power to peep all inference attacks by malicious
play

Power to peep-all: Inference Attacks by Malicious Batteries on - PowerPoint PPT Presentation

Nov 25, 2022 •337 likes •739 views

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices Pavel Lifshits, Roni Forte , Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein Speaker: Pavel Lifshits SMART BATTERY

  1. Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices Pavel Lifshits, Roni Forte , Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein Speaker: Pavel Lifshits

  5. SMART BATTERY  Programmability  Sensors: current, voltage, temperature Why?  Safety overheating, over/under voltage  Extend battery life  Performance

  6. SMART BATTERY - PROGRAMMABILITY Software defined battery Smart battery System (SOSP ‘15) See spec. By Microsoft & Tesla http://sbs-forum.org/specs/

  7. INSIDE SMARTPHONE BATTERY Btemp NFC antenna BSI (battery size/status/system indicator)

  8. INSIDE SMARTPHONE BATTERY Your phone batteries are getting smarter!

  9. Do the smart batteries create a new privacy threat?

  10. Do the smart batteries create a new privacy threat?

  11. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History

  12. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications

  13. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing

  14. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing  Photo shot

  15. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing  Photo shot  Communication profile – Phone calls

  16. AGENDA  General scheme for malicious battery attacks  Examples: Keystroke inference Combination of multiple attacks  Data exfiltration mechanism via browser

  17. METHODOLOGY

  18. METHODOLOGY

  19. METHODOLOGY

  20. METHODOLOGY

  21. APP SPECIFIC PIPELINE Activity Novelty Classifier Detector Detector Device Known Classify Active? Event? Ignore Ignore Label App-specific Classifier

  22. BROWSING HISTORY ATTACK PIPELINE Activity Novelty Webpage Detector Detector Classifier Device Known Classify Active? Webpage? Webpage Ignore Ignore Webpage App-specific Classifier

  23. BROWSING HISTORY ATTACK PIPELINE Activity Novelty Webpage Detector Detector Classifier Device Known Classify Active? Webpage? Webpage Ignore Ignore Webpage App-specific Classifier

  24. CONSTRAINT - FIT INSIDE THE BATTERY Power requirements - <70 mA phone at rest - Computational complexity - Signal sample rate Storage

  25. CONSTRAINT - FIT INSIDE THE BATTERY Power requirements - <70 mA phone at rest - Computational complexity - Signal sample rate Storage

  26. KEYSTROKE INFERENCE

  27. KEYSTROKE INFERENCE 000000000000000000000001110110000001110001110011110111000111000000000000000000000000000000000000000000000000000000000000

  28. KEYSTROKE INFERENCE ' C ' Convolutional Neural Network

  29. KEYSTROKE INFERENCE ' C ' Convolutional Neural Network

  30. KEYSTROKE INFERENCE - RESULTS

  31. COMBINATION OF ATTACKS Top 1 – 18% Top 2 – 30% Top 3 – 40% Top 5 – 50%

  32. EXFILTRATION Wifi / Bluetooth Manipulate voltage App Battery Status API

  33. EXFILTRATION Victim

  34. EXFILTRATION Malicious Battery Attacker Victim

  35. SEE PAPER FOR -  Attacks – (Sections 6 & 7)  Web fingerprinting (open-world, Alexa top 100%)  Keystroke  Camera  Incoming calls  Robustness analysis - (Section 8)  Network conditions  Sample rate  Browsers  Phones  Users  Why Power channel leaks data? (Section 10)  Defenses & Mitigation (Section 11)

  36. THEORETICAL?!

  37. THEORETICAL?!

  38. THEORETICAL?!

  39. QUESTIONS ? Pavel Lifshits, pavell@ef.technion.ac.il Mark Silberstein, mark@ee.technion.ac.il

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash Sudhodanan Soheil Khodayari Juan Caballero 24/02/2020, NDSS 2020 COSI Attack A malicious web site infers the state of a user (the victim) at another web

767 views • 54 slides
MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise and purify our thoughts like a strain picture, or a passage from the grander poets. It always does one good. 5 MODERN 6 MODERN 7 MODERN 8

524 views • 24 slides
Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim, Simon Rehwald, Antoine Scemama, Florian Andres, Alexander Pretschner Technische Universitt Mnchen Department of Informatics Chair of Software

512 views • 24 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
PEEP recruitment maneuver Step 1 (lung) PEEP Recruits (opens) collapsed alveoli FiO

PEEP recruitment maneuver Step 1 (lung) PEEP Recruits (opens) collapsed alveoli FiO

