Abstract
Side channels are actively exploited by attackers to infer users’ privacy from publicly-available information on Android devices, where attackers probe the states of system components (e.g., CPU and memory), APIs, and device sensors (e.g., gyroscope and microphone). These information can be accessed by applications without any additional permission. As a result, traditional permission-based solutions cannot efficiently prevent/detect these probing attacks. In this paper, we systematically analyze the Android side-channel probing attacks, and observe that the high frequency sensitive data collecting operations from a malicious app caused continuous changes of its process states. Based on this observation, we propose SideGuard, a process-state-based approach to detect side-channel probing attacks. It monitors the process states of the applications and creates the corresponding behavior models described by feature vectors. Based on the application behavior models, we train and obtain classifiers to detect malicious app behaviors by using learning-based classification techniques. We prototyped and evaluated our approach. The experiment results demonstrate the effectiveness of our approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Share of Android OS of global smartphone shipments from 1st quarter 2011 to 2nd quarter 2018. https://www.statista.com/statistics/236027/global-smartphone-os-market-share-of-android/. Accessed 3 Mar 2019
Babil, G.S., Mehani, O., Boreli, R., Kaafar, M.A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In: 2013 International Conference on Security and Cryptography (SECRYPT), pp. 1–8. IEEE (2013)
Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11, 9 (2011)
Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICST, vol. 152, pp. 427–435. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23829-6_29
Chen, Q.A., Qian, Z., Mao, Z.M.: Peeking into your app without actually seeing it: UI state inference and novel android attacks. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 1037–1052 (2014)
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014). https://doi.org/10.1145/2619091
Hemminki, S., Nurmi, P., Tarkoma, S.: Accelerometer-based transportation mode detection on smartphones. In: Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, p. 13. ACM (2013). https://doi.org/10.1145/2517351.2517367
Ho, B.J., Martin, P., Swaminathan, P., Srivastava, M.: From pressure to path: Barometer-based vehicle tracking. In: Proceedings of the 2nd ACM International Conference on Embedded Systems for Energy-Efficient Built Environments, pp. 65–74. ACM (2015). https://doi.org/10.1145/2821650.2821665
Jana, S., Shmatikov, V.: Memento: learning secrets from process footprints. In: 2012 IEEE Symposium on Security and Privacy, pp. 143–157. IEEE (2012). https://doi.org/10.1109/SP.2012.19
Liang, Y., Cai, Z., Han, Q., Li, Y.: Deep learning based inference of private information using embedded sensors in smart devices. IEEE Netw. Mag. 32(4), 8–14 (2018)
Marforio, C., Ritzdorf, H., Francillon, A., Capkun, S.: Analysis of the communication between colluding applications on modern smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 51–60. ACM (2012). https://doi.org/10.1145/2420950.2420958
Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 1053–1067 (2014)
Michalevsky, Y., Schulman, A., Veerapandian, G.A., Boneh, D., Nakibly, G.: PowerSpy: location tracking using mobile device power analysis. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 785–800 (2015)
Narain, S., Vo-Huu, T.D., Block, K., Noubir, G.: Inferring user routes and locations using zero-permission mobile sensors. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 397–413. IEEE (2016). https://doi.org/10.1109/SP.2016.31
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012). https://doi.org/10.1145/2162081.2162095
Ping, D., Sun, X., Mao, B.: TextLogger: inferring longer inputs on touch screen using motion sensors. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 24. ACM (2015). https://doi.org/10.1145/2766498.2766511
Spreitzer, R., Kirchengast, F., Gruss, D., Mangard, S.: Procharvester: fully automated analysis of procfs side-channel leaks on android. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 749–763. ACM (2018). https://doi.org/10.1145/3196494.3196510
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2018). https://doi.org/10.1109/TIFS.2017.2737970
Yan, L., Guo, Y., Chen, X., Mei, H.: A study on power side channels on mobile devices. In: Proceedings of the 7th Asia-Pacific Symposium on Internetware, pp. 30–38. ACM (2015). https://doi.org/10.1145/2875913.2875934
Zhang, L., Cai, Z., Wang, X.: Fakemask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)
Zhang, N., Yuan, K., Naveed, M., Zhou, X., Wang, X.: Leave me alone: app-level protection against runtime information gathering on android. In: 2015 IEEE Symposium on Security and Privacy, pp. 915–930. IEEE (2015). https://doi.org/10.1109/SP.2015.61
Zhou, X., et al.: Identity, location, disease and more: inferring your secrets from android public resources. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1017–1028. ACM (2013). https://doi.org/10.1145/2508859.2516661
Acknowledgement
We thank the anonymous reviewers for their valuable comments. This work was supported in part by the National Key R&D Program of China (No. 2017YFB080 2400), in part by the National Natural Science Foundation of China (No. 61402029, No. 61871023, No. U11733115), and in part by Singapore Ministry of Education (under NUS Grant No. R-252-000-666-114).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lin, Q., Mao, J., Shi, F., Zhu, S., Liang, Z. (2019). Detecting Android Side Channel Probing Attacks Based on System States. In: Biagioni, E., Zheng, Y., Cheng, S. (eds) Wireless Algorithms, Systems, and Applications. WASA 2019. Lecture Notes in Computer Science(), vol 11604. Springer, Cham. https://doi.org/10.1007/978-3-030-23597-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-23597-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23596-3
Online ISBN: 978-3-030-23597-0
eBook Packages: Computer ScienceComputer Science (R0)