495.
William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
OWASP Mobile Top 10 Why They Matter and What We Can Do
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
Storage Security and Management: Security Framework
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Module Designing Computer-based Information Systems
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS Community Studies Presented by Sherley Codio Community-Oriented.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
COEN 252 Computer Forensics
WSN Done By: 3bdulRa7man Al7arthi Mo7mad AlHudaib Moh7amad Ba7emed Wireless Sensors Network.
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
CUSTOMER INTERACTION MANAGEMENT SOLUTION FOR RANDSTAD INDIA June 2015 Confidential.
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Active Security Ryan Hand, Michael Ton, Eric Keller.
Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.
KAIST CS710 컴퓨터구조 특강 유비쿼터스 네트워크와 보안 Syllabus Network & Security Lab.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Lei Liu, Department of Computer Science, George Mason University Guanhua Yan, Information Sciences Group, Los Alamos National Laboratory Xinwen Zhang,
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory.
Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.
Introduction to Network Security. Acknowledgements.
Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Communication Methods
Dude, Where's My Car? And Other Questions in Context-Awareness Jason I. Hong James A. Landay Group for User Interface Research University of California.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Christopher Simpson. Road Map Definition of wiretapping Laws concerning wiretapping Legal justifications of wiretapping What wiretapping means to you.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Database Security Carl J. Hoppe 20 November 2013.
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
Securing Cloud-Native Applications Jason Schmitt CEO
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Securing Home IoT Environments with Attribute-Based Access Control
Architectural Requirements for the Effective Support of Adaptive Mobile Applications Lawrence Li ICS 243F.
Architectural Requirements for the Effective Support of Adaptive Mobile Applications Lawrence Li ICS 243F.
The MobileIron® Threat Detection difference:
Security in SDR & cognitive radio
Presentation transcript:

Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen (University of California, Davis) MobiHeld 2009, An ACM SIGCOMM 2009 workshop 1

Outline Problem scope How app. Use sensors? 3 key modules & Framework Distinction Novel solutions Contribution Future research 2

Problem scope Privacy based on sensors of mobile devices. – Mainly: microphone, camera, and GPS receiver.GPS Not consider about what attacks have been investigated extensively on desktop computers. 3

Problem scope Threat model – Assumption 1: the attacker can install malware on mobile device. – Assumption 2: the attacker have no physical access to compromised mobile device; only via voice or data channels: phone calls, SMS, MMS, TCP connections. – Assumption 3: the attacker cannot compromise the operating system. And if OS is vulnerable, we could move the mechanisms into VM/firmware. 4

How app. Use sensors? Dominated by sensors: start, end. Supported by sensors: start, end. Context Provided by sensors: continuously. And a hardware switch might work hard. 5

3 key modules User interaction Policy engine Interceptor 6

Framework 7

Module 1: Policy Engine & App monitoring Whitelisting & blacklisting Information flow tracking(no network) – Airscanner Mobile Sniffer Airscanner Mobile Sniffer 8

Module 2: User interaction User authorization(to sensor) Sensor in using notification 9

Module 3: interceptor Locking – by a daemon program opening it – bad Blocking – yet have the risk of losing critical data. Then? 10

Distinction Distinctions between sniffing attacks and general malware attacks: – Sensor-sniffing: could use allow but notify approach. – General malware: For the confidentiality of the file may be violated immediately, the approach is inappropriate. 11

Novel solutions 1: Context-aware require no user interaction – Location tagging – Activity inference Disappoints – maybe imprecise – only to certain sensors, e.g., difficult for GPS. 12

Novel solutions 2: Leveraging 利用現有的 – E.g.: hangup button & talk button to microphone(hardware). 13

Novel solutions 3: Through encryption Ensuring both security and reliable sensory data capture – When the decision is wrong, the sensory data are lost forever; this dilemma might encourage users to always authorize access. – To ensure both 1. All app. can access the sensors 2.Encrypt sensory data and save them unless OS determines that the app. is benign( 良性 ) Disappoint – App. may need to be rewritten. 14

Contribution Propose a framework which consists of 3 modules: policy engine, user interaction, interceptor, and explore different mechanisms for each module. Provide the 3 novel mechanisms. 15

Future research Mobile user behavior (to Sol 3) Algorithms for automatic context inference(to Sol 1) Operating system primitives(to Mod 1) 16

Thank for your attention QA 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.