Zeqing Guo,Weili Han,Liangxing Liu,Wenyuan Xu,Ruiqi Bu,Minyue Ni

DOI: https://doi.org/10.1145/2752952.2752974

2015-01-01

Abstract:More and more powerful personal smart devices take users, especially the elder, into a disaster of policy administration where users are forced to set personal management policies in these devices. Considering a real case of this issue in the Android security, it is hard for users, even some programmers, to generally identify malicious permission requests when they install a third-party application. Motivated by the popularity of mutual assistance among friends (including family members) in the real world, we propose a novel framework for policy administration, referring to Socialized Policy Administration (SPA for short), to help users manage the policies in widely deployed personal devices. SPA leverages a basic idea that a user may invite his or her friends to help set the applications. Especially, when the size of invited friends increases, the setting result can be more resilient to a few malicious or unprofessional friends. We define the security properties of SPA, and propose an enforcement framework where users' friends can help users set applications without the leakage of friends' preferences with the supports of a privacy preserving mechanism. In our prototype, we only leverage partially homomorphic encryption cryptosystems to implement our framework, because the fully homomorphic encryption is not acceptable to be deployed in a practical service at the moment. Based on our prototype and performance evaluation, SPA is promising to support major types of policies in current popular applications with acceptable performance.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1109/noms.2016.7502850

2016-01-01

Abstract:Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.

Yajin Zhou,Kunal Patel,Lei Wu,Zhi Wang,Xuxian Jiang

DOI: https://doi.org/10.1145/2714576.2714598

2015-01-01

Abstract:ABSTRACTUsers of Android phones increasingly entrust personal information to third-party apps. However, recent studies reveal that many apps, even benign ones, could leak sensitive information without user awareness or consent. Previous solutions either require to modify the Android framework thus significantly impairing their practical deployment, or could be easily defeated by malicious apps using a native library. In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege. AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app's access to sensitive APIs. Specifically, dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox leverages software fault isolation to prevent the app's native libraries from directly accessing the protected APIs or subverting the dex sandbox. We have implemented a prototype of AppCage. Our evaluation shows that AppCage can successfully detect and block attempts to leak private information by third-party apps, and the performance overhead caused by AppCage is negligible for apps without native libraries and minor for apps with them.

Hossen A. Mustafa,Wenyuan Xu,Ahmad-Reza Sadeghi,Steffen Schulz

DOI: https://doi.org/10.1109/DSN.2014.102

2014-01-01

Abstract:Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented between enterprises and countries, no mechanism is available today to easily detect such spoofing attacks. This vulnerability has already been exploited with crucial consequences such as faking caller IDs to emergency services (e.g., 9-1-1) or to commit fraud. In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks. CallerDec can be deployed at the liberty of users, without any modification to the existing infrastructures. We implemented our scheme as an App for Android-based phones and validated the effectiveness of our solution in detecting spoofing attacks in various scenarios.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

chen chen,jia xing song,wei dong liu

DOI: https://doi.org/10.4028/www.scientific.net/AMR.981.161

2014-01-01

Advanced Materials Research

Abstract:As one of the most popular mobile operating system, Android has been troubled by privilege escalation attacks. This is because that the original Android ignores the inspection of transmitted data inintent. It only checks the permission ofintentto determine whether the Inter-Process Communication (IPC) could continue. We developed Nipdroid to solve the mentioned defect in Android IPC detection. Nipdroid is based on the technology of marking and tracking sensitive data. After the original Android detection, Nipdroid extracts the sensitive tags fromintent, and matches them with the permission lists of both communication apps, and then checks whether there is unreasonable data transmission in IPC. Experiments show that Nipdroid is effective on both preventing privilege escalation attacks and protecting user's sensitive data.

Xiuping Han,Zhi Wang,Dan Pei

DOI: https://doi.org/10.1109/ICC.2018.8422764

2018-01-01

Abstract:Mobile devices adopt probe requests to discover nearby Wi-Fi access points (APs) and set up fast Wi-Fi connections. Preferred Network Lists (PNLs) are used to store the lists of connected Wi-Fi APs in the past. Previous studies have shown that such mechanism can lead to serious privacy leakage, for example, attackers can infer users' identity information and movement histories. In this paper, we investigate the privacy issue and propose a data-driven protection strategy. First, we conduct extensive measurement studies based on 27 million users associating with 4 million Wi-Fi APs in 4 cities. We show that probe requests can be used to identify and profile users. Despite that some actions have been taken to reduce privacy leakage (e.g., MAC address randomization), users' PNLs can still be inferred by attackers. Second, we propose a novel privacy protection method, in which users' PNLs are "blurred" by adding faked SSIDs generated using a collaborative filtering algorithm, such that nearby users' PNLs are similar to each other. Finally, we evaluate the performance of our design using real-world Wi-Fi association traces. Our trace-driven simulation shows that the refined PNLs can effectively protect user privacy and ensure fast Wi-Fi connection at the same time.