2/1/2013 Case 1: 40 yo Male restrained driver high speed MVA P 140, RR 40 labored, BP 100/70, O 2 sat 70 Chestwheeze, crackles Robert M. Rodriguez, MD FAAEM Tender sternum and ribs without crepitus Clinical Professor of Medicine

486 views • 6 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr

Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr

Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr eal (UQAM), Canada gambs.sebastien@uqam.ca 17 July 2017 S ebastien Gambs Inference attacks on location data 1 Location-based services (LBSs)

524 views • 30 slides
I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia , Xinshu Dong , Zhenkai Liang , Prateek Saxena ! School of Computing, National University of Singapore ! Advanced Digital

496 views • 28 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of Control Methods of Taking Control Common Points of Attack Multifront Attacks Chapter 12 Auditing to Recognize Attacks Malicious

535 views • 7 slides
Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media

Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media

Software and Web Security 2 Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client sends malicious input

835 views • 56 slides
Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The Humble Keylogger Malware Malicious Hardware In-Cable Devices Malicious Keyboards Supply Chain Attacks Malicious BIOS

591 views • 14 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&amp;P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Hackers are Equal Opportunity Businessmen: Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. Kaspersky 60% of enterprises said

449 views • 13 slides
Banburismus Banburismus British codebreakers used cribs (guesses), brute force, and the and

Banburismus Banburismus British codebreakers used cribs (guesses), brute force, and the and

One-Slide Summary Banburismus Banburismus British codebreakers used cribs (guesses), brute force, and the and the and analysis to break the Lorenz cipher. Guessed wheel settings were likely to be correct if they resulted in a Story So Far

112 views • 9 slides
Segmentation and Representation for the Reuse of Skills Learned by Imitation 2012. 04. 18.

Segmentation and Representation for the Reuse of Skills Learned by Imitation 2012. 04. 18.

Segmentation and Representation for the Reuse of Skills Learned by Imitation 2012. 04. 18. Intelligence and Control for Robots Laboratory, Hanyang University, Korea Il Hong Suh In telligence and Co ntrol for R obots L aboratory Contents

1.07k views • 85 slides
Empirical Likelihood Upper Confidence Bounds For Bandit Models Olivier Capp e, Aur elien

Empirical Likelihood Upper Confidence Bounds For Bandit Models Olivier Capp e, Aur elien

Empirical Likelihood Upper Confidence Bounds For Bandit Models Olivier Capp e, Aur elien Garivier, Odalric-Ambrym Maillard, R emi Munos, Gilles Stoltz Institut de Math ematique de Toulouse, Universit e Paul Sabatier June 10th,

556 views • 40 slides
Nurse Rounding in the Digital World Glynda Summers Executive Director Nursing &amp; Midwifery,

Nurse Rounding in the Digital World Glynda Summers Executive Director Nursing &amp; Midwifery,

Nurse Rounding in the Digital World Glynda Summers Executive Director Nursing &amp; Midwifery, Cairns &amp; Hinterland Hospital &amp; Health Service Christie Moon Kirsty Allwright Technology Cairns Hospital has deployed a digital

720 views • 25 slides
JUSTIN BAEDER An Essential Question How can I tame the tsunami of work that washes over me each

JUSTIN BAEDER An Essential Question How can I tame the tsunami of work that washes over me each

JUSTIN BAEDER An Essential Question How can I tame the tsunami of work that washes over me each day, without getting overwhelmed? What Well Explore How to deal with requests from staff in a timely manner, without wrecking your plans

884 views • 59 slides
Scrum-Ops Agile Scrum weds Technology Devops Nitin Mudgal RSVP: Gaurav Malhotra Sprints &amp;

Scrum-Ops Agile Scrum weds Technology Devops Nitin Mudgal RSVP: Gaurav Malhotra Sprints &amp;

Scrum-Ops Agile Scrum weds Technology Devops Nitin Mudgal RSVP: Gaurav Malhotra Sprints &amp; Deployers Take aways 1. About us 2. Evolution of Agile software development. Some years back.. 3. A peep into Scrum Framework and who does what in

1k views • 33 slides
Fire Safety in Residential Care Premises Workshop 2 Community Protection Directorate Fire

Fire Safety in Residential Care Premises Workshop 2 Community Protection Directorate Fire

Fire Safety in Residential Care Premises Workshop 2 Community Protection Directorate Fire Protection Team Introductions Legislation What piece of legislation is used in the UK to ensure fire safety in residential care premises? The

562 views • 31 slides
Providing Science Professional Development for Early Childhood Teachers May 16, 2017

Providing Science Professional Development for Early Childhood Teachers May 16, 2017

Providing Science Professional Development for Early Childhood Teachers May 16, 2017 Collaborative for Early Science Learning 6 museums across the country Delivering Webinar series Online tool kit Conference session workshops

507 views • 36 slides

More recommend