AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic

Taylor, Vincent; Spolaor, Riccardo; Conti, Mauro; Martinovic, Ivan

doi:10.1109/eurosp.2016.40

Cited by 238 publications

(125 citation statements)

References 16 publications

Supporting

Mentioning

125

Contrasting

Order By: Relevance

“…Our prior work [8] improves on the weaknesses of the systems described above. First, by leveraging only side-channel information, we are able to classify apps in the face of encrypted network traffic.…”

Section: B Traffic Analysis On Smartphonesmentioning

confidence: 99%

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Taylor

Spolaor

Conti

et al. 2018

IEEE Trans.Inform.Forensic Secur.

Self Cite

279

113

View full text Add to dashboard Cite

Abstract-The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, sidechannel data such as packet size and direction is still leaked from encrypted connections. We use machine learning techniques to identify smartphone apps from this side-channel data. In addition to merely fingerprinting and identifying smartphone apps, we investigate how app fingerprints change over time, across devices and across different versions of apps. Additionally, we introduce strategies that enable our app classification system to identify and mitigate the effect of ambiguous traffic, i.e., traffic in common among apps such as advertisement traffic. We fully implemented a framework to fingerprint apps and ran a thorough set of experiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were able to identify them six months later with up to 96% accuracy. Additionally, we show that app fingerprints persist to varying extents across devices and app versions.

show abstract

Section: B Traffic Analysis On Smartphonesmentioning

confidence: 99%

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Taylor

Spolaor

Conti

et al. 2018

IEEE Trans.Inform.Forensic Secur.

Self Cite

279

113

View full text Add to dashboard Cite

show abstract

“…Additionally, the authors from [23] proposed a framework that detects and decodes keystrokes by measuring the relative physical position and distance between each vibration. Moreover, eavesdropping the network traffic of an Android device, it is possible to identify the set of apps installed on a victim's mobile device [24,25], and even infer the actions the victim is performing with a specific app [26].…”

Section: Power Consumption By Smartphonesmentioning

confidence: 99%

No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices

Spolaor

Abudahi

Moonsamy

et al. 2017

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

More and more people are regularly using mobile and batterypowered handsets, such as smartphones and tablets. At the same time, thanks to the technological innovation and to the high user demands, those devices are integrating extensive functionalities and developers are writing battery-draining apps, which results in a surge of energy consumption of these devices. This scenario leads many people to often look for opportunities to charge their devices at public charging stations: the presence of such stations is already prominent around public areas such as hotels, shopping malls, airports, gyms and museums, and is expected to significantly grow in the future. While most of the time the power comes for free, there is no guarantee that the charging station is not maliciously controlled by an adversary, with the intention to exfiltrate data from the devices that are connected to it.In this paper, we illustrate for the first time how an adversary could leverage a maliciously controlled charging station to exfiltrate data from the smartphone via a USB charging cable (i.e., without using the data transfer functionality), controlling a simple app running on the device-and without requiring any permission to be granted by the user to send data out of the device. We show the feasibility of the proposed attack through a prototype implementation in Android, which is able to send out potentially sensitive information, such as IMEI, contacts' phone number, and pictures.

show abstract

“…Note that this is similar to the WFIN setting mentioned in §2.1. Recently, a study [34] performed AFIN using both HTTP and HTTPS data. They use features such as burst statistics and network flows.…”

Section: App Fingerprintingmentioning

confidence: 99%

Adaptive encrypted traffic fingerprinting with bi-directional dependence

Al-Naami

Chandra

Mustafa

et al. 2016

Proceedings of the 32nd Annual Conference on Computer Security Applications

View full text Add to dashboard Cite

Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.

show abstract

AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic

Cited by 238 publications

References 16 publications

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

Robust Smartphone App Identification via Encrypted Network Traffic Analysis

No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices

Adaptive encrypted traffic fingerprinting with bi-directional dependence

Contact Info

Product

Resources

About