research-article

Public Access

iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft

Authors:

Yanchao ZhangAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 933 - 944

https://doi.org/10.1145/2976749.2978294

Published: 24 October 2016 Publication History

Abstract

Mobile device losses and thefts are skyrocketing. The sensitive data hosted on a lost/stolen device are fully exposed to the adversary. Although password-based authentication mechanisms are available on mobile devices, many users reportedly do not use them, and a device may be lost/stolen while in the unlocked mode. This paper presents the design and evaluation of iLock, a secure and usable defense against data theft on a lost/stolen mobile device. iLock automatically, quickly, and accurately recognizes the user's physical separation from his/her device by detecting and analyzing the changes in wireless signals. Once significant physical separation is detected, the device is immediately locked to prevent data theft. iLock relies on acoustic signals and requires at least one speaker and one microphone that are available on most COTS (commodity-off-the-shelf) mobile devices. Extensive experiments on Samsung Galaxy S5 show that iLock can lock the device with negligible false positives and negatives.

References

[1]

http://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breachesl.

[2]

Cisco visual networking index global mobile data traffic forecast update 2014--2019. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white_paper_c11--520862.html.

[3]

http://gizmodo.com/hackers-iphone-5s-fingerprint-security-is-notsecure-1367817697.

[4]

Kaspersky lab survey. http://www.kaspersky.com/about/news/virus/2015/Quarter-of-Users-Do-Not-Understand-the-Risks-of-Mobile-Cyberthreats.

[5]

F. Adib, Z. Kabelac, and D. Katabi. Multi-person localization via rf body reflections. In USENIX NSDI'15, Oakland, CA, May 2015.

Digital Library

[6]

F. Adib, Z. Kabelac, D. Katabi, and R. Miller. 3d tracking via body radio reflections. In USENIX NSDI'14, Seattle, WA, 2014.

Digital Library

[7]

Y. Chen, J. Sun, R. Zhang, and Y. Zhang. Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices. In IEEE INFOCOM'15, Hong Kong, China, 2015.

[8]

T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunar, Y. Jiang, and N. Nguyen. Continuous mobile authentication using touchscreen gestures. In IEEE HST'12, Waltham, MA, 2012.

[9]

M. Frank, R. Biedert, E.-D. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security, 8(1):136--148, 2013.

Digital Library

[10]

D. Gafurov, K. Helkala, and T. Søndrol. Biometric gait authentication using accelerometer sensor. Journal of Computers, 1(7):51--59, 2006.

[11]

O. Huhta, P. Shrestha, S. Udar, M. Juuti, N. Saxena, and N. Asokan. Pitfalls in designing zero-effort deauthentication: Opportunistic human observation attacks. In NDSS'16, San Diego, CA, Feb. 2015.

[12]

H. Khan, A. Atwater, and U. Hengartner. Itus: An implicit authentication framework for android. In ACM Mobicom'14, Maui, Hawaii, Sept. 2014.

Digital Library

[13]

J. Kwapisz, G. Weiss, and S. Moore. Cell phone-based biometric identification. In IEEE BTAS'10, Washington DC, Sep. 2010.

[14]

L. Li, X. Zhao, and G. Xue. Unobservable re-authentication for smartphones. In NDSS'13, San Diego, USA, Feb. 2013.

[15]

K. Liu, X. Liu, and X. Li. Guoguo: Enabling fine-grained indoor localization via smartphone. In ACM MobiSys'13, Taipei, Taiwan, Jun. 2013.

Digital Library

[16]

B. Mahafza. Radar Systems Analysis and Design Using MATLAB Third Edition. CRC press, 2013.

[17]

E. Maiorana, P. Campisi, N. González-Carballo, and A. Neri. Keystroke dynamics authentication for mobile phones. In ACM SAC'11, TaiChung, Taiwan, Mar. 2011.

Digital Library

[18]

S. Mare, A. Markham, C. Cornelius, R. Peterson, and D. Kotz. Zebra: Zero-effort bilateral recurring authentication. In IEEE S&P'14, San Jose, CA, May 2014.

Digital Library

[19]

F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. International Journal of Information Security, 1(2):69--83, 2002.

[20]

R. Nandakumar, K. Chintalapudi, and V. Padmanabhan. Centaur: locating devices in an office environment. In ACM MobiCom'12, Istanbul, Turkey, 2012.

Digital Library

[21]

R. Nandakumar, S. Gollakota, and N. Watson. Contactless sleep apnea detection on smartphones. In ACM MobiSys'15, Florence, Italy, May 2015.

Digital Library

[22]

R. Nandakumar, V. Iyer, D. Tan, and S. Gollakota. Fingerio: Using active sonar for fine-grained finger tracking. In ACM CHI'16, San Jose, CA, May 2016.

Digital Library

[23]

C. Peng, G. Shen, Y. Zhang, Y. Li, and K. Tan. Beepbeep: a high accuracy acoustic ranging system using cots mobile devices. In ACM SenSys'07, Sydney, Australia, Nov. 2007.

Digital Library

[24]

N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon. Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In ACM CHI'12, Austin, TX, May 2012.

Digital Library

[25]

M. Shahzad, A. Liu, and A. Samuel. Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it. In ACM MobiCom'13, Miami, FL, Sep. 2013.

Digital Library

[26]

W. Shi, F. Yang, Y. Jiang, F. Yang, and Y. Xiong. Senguard: Passive user identification on smartphones using multiple sensors. In IEEE WiMob'11, Shanghai, China, 2011.

