motion sensors attacks and defenses
play

Motion Sensors: Attacks and Defenses Anupam Das (UIUC) , Nikita - PowerPoint PPT Presentation

Mar 10, 2024 •354 likes •634 views

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses Anupam Das (UIUC) , Nikita Borisov (UIUC), Matthew Caesar (UIUC) February 23, 2016 1 Real World Digital Stalking How are they tracking devices? Device Fingerprint ~

  1. Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses Anupam Das (UIUC) , Nikita Borisov (UIUC), Matthew Caesar (UIUC) February 23, 2016 1

  2. Real World Digital Stalking How are they tracking devices?  Device Fingerprint ~ Set (unique device properties) Why fingerprint devices?  Targeted Advertisement (tracking usage pattern) 2 February 23, 2016

  3. Mobile Ad Expenditure There are multiple companies such as TapAd and AdTruth that utilize device fingerprinting to build cross-device user profile. Targeted ad can help increase the Return On Ad Spend. 3 February 23, 2016

  4. Device Fingerprinting Techniques How are device fingerprints generated? Device Fingerprint Hardware idiosyncrasies Software Variations • Difference in spectral property of • Difference in Protocol Stack/Network Stack • Radio Signal Transmitters Difference in Firmware and Device Driver • Difference in emitted radio frequency • Difference in installed Software of NIC • MAC Headers • Unique and constant clock skews in network devices Exploit small deviations in either the software or hardware characteristics of the device. 4 February 23, 2016

  5. Example: Browser Fingerprinting https://amiunique.org 5 February 23, 2016

  6. Fingerprinting Smartphones Can traditional approaches be applied to fingerprint smartphones? Smartphones are somewhat less susceptible to software-based fingerprinting approaches due to a stable software base . https://amiunique.org % of fingerprints sharing same value Browser Characteristic Laptop (ThinkPad L540) Smartphone (iPhone 5) User agent <0.1% <0.1% List of plugins 0.28% 17.05% List of fonts <0.1% 23.72% Screen resolution 9.83% 0.95% Canvas 0.34% 0.11% 6 February 23, 2016

  7. How are Smartphones Different? Smartphones are equipped with a wide range of sensors. Applications: • Motion detection • Gesture detection We focus on exploiting onboard sensors • Audio Genre detection to generate unique fingerprints. • Location detection • Interaction with nearby devices • Navigation • etc. 7 February 23, 2016

  8. Our Contribution We’ll look at addressing the following questions:  Can smartphones be fingerprinted using motion sensors?  Are there ways to mitigate such fingerprinting techniques?  Are there any implications of such mitigation techniques? 8 February 23, 2016

  9. Fingerprint Motion Sensors Fingerprint smartphone using accelerometer and gyroscope. Attack Scenario 1. User browses a web page where the attacker runs some JavaScript 2. Attacker collects sensor data surreptitiously and generates a fingerprint of the device Publisher Device Position: On Desk: Devices kept on top of a desk In Hand: Devices kept in the hand of the user while user is sitting in a chair Requires No Explicit Permissions!!! 9 February 23, 2016

  10. Source of Uniqueness MEMS Accelerometer : Mechanical Energy Capacitive Change Voltage Change Movable Electrode Gap ~ 1.3µm Sensitivity ~ 20pm Possible source of idiosyncrasies: • Slightest gap difference between the structural electrodes • Flexibility of the seismic mass 10 February 23, 2016

  11. Data Collection Setup Using JavaScript we collected sensor data through the web browser. Sampling Sensors OS Browser Freq. (Hz) Accessible* Chrome 100 A,G Android 20 A Android Opera 40 A,G 4.4 UC Browser 20 A,G Standalone App 200 A,G Safari 100 A,G iOS 8.1.3 Chrome 100 A,G Standalone App 100 A,G *A=Accelerometer, G=Gyroscope Chrome being the most popular mobile browser, we collect lab-data using the Chrome browser. 11 February 23, 2016

  12. Experimental Setup Devices : Data Streams: Maker Model # Four data streams are considered: 1. Accelerometer Magnitude iPhone 5 4 Apple 2. Gyroscope X-axis iPhone 5s 3 3. Gyroscope Y-axis Nexus S 14 4. Gyroscope Z-axis Samsung Galaxy S3 4 Samples: Galaxy S4 5 • 10 samples per device per setting Total 30 • Each sample is around 5-8 second Settings : Stimulation Description Type No Audio No audio is being played through the speaker Inaudible Audio 20kHz Sine wave is being played through the speaker Popular Song A popular song is being played through the speaker 12 February 23, 2016

