Sensor-Based Side Channel Attack And Defense In Mobile Environment

The popularization of smart mobile devices has made smartphones and smartwatches an indispensable part of modern society.With the technological development of both software and hardware,the computing ability of mobile devices has been greatly improved.As the service becomes more intelligent and convenient,the privacy and security of users is under threat.The biggest threat is sensor-based side channel attacks.Modern mobile smart devices are packed with sensors which can capture user's sensitive information,such as heart rate,motion status,among others.Though these sensors are designed to provide users with diversified experiences,attackers are able to use this seemingly safe data to leak private information and damage the confidentiality and safety of a user's information,which can potentially cause great harm to users and device manufacturers.Currently,operating systems almost never limit the sensors' access.This makes side channel attacks easy to execute and hard for normal users to notice.Unfortunately,the existing safety mechanisms can't effectively defend against this kind of attack either.This research focuses on how to protect users' privacy against the motion sensor-based side-channel attack.First,we describe the research background and related technologies.Then,we study the low-cost construction schemes and optimization methods of both the input side channel and tracking side channel.By utilizing techniques like Application Static Taint Analysis and Program Slicing,we extract and categorize sensors' functions in legal applications in order to analyze the robustness of normal functions against the noise in input signals.Lastly,based on differential privacy,we designed an efficient and universal defense against motion sensor-based side channels.The specific research contents are as follows:(1)In this research,we propose a motion sensor-based input side-channel construction scheme with low attack cost.Since the bearer object of the channel has significant personal characteristics,the existing input side channels have to be based on strong assumptions with sufficient learning samples.However,effective learning sample acquisition is limited in actual attack scenarios.This research innovatively transfers the bearer object of the channel to the common gesture change process and uses the similarity of the human hand structure to construct a context-sensitive rotation angle feature,reflecting the user's sensitive operation behavior when clicking input.Since the method implements an offline collection of learning samples,side channel construction is performed using non-homologous data,thereby significantly reducing the attack cost of the input side channel.Compared with the existing related work,the input side channel proposed in this research achieves the best attack success rate in a non-user dependent environment and maintains a similar attack performance in the traditional user dependent environment.(2)We propose a tracking side-channel optimization scheme.The attacker uses the hardware error in the physical sensor as the device fingerprint to construct the sensor-based tracking side channel,so it is necessary to acquire the sensor signal of the target device in a completely static state.In the actual environment,an attacker can only obtain a small amount of valid data,which limits the attack capability of the tracking side channel.The existing schemes mainly focus on the optimization of learning models and feature engineering.In this research,we jump out of the limitations of traditional research and expand the original sample space based on the idea of data expansion.While enriching the effective sample size,the device recognition accuracy and generalization of the tracking side channel are improved.The proposed optimization method is applicable to all types of tracking side channels.The device recognition accuracy of classic tracking side channel has risen from 94% to 98% after optimization.(3)We propose a method for extracting and analyzing related functions for low-risk permissions of applications.The primary premise of a good privacy protection mechanism is to ensure the normal experience of the user,so a systematic analysis of the function of the legitimate sensor is required.However,the current industry research in this area is missing.In addition,due to the unlimited access of the operating system to the sensor,the traditional security detection method based on sensitive permissions is not suitable for sensor side channel detection and analysis.Based on the application static analysis technology and program slicing technology,this research regards the access and utilization of sensor data as the pollution propagation process and the program segment extraction of sensor-related functions.On this basis,the 47,144 applications in Google Play are comprehensively analyzed and classified,and the signal noise robustness of the five main functional algorithms based on motion sensors is discussed,which provides a basis for the subsequent universal defense mechanism against motion sensor-based side channel.(4)We propose a pervasive motion sensor-based side channel defense system.The existing defense schemes perform poorly in the face of rich side channel types and scarce user security awareness,and it is difficult to achieve a balance between user experience and defense capabilities.In this research,the side channel construction process is abstracted.By studying the difference of input data precision between legal application and side channel attack,a side channel defense system based on differential privacy is proposed.Compared with the traditional defense method,the proposed defense method can satisfy the availability,universality,and flexibility at the same time,and is not interfered by user decision.The research in this research applies to mainstream mobile platforms including Android and i OS.It systematically studies the potential high-risk risks in the mobile environment from the two dimensions of motion sensor construction and defense.We also take a comprehensive experimental analysis on the Android system as an example.Our research has made innovative contributions to the theoretical research and practical application of side-channel attacks and defenses.It is a further supplement and innovation to the current state of mobile security and privacy protection and is important for protecting the data privacy of mobile device users.