| Smartphone as the representative of mobile terminal has played a more and more important role in people’s daily life and people’s study, work and entertainment can’t be separated from the smartphone. Nowadays, mobile phones have been embedded with more and more sensors which have brought users with kinds of wonderful experience while it has raised severe security issues. Mobile sensors can sense much personal privacy such as location, audio and video which once stolen by malicious programs will do great security threats to users. Privacy steal targeting at sensors is often found in newspapers these days. For example, a notorious malicious program named “Eavesdropping thieves” disguises as a normal program and induces users to install to get microphone access permit. When users have installed it on the phone, it opens the microphone covertly to record users’ calls and transmits them to remote servers. How to deploy security control on access of smartphone sensors and protect users’ privacy is an urgent task to be solved. However, existing solutions can’t solve the problem well.In view of this, the paper does research on this problem, then corresponding solutions have been proposed. The main work and innovations of this paper have the following two aspects: First of all, we have designed a context-aware monitor framework and implemented a sensing security monitor system for mobile terminals. Then in order to realize the reliable control of the sensing security, the paper has proposed an interactive authentication and authorization mechanism. Details of our work are as follows:Firstly, this paper has proposed a sensing monitor framework for mobile terminal to protect sensor privacy and solve security problems of sensors’ persistent perception. And a sensing security monitor system based on context has been implemented. The system monitors applications accessing sensors and adjusts applications’ access capabilities according to mobile’s different using contexts. The framework doesn’t change the current management and distribution mechanisms of Android system’s permissions. It can monitor and manage applications accessing sensors and grant real-time authorization for different applications then improve the safety of sensor resource usage.Secondly, this paper introduces an interactive authentication and authorization mechanism to prevent malware from simulating authorization to obtain sensor data. The mechanism can ensure authorization is the true intention of users and can only be initiated by users.Finally, in order to validate the effectiveness of the proposed framework, we have released the common sensors access control. By testing and verification in the real machines, analysis of the monitor system’s functions has been carried out. The prototype has showed that it can control applications’ real-time sensor access and achieve better security in smartphone sensor resource. The framework has good feasibility and can achieve expected goals. |
PDF Full Text Request