  13. Features 25 features were explored. # Spectral Feature # Temporal Feature 1 Spectral Root Mean Square 1 Mean 2 Spectral Spread 2 Standard Deviation 3 Spectral Low-Energy-Rate 3 Average Deviation 4 Spectral Centroid 4 Skewness 5 Spectral Entropy 5 Kurtosis 6 Spectral Irregularity Joint-Mutual-Information (JMI) is used for feature 6 Root Mean Square 7 Spectral Spread exploration to determine the best subset of features 7 Max 8 Spectral Skewness for classification. 8 Min 9 Spectral Kurtosis 9 Zero Crossing Rate 10 Spectral Rolloff 10 Non-Negative Count 11 Spectral Brightness 12 Spectral Flatness For Spectral Features, cubic-spline 13 Spectral Flux interpolation is used to obtain a 14 Spectral Attack Slope sampling rate of 8kHz. 15 Spectral Attack Time 13 February 23, 2016

  14. Evaluation Algorithms & Metrics Tested several supervised classifiers: • SVM, • Naive-Bayes classifier, • Multiclass Decision Tree, • k-NN, • Bagged Decision Trees . Evaluation metrics: 𝑈𝑄 𝑄𝑠𝑓𝑑𝑗𝑡𝑗𝑝𝑜 = TP: True Positive 𝑈𝑄 + 𝐺𝑄 𝑈𝑄 FP: False Positive 𝑆𝑓𝑑𝑏𝑚𝑚 = FN: False Negative 𝑈𝑄 + 𝐺𝑂 𝐺_ 𝑇𝑑𝑝𝑠𝑓 = 2 ∗ 𝑄𝑠𝑓𝑑𝑗𝑡𝑗𝑝𝑜 ∗ 𝑆𝑓𝑑𝑏𝑚𝑚 𝑄𝑠𝑓𝑑𝑗𝑡𝑗𝑝𝑜 + 𝑆𝑓𝑑𝑏𝑚𝑚 Randomly portioned 50% of the data for training and testing. Reported the average of 10 iterations. 14 February 23, 2016

  15. Results: Lab Setting 100 100 99 99 98 98 98 96 100 95 95 94 93 93 89 88 88 90 84 83 80 F-score (%) 70 60 50 40 30 20 10 0 No-audio Sine Song No-audio Sine Song On Desk In hand Accelerometer Gyroscope Accelerometer+Gyroscope Combining features from both accelerometer and gyroscope yielded the best results. 15 February 23, 2016

  16. Real-World Data Invited people to voluntarily participate in our study. 76 participants visited our web page in two weeks but only 63 of the devices actually provided any form of data. 16 February 23, 2016

  17. Public and Combined Setting On Top op of of De Desk 96 95 95 100 92 89 89 89 87 87 86 85 85 90 80 F-score (%) 70 60 50 40 30 20 10 0 No-audio Sine No-audio Sine Public Combined Accelerometer Gyroscope Accelerometer+Gyroscope Public setting : F_score of 95% Combined setting: F_score of 96% 17 February 23, 2016

  18. Mitigation Techniques We explore two types of countermeasure techniques: • Sensor Calibration -- Computing offset and gain error of sensors. • Data Obfuscation -- Adding noise to data to obfuscate data source. Two extreme approaches: Sensor Calibration: Map every device to the same point. Data Obfuscation: Scatter the same device to different points. 18 February 23, 2016

  19. Sensor Calibration Measured sensor value 𝑏 𝑁 = 𝑃 + 𝑇. 𝑏, where O and S represent the offset and gain error along an axis respectively. Accelerometer Calibration Gyroscope Calibration Measurements along all six directions ( ± x, ± y, ± z) are taken. 19 February 23, 2016

  20. Results: Calibrated Data La Lab Se Settin ing g : : Cal Calib ibrated Da Data 99 99 98 98 97 97 100 93 93 91 90 89 85 90 16 23 25 18 80 19 15 77 F_score (%) 75 70 71 69 70 69 60 50 40 30 20 10 0 No-audio Sine Song No-audio Sine Song On Desk In hand Accelerometer Gyroscope Accelerometer+Gyroscope F_score reduces by approximately 15 – 25% for accelerometer data but not much for the gyroscope data. 20 February 23, 2016

  21. Data Obfuscation Instead of removing the calibration errors, we can add extra noise to hide the miscalibration. We explore the following 3 techniques: • Uniform noise : highest entropy while having a bound. • Laplace noise : highest entropy which is inspired by Differential Privacy. • White noise : affecting all aspects of a signal. 21 February 23, 2016

  22. Uniform Noise To add obfuscation noise, we compute 𝑏 𝑝 = 𝑃 𝑝 + 𝑇 𝑝 𝑏 𝑁 Here, 𝑇 𝑝 and 𝑃 𝑝 are the obfuscated gain and offset error. We explore three variations of adding uniform noise: • Basic Obfuscation • Increased Range Obfuscation • Enhanced Obfuscation 22 February 23, 2016

  23. Basic Obfuscation Based on the calibration errors found from our lab phones we set the base error ranges as follows: 𝑝 ∊ [ -0.5,0.5] Accelerometer offset, 𝑃 𝑏 • 𝑝 ∊ [-0.1,0.1] Impact of audio Gyroscope offset , 𝑃 • 𝑕 𝑃 ∊ [0.95,1.05] stimulation Gain for both , 𝑇 𝑏,𝑕 • On Top On op of of De Desk 100 90 75 80 69 F-score (%) 66 65 70 57 55 60 52 50 50 41 40 40 27 26 30 20 10 0 No-audio Sine No-audio Sine Public Combined Accelerometer Gyroscope Accelerometer+Gyroscope 23 February 23, 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools &amp; techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
a POSITION AND MOTION SENSORS I Linear Position: Linear Variable Differential Transformers (LVDT)

a POSITION AND MOTION SENSORS I Linear Position: Linear Variable Differential Transformers (LVDT)

