Mining users' significant driving routes with low-power sensors

Nawaz, Syed Junaid; Mascolo, Cecilia

doi:10.1145/2668332.2668348

Cited by 56 publications

(36 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We will show how this monitoring app can utilize some OS-level sidechannel attack vectors on iOS (to be discussed shortly) to breach user privacy. Out of the scope are CPU cache side channels [66], electronic magnetic side channels [24], [39], [40], and mobile sensor based side channels [50], [52], [53], [57]. As they explore leakage through micro-architectures, electronic magnetic emission, or device orientation, which are not specific to iOS.…”

Section: A Threat Modelmentioning

confidence: 99%

“…Besides location leakage through GPS [44], [55], accelerometers [23], [41], [47], [53], [59], magnetometer [57], gyroscope [50], [52], [59], and orientation sensor [29], [63] have also been exploited to infer the user's location, movement, and even keystrokes (thus PIN and passwords). These papers all studied sensor-based side channels on Android.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-It has been demonstrated in numerous previous studies that Android and its underlying Linux operating systems do not properly isolate mobile apps to prevent cross-app sidechannel attacks. Cross-app information leakage enables malicious Android apps to infer sensitive user data (e.g., passwords), or private user information (e.g., identity or location) without requiring specific permissions. Nevertheless, no prior work has ever studied these side-channel attacks on iOS-based mobile devices. One reason is that iOS does not implement procfsthe most popular side-channel attack vector; hence the previously known attacks are not feasible.In this paper, we present the first study of OS-level sidechannel attacks on iOS. Specifically, we identified several new side-channel attack vectors (i.e., iOS APIs that enable cross-app information leakage); developed machine learning frameworks (i.e., classification and pattern matching) that combine multiple attack vectors to improve the accuracy of the inference attacks; demonstrated three categories of attacks that exploit these vectors and frameworks to exfiltrate sensitive user information. We have reported our findings to Apple and proposed mitigations to the attacks. Apple has incorporated some of our suggested countermeasures into iOS 11 and MacOS High Sierra 10.13 and later versions.

show abstract

Section: A Threat Modelmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Miluzzo et al [52] uses motion sensors to infer the location of users' taps on the screen. More stealthily, [9,[53][54][55][56] use unrestricted sensors, including gyroscope, accelerometer, magnetometer, and barometer to infer users' location, driving patterns, and traveled routes. Xu et al, Cai and Chen, Shen et al, Aviv et al, and Owusu et al [1,2,8,46,57] use motion sensors to infer users' keystroke on the smartphone's screen because typing on different locations on the screen may cause changes on the device's motion status, which is reflected on the motion sensors.…”

Section: Related Workmentioning

confidence: 99%

Sensor Guardian: prevent privacy inference on Android sensors

Bai

Yin

Wang

2017

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user's keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications' access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

show abstract

“…4 The key insight that this system relies on is the fact when a car travels along a particular route, it executes a certain set of maneuvers (turns and bends) that form a unique signature of the route. These turns and bends can be easily detected by the phone carried inside the vehicle using its embedded gyroscope.…”

Section: Sensing Repeated Journeysmentioning

confidence: 99%

Smart Sensing Systems for the Daily Drive

Nawaz

Efstratiou

Mascolo

2016

IEEE Pervasive Comput.

Self Cite

View full text Add to dashboard Cite

In recent years, there has been explosive growth in smartphone penetration. Today, more than 90 percent of the worldÕs population is covered by cellular networks, and nearly one quarter of the population uses smartphones. 1 This growth is set to continue as inexpensive devices become available and mobile phone users switch over to smartphones. This makes smartphones an ideal vehicle for large-scale sensing systems, because while a PC sitting on a desk doesnÕt know much about its user, a phone accompanying its user can learn about the user through a range of embedded sensors. The persistent connectivity offered by smartphones also lets users access information from almost anywhere.Combining these two capabilities together can lead to interesting applications, especially when the user is away from home or work, without access to traditional devices. For example, consider a user traveling by car. He or she might wonder, ÒAre there any disruptions on my regular route that might cause delays? Will I be able to find parking when I arrive?Ó Furthermore, he or she might want to automatically send a message to someone saying, ÒIÕm running late due to traffic.Ó Smartphones can help, enhancing the driving experience.In particular, we developed two smartphone-based prototype systems that address this scenario. Our first system, ParkSense, can sense on-street parking-space occupancy when coupled with electronic parking payment systems. Our second system can sense and recognize a userÕs repeated car journeys to provide personalized alerts to the user. Both systems aim to minimize the impact of sensing tasks on the deviceÕs lifetime so the user can continue using his or her smartphone for its primary purpose.

show abstract

Mining users' significant driving routes with low-power sensors

Cited by 56 publications

References 47 publications

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Sensor Guardian: prevent privacy inference on Android sensors

Smart Sensing Systems for the Daily Drive

Contact Info

Product

Resources

About