sok privacy on mobile devices
play

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , - PowerPoint PPT Presentation

Oct 30, 2022 •371 likes •542 views

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham Privacy Enhancing Technologies Symposium 2016 Is Privacy Possible

  1. SoK: Privacy on Mobile Devices 
 It’s Complicated Chad Spensky , Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham Privacy Enhancing Technologies Symposium 2016

  2. Is Privacy Possible on Mobile Devices? “Privacy as we knew it in the past is no longer feasible… How we conventionally think of privacy is dead” - Margo Seltzer, World Economic Forum, 2015 Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  3. Mobile Devices 
 Features vs. Privacy Location Tracking Environmental Sensors Microphone Personal and Financial Data Cameras Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  4. Users Still Want Privacy 1 93% 87% 0.75 57% 0.5 93% 87% 0.25 57% 0 Have avoided apps 
 Want to be in control 
 Don’t want someone watching 
 due to privacy concerns of who sees their data 
 them without permission (PEW 2012) (PEW 2015) (PEW 2015) Top companies are even marketing their privacy-enhancing technologies Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  5. Systematizing Mobile Device Privacy User Access to private data Applications Visibility to user Operating System Firmware Hardware Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  6. Our Methodology Evaluate available Consider components Examine parties protections and their interactions and their motives Pull of this together into a “privacy world view” Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  7. Mobile Privacy-enhancing Technologies 
 User User Privacy Policies User Prompts App OS Analyzed Over-permissioning • Top 50 free/paid (Android) • Over 1/3 of apps request Firmware • Top 100 free/paid (iOS) permissions they don’t need [90,150] Hardware Result Only 32% are accessible to • Users don’t understand someone without a college what data these apps can education access [29, 91, 92] Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  8. Mobile Privacy-enhancing Technologies 
 Software User Encryption Permissions Models App OS Analyzed App with no permissions Top 50 banking apps • Can access Firmware • Wallpaper Results • Network Activity Hardware Apps still incorrectly validate • Directory Structure SSL certificates iOS: 4 • Low-level kernel crashes Android: 2 on both Android and iOS Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  9. Mobile Privacy-enhancing Technologies 
 Software User Application Application App Sandboxing Vetting OS Breaking Out Evasion (Android) Firmware • Root-level malware [31] • Dynamic code [79] • Infect developer tools [110] • Unknown sources [78] Hardware Side-Channels Evasion (iOS) • Intercept taps [3-5] • Private APIs [83] • Location from power [8] • Enterprise apps [111] Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  10. Mobile Privacy-enhancing Technologies 
 Firmware User Specialized Communication App Co-Processors Chipsets OS Purpose Analyzed Firmware • Record audio • NFC chipset on Android • Capture user movements • Require special drivers Hardware Concern Results • Could be compromised to • Nexus S: 856 crashes permit covert data capture • Nexus 4: 7 crashes Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  11. Mobile Privacy-enhancing Technologies 
 Hardware User Dedicated Trusted Execution App Cryptographic Units Environment OS Purpose Purpose Firmware Protects user data from Protect user data even if the software-based attacks device is stolen or lost Hardware Concern Concern Has unlimited access to the Low visibility and regulation entire system on implementation Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  12. Privacy World View Location-based Application Cellular Network WiFi ? Network Sensors Baseband Operating System WiFi [6,133] GPS Location-based App Power [8] Accelerometer [7] 3rd Party Light & SIM Card Trusted Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  13. Summary • Modern mobile devices are extremely complex, across all layers • Ill-defined trust relationships lead to un-intended data leakages • Effective privacy-enhancing technologies must consider the entire stack • We are likely going to see even more data leaks without fundamentally new approaches Complexity is the enemy of both security and privacy Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  14. Can We Do Better? • Reducing Trust Relationships • e.g., Hardware segregation • Guiding Users Toward Privacy • e.g., Personalized Privacy Assistant (SOUPS ’16) • Mechanism Design for Privacy • e.g., Bitcoin [183] Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

  15. Questions? Privacy on Mobile Devices – It’s Complicated CSS 07/21/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

971 views • 52 slides
PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as Lab study with 20 participants and a Mturk survey with 366 part of the app decision- participants making

473 views • 16 slides
Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW C42 Tuesday, 29th May 2001 Roger Zimmermann Overview Overview Introduction Why Technologies Absolute Positioning Relative

314 views • 30 slides
Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece

Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece

Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece infolab.cs.unipi.gr Mobile devices and services Large diffusion of mobile devices, mobile services and location-based services 2 Wireless networks

664 views • 39 slides
Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l.

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l.

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user & researcher @ SLP-IT

943 views • 53 slides
Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische Universitt Wien martina@iseclab.org https://martina.lindorfer.in @lindorferin About Me Assistant Professor at TU Wien (Security &

319 views • 17 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International Data Tracking 2 http://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found Two Main Attack

986 views • 63 slides
Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives Identify mobile devices Identify mobile devices Learn how mobile devices obtain and transmit information transmit information Identify

863 views • 68 slides
devices Im going to be talking about how we hold and interact our mobile devices And how

devices Im going to be talking about how we hold and interact our mobile devices And how

Im going to be introducing you to ergonomics More specifically ergonomics in terms of designing touch interfaces for mobile devices Im going to be talking about how we hold and interact our mobile devices And how you can use

1.12k views • 62 slides
Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference on Human Computer Interaction with Mobile Devices and Services (Mobile HCI 2005) Enrico Rukzio (Media Informatics Group, University of Munich )