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING 1 Introduction 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements 5 High Impedance Sensors I 6 Position and Motion Sensors 7

362 views • 24 slides
Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced Security Topics Name: Soteris Constantinou Instructor: Dr. Elias Athanasopoulos Authors: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart

1.65k views • 81 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &amp;

334 views • 8 slides
Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn Song @Berkeley Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernal -0xC0000000 user stack %esp shared libraries -0x40000000

994 views • 85 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science &amp; Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft Research, Silicon Valley and Reykjavk University, Iceland An example of a real-world attack Exploits a vulnerability in the GDI+ rendering of

1.26k views • 113 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides
Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

566 views • 13 slides
TRECVID-2005 Low-level (camera motion) feature task Wessel Kraaij TNO &amp; Tzveta Ianeva

TRECVID-2005 Low-level (camera motion) feature task Wessel Kraaij TNO &amp; Tzveta Ianeva

TRECVID-2005 Low-level (camera motion) feature task Wessel Kraaij TNO &amp; Tzveta Ianeva NIST Task definition TRECVID 2005 pilot task Ability to detect camera movement features: q Pan (left or right ) or track q Tilt (up or down) or

329 views • 30 slides
Force from Motion: Decoding Physical Sensation in a First Person Video Presenter: Jimmy Xin Lin

Force from Motion: Decoding Physical Sensation in a First Person Video Presenter: Jimmy Xin Lin

Force from Motion: Decoding Physical Sensation in a First Person Video Presenter: Jimmy Xin Lin Prof. Kristen Grauman Department of Computer Science University of Texas at Austin Outline Introduction u u Target Problem, Essential Concepts,

463 views • 28 slides
Motion Perception II Chapter 8 Lecture 15 Jonathan Pillow Sensation &amp; Perception (PSY 345 /

Motion Perception II Chapter 8 Lecture 15 Jonathan Pillow Sensation &amp; Perception (PSY 345 /

Motion Perception II Chapter 8 Lecture 15 Jonathan Pillow Sensation &amp; Perception (PSY 345 / NEU 325) Fall 2017 1 Computation of Visual Motion Newsome and Pare (1988) conducted a study on motion perception in monkeys Trained

647 views • 31 slides
Island County Cr itic al Ar e as Or dinanc e Planning Commission Public He ar ing July 24,

Island County Cr itic al Ar e as Or dinanc e Planning Commission Public He ar ing July 24,

Island County Cr itic al Ar e as Or dinanc e Planning Commission Public He ar ing July 24, 2017 Me re d ith Pe nny L o ng Ra ng e Pla nning GMA 12757 Proposa l #1 T hroug hout E xhibit B Cha ng e s pro po se d b y K a re n

215 views • 10 slides
No! Bug-0 Finish Repeat: Finish Finish 1. Head toward the goal 2. If the goal is attained

No! Bug-0 Finish Repeat: Finish Finish 1. Head toward the goal 2. If the goal is attained

1/17/2012 Purposes Introduce simple algorithms with little geometric sophistication Motion Planning for a Point Robot (1/2) ( ) Present two extreme approaches: purely (sensor-based) reactive strategies and omniscient off-line planners

283 views • 5 slides
Infrastructure Mobility: A What-If Analysis Romit Roy Choudhury Mahanth Gowda Nirupam Roy

Infrastructure Mobility: A What-If Analysis Romit Roy Choudhury Mahanth Gowda Nirupam Roy

Infrastructure Mobility: A What-If Analysis Romit Roy Choudhury Mahanth Gowda Nirupam Roy Wireless Network Capacity Revolutionary work in the last 30 years Beamforming, MIMO, power-control, channel assignment, coding Wireless Network

1.13k views • 101 slides
Disclaimer Many of these slides are mine But, some are stolen from various places on the

Disclaimer Many of these slides are mine But, some are stolen from various places on the

1/25/12 ARDUINO PROGRAMMING 2 CS5789 / ART3490 Disclaimer Many of these slides are mine But, some are stolen from various places on the web todbot.com Bionic Arduino and Spooky Arduino class notes from Tod E.Kurt ladyada.net

742 views • 37 slides
Project Soli Update August 2018 Gesture Sensing Allows Interaction with Device Functions or

Project Soli Update August 2018 Gesture Sensing Allows Interaction with Device Functions or

Project Soli Update August 2018 Gesture Sensing Allows Interaction with Device Functions or Features Uses radar beam at 57-64 GHz to capture motion in 3D space Designed for space-constrained, battery-operated devices Limits on Radars at 60 GHz

850 views • 9 slides

More recommend