International Conference on Collaborative Computing: Networking, Applications and Worksharing

Collaborative Computing: Networking, Applications, and Worksharing pp 221-233 | Cite as

SSG: Sensor Security Guard for Android Smartphones

  • Bodong Li
  • Yuanyuan Zhang
  • Chen Lyu
  • Juanru Li
  • Dawu Gu
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 163)

Abstract

The smartphone sensors provide extraordinary user experience in various Android apps, e.g. sport apps, gravity sensing games. Recent works have been proposed to launch powerful sensor-based attacks such as location tracing and sound eavesdropping. The use of sensors does not require any permission in Android apps, so these attacks are very difficult to be noticed by the app users. Furthermore, the combination of various kinds of sensors generates numerous types of attacks which are hard to be systematically studied.

To better address the attacks, we have developed a taxonomy on sensor-based attacks from five aspects. In this work, we propose a sensor API hooking and information filtering framework, Sensor Security Guard (SSG). Unlike any rough hooking framework, this system provides fine-grained processing for different security levels set by the users, or by default. The sensor data is blocked, forged or processed under different mode strategies and then returned to the apps. In addition, according to the taxonomy, SSG develops fine-grained corresponding countermeasures. We evaluate the usability of SSG on 30 popular apps chosen from Google Market. SSG does not cause any crash of either the Android system or the apps while working. The result indicated that SSG could significantly preserve the users’ privacy with acceptable energy lost.

Keywords

Hook Sensor API Android Security 

References

  1. 1.
  2. 2.
  3. 3.
    Al-Haiqi, A., Ismail, M., Nordin, R.: On the best sensor for keystrokes inference attack on android. Procedia Technology (2013)Google Scholar
  4. 4.
    Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting (2014). arXiv:1408.1416
  5. 5.
    Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphonemotion. In: 6th Proceedings of HotSec (2011)Google Scholar
  6. 6.
    Currie, D.: Shedding some light on voice authentication (2009)Google Scholar
  7. 7.
    A. Das, N. Borisov, and M. Caesar.Exploring ways to mitigate sensor-based smartphone fingerprinting.arXiv preprint arXiv:1503.01874, 2015
  8. 8.
    Dey, S., Roy, N., Xu, W., Choudhury, R.R., Nelakuditi, S.: Accelprint: imperfections of accelerometers make smartphones trackable. In: 21st Proceedings of the Network and Distributed System Security Symposium (NDSS) (2014)Google Scholar
  9. 9.
    Han, J., Owusu, E., Nguyen, L.T., Perrig, A., Zhang, J.: Accomplice: location inference using accelerometers on smartphones. In: 4th Proceedings of Communication Systems and Networks (COMSNETS) (2012)Google Scholar
  10. 10.
    Lee, S.-W., Mase, K.: Activity and location recognition using wearable sensors. IEEE Pervasive Comput. (2002)Google Scholar
  11. 11.
    Mäntyjärvi, J., Lindholm, M., Vildjiounaite, E., Mäkelä, S.-M., Ailisto. H.: Identifying users of portable devices from gait pattern with accelerometers. In: 30th Proceedings of Acoustics, Speech, and Signal Processing (ICASSP 2005) (2005)Google Scholar
  12. 12.
    Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: 23rd Proceedings of USENIX Security Symposium. USENIX Association (2014)Google Scholar
  13. 13.
    Mohan, P., Padmanabhan, V.N., Ramjee, R.: Nericell: rich monitoring of road and traffic conditions using mobilesmartphones. In: 6th Proceedings of ACM Conference on Embedded Network Sensor Systems (2008)Google Scholar
  14. 14.
    Spreitzer, R.: Pin skimming: exploiting the ambient-light sensor in mobile devices. In: 4th Proceedings of ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (2014)Google Scholar
  15. 15.
    Wang, H., Lymberopoulos, D., Liu, J.: Sensor-based user authentication. In: Abdelzaher, T., Pereira, N., Tovar, E. (eds.) EWSN 2015. LNCS, vol. 8965, pp. 168–185. Springer, Heidelberg (2015)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2016

Authors and Affiliations

  • Bodong Li
    • 1
  • Yuanyuan Zhang
    • 1
  • Chen Lyu
    • 1
  • Juanru Li
    • 1
  • Dawu Gu
    • 1
  1. 1.Lab of Cryptology and Computer SecurityShanghai Jiao Tong UniversityShanghaiChina

Personalised recommendations