Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

Published byよりとし かわらい Modified over 6 years ago

Similar presentations

Presentation on theme: "Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses"— Presentation transcript:

1 Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses
Anupam Das (UIUC), Nikita Borisov (UIUC), Matthew Caesar (UIUC) 1 September 18, 2018September 18, 2018

2 Real World Digital Stalking
How are they tracking devices? Device Fingerprint ~ Set (unique device properties) Why fingerprint devices? Targeted Advertisement (tracking usage pattern) 2 September 18, 2018September 18, 2018

3 Mobile Ad Expenditure There are multiple companies such as TapAd and AdTruth that utilize device fingerprinting to build cross-device user profile. Targeted ad can help increase the Return On Ad Spend. 3 September 18, 2018September 18, 2018

4 Hardware idiosyncrasies
Device Fingerprinting Techniques How are device fingerprints generated? Software Variations Hardware idiosyncrasies Device Fingerprint Difference in Protocol Stack/Network Stack Difference in Firmware and Device Driver Difference in installed Software MAC Headers Difference in spectral property of Radio Signal Transmitters Difference in emitted radio frequency of NIC Unique and constant clock skews in network devices . Researchers have long been exploiting the difference in the protocol stack installed on IEEE compliant devices. Desmond et al have looked at distinguishing unique devices over Wireless Local Area Networks (WLANs) simply by performing timing analysis on the probe request packets. Others have investigated subtle differences in the firmware and device drivers running on IEEE compliant devices MAC headers have also been used to uniquely track devices Moreover, there are well-known open source toolkits like Nmap [31] and Xprobe [47] that can remotely fingerprint an operating system by analyzing unique responses from the TCP/IP networking stack. Exploit small deviations in either the software or hardware characteristics of the device. 4 September 18, 2018September 18, 2018

5 Example: Browser Fingerprinting
. Researchers have long been exploiting the difference in the protocol stack installed on IEEE compliant devices. Desmond et al have looked at distinguishing unique devices over Wireless Local Area Networks (WLANs) simply by performing timing analysis on the probe request packets. Others have investigated subtle differences in the firmware and device drivers running on IEEE compliant devices MAC headers have also been used to uniquely track devices Moreover, there are well-known open source toolkits like Nmap [31] and Xprobe [47] that can remotely fingerprint an operating system by analyzing unique responses from the TCP/IP networking stack. 5 September 18, 2018September 18, 2018

6 Fingerprinting Smartphones
Can traditional approaches be applied to fingerprint smartphones? Smartphones are somewhat less susceptible to software-based fingerprinting approaches due to a stable software base. Browser Characteristic % of fingerprints sharing same value Laptop (ThinkPad L540) Smartphone (iPhone 5) User agent <0.1% List of plugins 0.28% 17.05% List of fonts 23.72% Screen resolution 9.83% 0.95% Canvas 0.34% 0.11% The main drawback for software based approaches is that the source of the fingerprints are not too stable. Influenced by operating temperature Requires specialized receivers Requires external vibration 6 September 18, 2018September 18, 2018

7 How are Smartphones Different?
Smartphones are equipped with a wide range of sensors. Applications: Motion detection Gesture detection Audio Genre detection Location detection Interaction with nearby devices Navigation etc. We focus on exploiting onboard sensors to generate unique fingerprints. 7 September 18, 2018September 18, 2018

8 Our Contribution We’ll look at addressing the following questions:
Can smartphones be fingerprinted using motion sensors? Are there ways to mitigate such fingerprinting techniques? Are there any implications of such mitigation techniques? The main drawback for software based approaches is that the source of the fingerprints are not too stable. Influenced by operating temperature Requires specialized receivers Requires external vibration 8 September 18, 2018September 18, 2018

9 Fingerprint Motion Sensors
Fingerprint smartphone using accelerometer and gyroscope. Attack Scenario 1. User browses a web page where the attacker runs some JavaScript 2. Attacker collects sensor data surreptitiously and generates a fingerprint of the device Publisher Device Position: On Desk: Devices kept on top of a desk In Hand: Devices kept in the hand of the user while user is sitting in a chair Requires No Explicit Permissions!!! 9 September 18, 2018September 18, 2018

10 Source of Uniqueness MEMS Accelerometer: Gap ~ 1.3µm
Mechanical Energy Capacitive Change Voltage Change Movable Electrode Gap ~ 1.3µm Sensitivity ~ 20pm Possible source of idiosyncrasies: Slightest gap difference between the structural electrodes Flexibility of the seismic mass 10 September 18, 2018September 18, 2018

11 Data Collection Setup Using JavaScript we collected sensor data through the web browser. OS Browser Sampling Freq. (Hz) Sensors Accessible* Android 4.4 Chrome 100 A,G Android 20 A Opera 40 UC Browser Standalone App 200 iOS 8.1.3 Safari *A=Accelerometer, G=Gyroscope Chrome being the most popular mobile browser, we collect lab-data using the Chrome browser. 11 September 18, 2018September 18, 2018

