Title: Sensor Side-Channel Attacks on User Privacy: Analysis and Mitigation

Speaker: Sashank Narain, PhD Candidate, College of Computer and Information Science at Northeastern University

Location: Northeastern University, 440 Huntington Avenue, West Village H, 3rd Floor, Room #366, Boston, Massachusetts 02115
Abstract
Mobile smartphones are equipped with an increasingly large number of precise and sophisticated sensors. These sensors vastly enhance the user’s GUI experience, but they also raise the risk of directly or indirectly leaking their private information. Mobile operating systems (e.g., Android and iOS) mitigate such leakages by implementing app-level sandboxing and resource permissions. These protections may suffice for traditional privacy attacks using traditional hardware, however, they fail when attacks exploit side-channels that bypass the protections. One example of such side-channels is the motion sensors (Accelerometer, Gyroscope and Magnetometer) embedded in most modern smartphones. In this dissertation, we demonstrate two attacks that exploit the motion sensors on smartphones to infer accurate private information about the users such as their typed passwords and significant locations. To protect users from the above attacks and other location / sensor side-channel attacks, we propose the design and implementation of a mitigation framework called MATRIX for the Android ecosystem.

In the first part, we investigated the feasibility of keystroke inference when user taps on a soft keyboard of a smartphone are captured by the Gyroscope and stereoscopic Microphones sensors co-resident on the smartphone. Our experiments demonstrate that by building machine learning models specific to the keyboard, using a combination of multiple sensors and adequate filtering, it is possible to infer keystrokes with an accuracy of 90-94% on the standard Android QWERTY and Numeric keyboards.

In the second part, we investigated the feasibility of inferring a vehicular user’s locations and traveled routes with high accuracy using information captured by the Accelerometer, Gyroscope and Magnetometer sensors co-resident on the smartphone. We modeled location inference as a maximum likelihood route identification problem on a graph generated from OpenStreetMap. Our simulations from 11 cities worldwide demonstrate that it is possible to output a ranked list of 10 routes containing the traveled route with probability higher than 50%. We validate the simulations with over 980 km of real driving experiments from Boston and Waltham, MA that produce similar results.

In the third part, we discuss the design and implementation of the MATRIX framework built to protect users from location and sensor side-channel attacks. The MATRIX system gives users control and visibility over what and when location and sensors information is accessible to mobile apps. It implements a PrivoScope service that audits location and sensor access by all apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. We also implemented a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users.
About the Speaker
Sashank Narain is a PhD in Information Assurance candidate at Northeastern University advised by Prof. Guevara Noubir. His research is focused on how smartphone sensors can impact users’ privacy worldwide, and the design and implementation of proof of attacks / mitigation systems on smartphones.
Committee

Guevara Noubir (Advisor), Northeastern University
Kaushik Chowdhury, Northeastern University
Long Lu, Northeastern University
Igor Bilogrevic (External), Google Inc.