641 views • 24 slides
Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Proceedings on Privacy Enhancing Technologies ; 2020 (2):436458 Shrirang Mare*, Franziska Roesner, and Tadayoshi Kohno Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract: Consumer smart home devices

596 views • 23 slides
Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or

Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or

Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or Other Information Background 2 Worcester Polytechnic Institute Mobile vs. Non-Mobile Devices Non-mobile devices Mobile devices Great

333 views • 20 slides
MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT

MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT

SERVER FOR IOT DEVICES AND MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT Environment Architecture Server Functionality Security IoT Devices Mobile and Desktop Devices Events

904 views • 23 slides
Smart Mobile Devices Registration System THE PURPOSES OF THE SYSTEM To detect illegally imported

Smart Mobile Devices Registration System THE PURPOSES OF THE SYSTEM To detect illegally imported

Smart Mobile Devices Registration System THE PURPOSES OF THE SYSTEM To detect illegally imported and/or uncertifjed To detect and prevent usage of mobile devices 1 5 devices within mobile operator network in with cloned and/or invalid

241 views • 10 slides
Interaction Devices Mobile Keyboard Animation, Speech and Displays

Interaction Devices Mobile Keyboard Animation, Speech and Displays

Interaction Devices Mobile Keyboard Animation, Speech and Displays Small Pointing Novel device image, and Layouts auditory and Large Devices devices display s video interfaces

194 views • 7 slides
Diderot: A Parallel DSL for Image Analysis and Visualization Charisee Chiw Gordon Kindlmann

Diderot: A Parallel DSL for Image Analysis and Visualization Charisee Chiw Gordon Kindlmann

Diderot: A Parallel DSL for Image Analysis and Visualization Charisee Chiw Gordon Kindlmann John Reppy Lamont Samuels Nick Seltzer University of Chicago June 11, 2012 Introduction Diderot The Diderot project is a collaborative effort to

801 views • 34 slides
Kathryn Accurso, Dr. Brenda Muzeta, & Marsha Liaw March 2018 I teach middle school

Kathryn Accurso, Dr. Brenda Muzeta, & Marsha Liaw March 2018 I teach middle school

Kathryn Accurso, Dr. Brenda Muzeta, & Marsha Liaw March 2018 I teach middle school language arts in an urban district. I have 31 students, including four ELLs and a few more whose parents declined services. Theyre from all over:

999 views • 43 slides
Ant-32 On the Design of a New CPU Architecture for Pedagogical Purposes Daniel Ellard, David

Ant-32 On the Design of a New CPU Architecture for Pedagogical Purposes Daniel Ellard, David

Ant-32 On the Design of a New CPU Architecture for Pedagogical Purposes Daniel Ellard, David Holland, Nicholas Murphy, Margo Seltzer Harvard University WCAE 02 Funded by Microsoft and NSF Why Design a New Architecture? Too many

499 views • 11 slides
POLI 120N: Contention and Conflict in Africa Professor Adida Explaining civil conflict: political

POLI 120N: Contention and Conflict in Africa Professor Adida Explaining civil conflict: political

POLI 120N: Contention and Conflict in Africa Professor Adida Explaining civil conflict: political explanations Map Quiz Map Quiz Grade Distribution 0.4 20% of your grade Range: 26 - 60 0.3 40% got max Density 0.2 Mean: 53.7

1.13k views • 33 slides
A different kind of functional language John Reppy University of Chicago / NSF November 2012

A different kind of functional language John Reppy University of Chicago / NSF November 2012

A different kind of functional language John Reppy University of Chicago / NSF November 2012 Parallel languages research I Manticore: Parallel SML (PML) I Nesl/GPU I Diderot Joint work with Gordon Kindlmann, Charisee Chiw, Lamont Samuels, Nick

571 views • 29 slides
CHIP MULTIPROCESSORS VIA AN OPERATING SYSTEM SCHEDULER Alexandra Fedorova Margo Seltzer Michael

CHIP MULTIPROCESSORS VIA AN OPERATING SYSTEM SCHEDULER Alexandra Fedorova Margo Seltzer Michael

IMPROVING PERFORMANCE ISOLATION ON CHIP MULTIPROCESSORS VIA AN OPERATING SYSTEM SCHEDULER Alexandra Fedorova Margo Seltzer Michael D. Smith Presented by Brad Eugene Torrence INTRODUCTION Motivation: Poor performance Isolation in chip

610 views • 28 slides
Allan Rocha, Usman Alim, Julio Daniel Silva, and Mario Costa Sousa Interactive Modeling,

Allan Rocha, Usman Alim, Julio Daniel Silva, and Mario Costa Sousa Interactive Modeling,

Allan Rocha, Usman Alim, Julio Daniel Silva, and Mario Costa Sousa Interactive Modeling, Visualization & Analytics R&D Group injection well (water) Geological Model Attributes Rock type Porosity Permeability Water

1.27k views • 58 slides
Long live robustness! Michael L. Seltzer Microsoft Research REVERB 2014 | May 10, 2014

Long live robustness! Michael L. Seltzer Microsoft Research REVERB 2014 | May 10, 2014

Robustness is dead! Long live robustness! Michael L. Seltzer Microsoft Research REVERB 2014 | May 10, 2014 Collaborators: Dong Yu, Yan Huang, Frank Seide, Jinyu Li, Jui-Ting Huang Golden age of speech recognition More investment, more

748 views • 39 slides

More recommend