12 Experimental Setup Data Streams: Four data streams are considered:
Devices: Data Streams: Four data streams are considered: Accelerometer Magnitude Gyroscope X-axis Gyroscope Y-axis Gyroscope Z-axis Samples: 10 samples per device per setting Each sample is around 5-8 second Maker Model # Apple iPhone 5 4 iPhone 5s 3 Samsung Nexus S 14 Galaxy S3 Galaxy S4 5 Total 30 Settings: Stimulation Type Description No Audio No audio is being played through the speaker Inaudible Audio 20kHz Sine wave is being played through the speaker Popular Song A popular song is being played through the speaker 12 September 18, 2018September 18, 2018

13 Features 25 features were explored.
# Spectral Feature 1 Spectral Root Mean Square 2 Spectral Spread 3 Spectral Low-Energy-Rate 4 Spectral Centroid 5 Spectral Entropy 6 Spectral Irregularity 7 8 Spectral Skewness 9 Spectral Kurtosis 10 Spectral Rolloff 11 Spectral Brightness 12 Spectral Flatness 13 Spectral Flux 14 Spectral Attack Slope 15 Spectral Attack Time # Temporal Feature 1 Mean 2 Standard Deviation 3 Average Deviation 4 Skewness 5 Kurtosis 6 Root Mean Square 7 Max 8 Min 9 Zero Crossing Rate 10 Non-Negative Count Joint-Mutual-Information (JMI) is used for feature exploration to determine the best subset of features for classification. For Spectral Features, cubic-spline interpolation is used to obtain a sampling rate of 8kHz. 13 September 18, 2018September 18, 2018

14 Evaluation Algorithms & Metrics
Tested several supervised classifiers: SVM, Naive-Bayes classifier, Multiclass Decision Tree, k-NN, Bagged Decision Trees. Evaluation metrics: 𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛= 𝑇𝑃 𝑇𝑃+𝐹𝑃 𝑅𝑒𝑐𝑎𝑙𝑙= 𝑇𝑃 𝑇𝑃+𝐹𝑁 𝐹_ 𝑆𝑐𝑜𝑟𝑒= 2∗𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛∗𝑅𝑒𝑐𝑎𝑙𝑙 𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛+𝑅𝑒𝑐𝑎𝑙𝑙 Randomly portioned 50% of the data for training and testing. Reported the average of 10 iterations. TP: True Positive FP: False Positive FN: False Negative 14 September 18, 2018September 18, 2018

15 Results: Lab Setting Combining features from both accelerometer and gyroscope yielded the best results. 15 September 18, 2018September 18, 2018

16 Real-World Data Invited people to voluntarily participate in our study. 76 participants visited our web page in two weeks but only 63 of the devices actually provided any form of data. 16 September 18, 2018September 18, 2018

17 Public and Combined Setting
Public setting : F_score of 95% Combined setting: F_score of 96% 17 September 18, 2018September 18, 2018

18 Mitigation Techniques
We explore two types of countermeasure techniques: Sensor Calibration -- Computing offset and gain error of sensors. Data Obfuscation -- Adding noise to data to obfuscate data source. Two extreme approaches: Sensor Calibration: Map every device to the same point. Data Obfuscation: Scatter the same device to different points. 18 September 18, 2018September 18, 2018

19 Sensor Calibration Measured sensor value 𝑎 𝑀 =𝑂+𝑆.𝑎,where O and S represent the offset and gain error along an axis respectively. Accelerometer Calibration Gyroscope Calibration Measurements along all six directions (±x, ±y, ±z) are taken. 19 September 18, 2018September 18, 2018

20 Results: Calibrated Data
23 25 16 19 18 15 F_score reduces by approximately 15–25% for accelerometer data but not much for the gyroscope data. 20 September 18, 2018September 18, 2018

21 Data Obfuscation Instead of removing the calibration errors, we can add extra noise to hide the miscalibration. We explore the following 3 techniques: Uniform noise: highest entropy while having a bound. Laplace noise: highest entropy which is inspired by Differential Privacy. White noise: affecting all aspects of a signal. 21 September 18, 2018September 18, 2018

22 Uniform Noise To add obfuscation noise, we compute 𝑎 𝑜 = 𝑂 𝑜 + 𝑆 𝑜 𝑎 𝑀
Here, 𝑆 𝑜 and 𝑂 𝑜 are the obfuscated gain and offset error. We explore three variations of adding uniform noise: Basic Obfuscation Increased Range Obfuscation Enhanced Obfuscation 22 September 18, 2018September 18, 2018