Digital Library

[27]

J. Sun, R. Zhang, J. Zhang, and Y. Zhang. Touchin: Sightless two-factor authentication on multi-touch mobile devices. In IEEE CNS'14, San Francisco, CA, Oct. 2014.

[28]

Y.-C. Tung and K. Shin. Echotag: accurate infrastructure-free indoor location tagging with smartphones. In ACM MobiCom'15, Paris, France, Sep. 2015.

Digital Library

[29]

T. Vu, A. Baid, S. Gao, M. Gruteser, R. Howard, J. Lindqvist, P. Spasojevic, and J. Walling. Distinguishing users with capacitive touch communication. In ACM MobiCom'12, Istanbul, Turkey, Aug. 2012.

Digital Library

[30]

P. Zhou, M. Li, and G. Shen. Use it free: Instantly knowing your phone attitude. In ACM MobiCom'14, Maui, Hawaii, Sep. 2014.

Digital Library

Cited By

Guo ZCao JBai XLi ANiu BLi H(2023)Shake, Shake, I Know Who You Are: Authentication Through Smart Wearable DevicesIEEE Sensors Journal10.1109/JSEN.2023.331552323:21(26786-26795)Online publication date: 1-Nov-2023
https://doi.org/10.1109/JSEN.2023.3315523
Xu JBi ZSingha ALi TChen YZhang Y(2023)mmLock: User Leaving Detection Against Data Theft via High-Quality mmWave Radar Imaging2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230151(1-10)Online publication date: Jul-2023
https://doi.org/10.1109/ICCCN58024.2023.10230151
Alawami MVinay AKim H(2022)LocID: A Secure and Usable Location-Based Smartphone Unlocking Scheme Using Wi-Fi Signals and Light IntensityIEEE Internet of Things Journal10.1109/JIOT.2022.31893589:23(24357-24372)Online publication date: 1-Dec-2022
https://doi.org/10.1109/JIOT.2022.3189358
Show More Cited By

Index Terms

iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile devices
      1. Mobile devices
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

IntentFuzzer: detecting capability leaks of android applications
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

Capability leak is a vulnerability in Android applications, which violates the enforcement of permission model and threatens the secure usage of Android phone users. Malicious applications can launch permission escalation attacks with this ...
AppInk: watermarking android apps for repackaging deterrence
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

With increased popularity and wide adoption of smartphones and mobile devices, recent years have seen a new burgeoning economy model centered around mobile apps. However, app repackaging, among many other threats, brings tremendous risk to the ecosystem,...
Unified security enhancement framework for the Android operating system

In these days there are many malicious applications that collect sensitive information owned by third-party applications by escalating their privileges to the higher level on the Android operating system. An attack of obtaining the root-level privilege ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
1,265
Total Downloads

Downloads (Last 12 months)162
Downloads (Last 6 weeks)46

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Guo ZCao JBai XLi ANiu BLi H(2023)Shake, Shake, I Know Who You Are: Authentication Through Smart Wearable DevicesIEEE Sensors Journal10.1109/JSEN.2023.331552323:21(26786-26795)Online publication date: 1-Nov-2023
https://doi.org/10.1109/JSEN.2023.3315523
Xu JBi ZSingha ALi TChen YZhang Y(2023)mmLock: User Leaving Detection Against Data Theft via High-Quality mmWave Radar Imaging2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230151(1-10)Online publication date: Jul-2023
https://doi.org/10.1109/ICCCN58024.2023.10230151
Alawami MVinay AKim H(2022)LocID: A Secure and Usable Location-Based Smartphone Unlocking Scheme Using Wi-Fi Signals and Light IntensityIEEE Internet of Things Journal10.1109/JIOT.2022.31893589:23(24357-24372)Online publication date: 1-Dec-2022
https://doi.org/10.1109/JIOT.2022.3189358
Caprolu MSciancalepore SDi Pietro R(2021)Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research ChallengesIEEE Communications Surveys & Tutorials10.1109/COMST.2020.296903023:1(311-340)Online publication date: Sep-2022
https://doi.org/10.1109/COMST.2020.2969030
Chen JHengartner UKhan HMannan MCapkun SRoesner F(2020)ChaperoneProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489231(325-342)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489231
Gao CFawaz KSur SBanerjee S(2019)Privacy Protection for Audio Sensing Against Multi-Microphone AdversariesProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00242019:2(146-165)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0024
KANG TJI SJEONG HZHU BKIM J(2019)WearAuth: Wristwear-Assisted User Authentication for Smartphones Using Wavelet-Based Multi-Resolution AnalysisIEICE Transactions on Information and Systems10.1587/transinf.2019EDP7024E102.D:10(1976-1992)Online publication date: 1-Oct-2019
https://doi.org/10.1587/transinf.2019EDP7024
Zhang LHan DLi ALi TZhang YZhang Y(2019)WristUnlock: Secure and Usable Smartphone Unlocking with Wrist Wearables2019 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2019.8802715(28-36)Online publication date: Jun-2019
https://doi.org/10.1109/CNS.2019.8802715
Yao XZou YChen ZZhao MLiu Q(2019)Topic-based rank search with verifiable social data outsourcingJournal of Parallel and Distributed Computing10.1016/j.jpdc.2019.07.003Online publication date: Jul-2019
https://doi.org/10.1016/j.jpdc.2019.07.003
Han DChen YLi TZhang RZhang YHedgpeth TShorey RMurty RChen YJamieson K(2018)Proximity-ProofProceedings of the 24th Annual International Conference on Mobile Computing and Networking10.1145/3241539.3241574(401-415)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3241539.3241574
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents