Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach
Authors: 
Kavita Kumari, Murtuza Jadliwala, Anindya Maiti, Mohammad Hossein ManshaeiAuthors Info & Claims
Pages 276 - 296
Abstract
Abuse of zero-permission sensors (e.g., accelerometers and gyroscopes) on-board mobile and wearable devices to infer users’ personal context and information is a well-known privacy threat, and has received significant attention in the literature. At the same time, efforts towards relevant protection mechanisms have been ad-hoc and have main focus on threat-specific approaches that are not very practical, thus garnering limited adoption within popular mobile operating systems. It is clear that privacy threats that take advantage of unrestricted access to these sensors can be prevented if they are effectively regulated. However, the importance of these sensors to all applications operating on the mobile platform, including the dynamic sensor usage and requirements of these applications, makes designing effective access control/regulation mechanisms difficult. Moreover, this problem is different from classical intrusion detection as these sensors have no system- or user-defined policies that define their authorized or correct usage. Thus, to design effective defense mechanisms against such privacy threats, a clean slate approach that formalizes the problem of sensor access (to zero-permission sensors) on mobile devices is first needed. The paper accomplishes this by employing game theory, specifically, signaling games, to formally model the strategic interactions between mobile applications attempting to access zero-permission sensors and an on-board defense mechanism attempting to regulate this access. Within the confines of such a formal game model, the paper then outlines conditions under which equilibria can be achieved between these entities on a mobile device (i.e., applications and defense mechanism) with conflicting goals. The game model is further analyzed using numerical simulations, and also extended in the form of a repeated signaling game.
References
[1]
Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from smartphone motion. In: HotSec (2011)
[2]
Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: ACM MobiHeld, pp. 31–36 (2009)
[3]
Cho IK and Kreps DM Signaling games and stable equilibria Q. J. Econ. 1987 102 2 179-221
[4]
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM CCS, pp. 627–638 (2011)
[5]
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM SPSM (2011)
[6]
Gao, X., Firner, B., Sugrim, S., Kaiser-Pendergrast, V., Yang, Y., Lindqvist, J.: Elastic pathing: Your speed is enough to track you. In: ACM UbiComp (2014)
[7]
Hammad, M., Bagheri, H., Malek, S.: Determination and enforcement of least-privilege architecture in android. In: IEEE ICSA, pp. 59–68 (2017)
[8]
Han, J., Owusu, E., Nguyen, L., Perrig, A., Zhang, J.: ACComplice: location inference using accelerometers on smartphones. In: ACM COMSNETS (2012)
[9]
Kumari, K., Jadliwala, M., Maiti, A.: Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach (Full Report) (2019). https://sprite.utsa.edu/art/defender. Accessed 30 Apr 2019
[10]
Liu, X., Zhou, Z., Diao, W., Li, Z., Zhang, K.: When good becomes evil: keystroke inference with smartwatch. In: ACM CCS, pp. 1273–1285 (2015)
[11]
Maiti A, Jadliwala M, He J, and Bilogrevic I Side-channel inference attacks on mobile keypads using smartwatches IEEE Trans. Mob. Comput. 2018 17 9 2180-2194
[12]
Maiti, A., Armbruster, O., Jadliwala, M., He, J.: Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. In: ACM AsiaCCS (2016)
[13]
Maiti, A., Heard, R., Sabra, M., Jadliwala, M.: Towards inferring mechanical lock combinations using wrist-wearables as a side-channel. In: ACM WiSec, pp. 111–122 (2018)
[14]
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: ACM CCS (2011)
[15]
Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: USENIX Security (2014)
[16]
Michalevsky, Y., Nakibly, G., Veerapandian, G.A., Boneh, D., Nakibly, G.: PowerSpy: location tracking using mobile device power analysis. In: USENIX Security (2015)
[17]
Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: TapPrints: your finger taps have fingerprints. In: ACM MobiSys (2012)
[18]
Narain, S., Vo-Huu, T.D., Block, K., Noubir, G.: Inferring user routes and locations using zero-permission mobile sensors. In: IEEE S&P (2016)
[19]
Nguyen, L., Cheng, H., Wu, P., Buthpitiya, S., Zhang, Y.: PnLUM: system for prediction of next location for users with mobility. In: Nokia Mobile Data Challenge Workshop (2012)
[20]
Osborne MJ and Rubinstein A A Course in Game Theory 1994 Cambridge MIT Press
[21]
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: ACM HotMobile (2012)
[22]
Rahman, M.A., Manshaei, M.H., Al-Shaer, E.: A game-theoretic approach for deceiving remote operating system fingerprinting. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 73–81. IEEE (2013)
[23]
Sabra, M., Maiti, A., Jadliwala, M.: Keystroke inference using ambient light sensor on wrist-wearables: a feasibility study. In: ACM WearSys (2018)
[24]
Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: SoundComber: a stealthy and context-aware sound Trojan for smartphones. In: NDSS (2011)
[25]
Wang, C., Guo, X., Wang, Y., Chen, Y., Liu, B.: Friend or foe?: Your wearable devices reveal your personal pin. In: ACM AsiaCCS (2016)
[26]
Wang, H., Lai, T.T.T., Roy Choudhury, R.: MoLe: motion leaks through smartwatch sensors. In: ACM MobiCom (2015)
Index Terms
- Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach
Index terms have been assigned to the content through auto-classification.
Recommendations
A game-theoretical approach for finding optimal strategies in a botnet defense model
GameSec'10: Proceedings of the First international conference on Decision and game theory for securityBotnets are networks of computers infected with malicious programs that allow cybercriminals/botnet herders to control the infected machines remotely without the user's knowledge. In many cases, botnet herders are motivated by economic incentives and ...
Optimization of rootkit revealing system resources - A game theoretic approach
Malicious rootkit is a collection of programs designed with the intent of infecting and monitoring the victim computer without the user's permission. After the victim has been compromised, the remote attacker can easily cause further damage. In order to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Oct 2019
595 pages
ISBN:978-3-030-32429-2
DOI:10.1007/978-3-030-32430-8
© Springer Nature Switzerland AG 2019.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 30 October 2019
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in