23 Impact of audio stimulation
Basic Obfuscation Based on the calibration errors found from our lab phones we set the base error ranges as follows: Accelerometer offset, 𝑂 𝑎 𝑜 ∊ [-0.5,0.5] Gyroscope offset , 𝑂 𝑔 𝑜 ∊ [-0.1,0.1] Gain for both, 𝑆 𝑎,𝑔 𝑂 ∊ [0.95,1.05] Impact of audio stimulation 23 September 18, 2018September 18, 2018

24 Impact of Mitigation Techniques
We prototype a simple application like step-counter. Data Stream Step Count Mean Std Dev Raw Stream 20 Calibrated 20.1 0.32 Basic Obfuscated Increased Obfuscated Range 19.9 1.69 Enhanced Obfuscated 25.1 4.63 Participant takes 20 steps and the process is repeated 10 times. We would expect calibration to generally improve accuracy, but our calibration process is imperfect and it is possible that it introduces very minor errors. Basic obfuscation preserves spectral characteristics of the data stream and thus also has minimal impact on step counting. However, for enhanced obfuscation schemes that increase the obfuscation range and inject random data points, we do see some adverse effect on the utility of the sensor; in future work we plan to explore the tradeoff between privacy and utility in greater detail. Both calibration and basic obfuscation seem to be benign. Both increased and enhanced obfuscation scheme seem to have an adverse affect. 24 September 18, 2018September 18, 2018

25 Recommendation Request explicit user permission.
Data is always obfuscated unless the user explicitly allows an application to access unaltered sensor data. This enforces developer to request explicit permissions for legitimate usage. 25 September 18, 2018September 18, 2018

26 Thank You http://hatswitch.org/phonestudy
If you would like to participate in our study or learn more about our work please go to the following link Contact Info: 26 September 18, 2018September 18, 2018

Download ppt "Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses"

Similar presentations

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
Xiaolong Zheng, Zhichao Cao, Jiliang Wang, Yuan He, and Yunhao Liu SenSys 2014 ZiSense Towards Interference Resilient Duty Cycling in Wireless Sensor Networks.

Xiaolong Zheng, Zhichao Cao, Jiliang Wang, Yuan He, and Yunhao Liu SenSys 2014 ZiSense Towards Interference Resilient Duty Cycling in Wireless Sensor Networks.
Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.

Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.
Use it Free: Instantly Knowing Your Phone Attitude Pengfei Zhou*, Mo Li Nanyang Technological University Guobin (Jacky) Shen Microsoft Research.

Use it Free: Instantly Knowing Your Phone Attitude Pengfei Zhou*, Mo Li Nanyang Technological University Guobin (Jacky) Shen Microsoft Research.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.

Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.
1 Advanced Sensors Lecture 6 Sensors Technology AUE 2008 Bo Rohde Pedersen.

1 Advanced Sensors Lecture 6 Sensors Technology AUE 2008 Bo Rohde Pedersen.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Presentation By Deepak Katta

Presentation By Deepak Katta
Feature Extraction Spring Semester, 2010. Accelerometer Based Gestural Control of Browser Applications M. Kauppila et al., In Proc. of Int. Workshop on.

Feature Extraction Spring Semester, Accelerometer Based Gestural Control of Browser Applications M. Kauppila et al., In Proc. of Int. Workshop on.
Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.
Digital innovation. Introduction Personalised Videos iBeacons Reactive Websites.

Digital innovation. Introduction Personalised Videos iBeacons Reactive Websites.
SoundSense by Andrius Andrijauskas. Introduction  Today’s mobile phones come with various embedded sensors such as GPS, WiFi, compass, etc.  Arguably,

SoundSense by Andrius Andrijauskas. Introduction  Today’s mobile phones come with various embedded sensors such as GPS, WiFi, compass, etc.  Arguably,
Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.

Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.
Decentralized Scattering of Wake-up Times in Wireless Sensor Networks Amy L. Murphy ITC-IRST, Trento, Italy joint work with Alessandro Giusti, Politecnico.

Decentralized Scattering of Wake-up Times in Wireless Sensor Networks Amy L. Murphy ITC-IRST, Trento, Italy joint work with Alessandro Giusti, Politecnico.
UNIVERSITY of NOTRE DAME COLLEGE of ENGINEERING Preserving Location Privacy on the Release of Large-scale Mobility Data Xueheng Hu, Aaron D. Striegel Department.

UNIVERSITY of NOTRE DAME COLLEGE of ENGINEERING Preserving Location Privacy on the Release of Large-scale Mobility Data Xueheng Hu, Aaron D. Striegel Department.
TEMPLATE DESIGN © 2008 www.PosterPresentations.com Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.
Tim Finin University of Maryland, Baltimore County 29 January 2013 Joint work with Anupam Joshi, Laura Zavala and our students SRI Social Media Workshop.

Tim Finin University of Maryland, Baltimore County 29 January 2013 Joint work with Anupam Joshi, Laura Zavala and our students SRI Social Media Workshop.
TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.

TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.
TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.

TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.

Similar presentations

Ads by Google