Zhiping Jiang,Kun Zhao,Rui Li,Jizhong Zhao,Junzhao Du

DOI: https://doi.org/10.1186/s13677-020-0154-7

2020-01-01

Journal of Cloud Computing Advances Systems and Applications

Abstract:Delivering service intelligence to billions of connected devices is the next step in edge computing. Wi-Fi, as the de facto standard for high-throughput wireless connectivity, is highly vulnerable to packet-injection-based identity spoofing attacks (PI-ISAs). An attacker can spoof as the legitimate edge coordinator and perform denial of service (DoS) or even man-in-the-middle (MITM) attacks with merely a laptop. Such vulnerability leads to serious systematic risks, especially for the core edge/cloud backbone network.In this paper, we propose PHYAlert, an identity spoofing attack alert system designed to protect a Wi-Fi-based edge network. PHYAlert profiles the wireless link with the rich dimensional Wi-Fi PHY layer information and enables real-time authentication for Wi-Fi frames. We prototype PHYAlert with commercial off-the-shelf (COTS) devices and perform extensive experiments in different scenarios. The experiments verify the feasibility of spoofing detection based on PHY layer information and show that PHYAlert can achieve an 8x improvement in the false positive rate over the conventional signal-strength-based solution.

Jianliang Wu,Yuhong Nan,Vireshwar Kumar,Mathias Payer,Dongyan Xu

2020-01-01

Abstract:Many IoT devices are equipped with Bluetooth Low Energy (BLE) to support communication in an energy-efficient manner. Unfortunately, BLE is prone to spoofing attacks where an attacker can impersonate a benign BLE device and feed malicious data to its users. Defending against spoofing attacks is extremely difficult as security patches to mitigate them may not be adopted across vendors promptly; not to mention the millions of legacy BLE devices with limited I/O capabilities that do not support firmware updates. As a first line of defense against spoofing attacks, we propose BlueShield, a legacy-friendly, non-intrusive monitoring system. BlueShield is motivated by the observation that all spoofing attacks result in anomalies in certain cyber-physical features of the advertising packets containing the BLE device’s identity. BlueShield leverages these features to detect anomalous packets generated by an attacker. More importantly, the unique design of BlueShield makes it robust against an advanced attacker with the capability to mimic all features. BlueShield can be deployed on low-cost off-the-shelf platforms, and does not require any modification in the BLE device or its user. Our evaluation with nine common BLE devices deployed in a real-world office environment validates that BlueShield can effectively detect spoofing attacks at a very low false positive and false negative rate.

Zhongxiao Wang,Hong Li,Jian Wen,Mingquan Lu

DOI: https://doi.org/10.33012/2021.17995

2021-01-01

Abstract:With the wide use of mobile navigation, the number of GNSS portable terminals such as smartphones without any ability of spoofing defense is growing rapidly, which induces a critical threat to our daily lives. To cope with the challenge of spoofing attacks, in this paper, we are going to develop a prototype of an online spoofer localization system, using raw GNSS measurements captured from Android smartphones in the spoofing area. We assume that each smartphone receives both authentic signals and spoofing signals simultaneously. With spoofing signals discriminated, a normal PVT solution can be recovered with authentic signals and then TOA measurements of spoofing signals can be captured from the smartphone and form a log file. We select a combination of smartphones with a minimum number of users and a maximum positioning accuracy. Each smartphone selected for spoofer localization uploads its logged data file to the server. Synchronization of observations and iterative least square (LS) algorithm will be carried out online to solve the position of the spoofer. Some difficulties and challenges, such as smartphones geometry and time synchronization are discussed in this paper. A fundamental field experiment is conducted to verify the feasibility of our proposed scheme.

Hongbo Liu,Yan Wang,Jian Liu,Yingying Chen

DOI: https://doi.org/10.1007/978-3-030-10597-6_9

2019-01-01

Abstract:User authentication is the critical first step of network security to detect identity-based attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic-based techniques grounded on physical layer properties to perform user authentication appears promising. To ensure the security of mobile devices in dynamic networks, we explore to use fine-grained channel state information (CSI), which is available from off-the-shelf WiFi devices, to perform proactive user authentication. We propose a user-authentication framework that has the capability to proactively request CSI and build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer in dynamic network environments. Extensive experiments in both office and apartment environments show that our framework can remove the effect of signal outliers and achieve higher authentication accuracy compared to existing approaches that use received signal strength (RSS).

Xiao Zhang,Jiqiang Liu,Si Chen,Yongjun Kong,Kui Ren

DOI: https://doi.org/10.1109/jiot.2018.2850524

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:The recent proliferation of Internet of Things (IoT) device coupled with the demand for an inexpensive way of transmitting data has been the primary factors behind the popularity of the short-range acoustic communication. It enables a seamless transfer of digital information via soundwaves, using device’s loudspeaker and microphone only and the whole interaction takes place without the need for network connection. Due to the limited computational power of the IoT device, the short-range acoustic communication system has adopted the friendly jamming technology to save energy. However, the security of the friendly jamming technology in mobile applications has not been thoroughly studied. When propagating sound in public, the soundwaves are subject to eavesdropping by nature. In particular, the friendly jamming technology is vulnerable to the separation attacks which can separate data signals from mixed signals. In this paper, we propose PriWhisper+—a secure acoustic short-range communication system between IoT devices. We analyze the security of PriWhisper+ via information theory and propose physical security enhancement mechanisms for acoustic communication by combining device mobility with secret sharing scheme. We then design a secure data communication scheme that transmits data in acoustic signals. This scheme can be applied in many security-sensitive situations, such as device pairing, contactless payments, and privacy data sharing. At last, we evaluate the performance of our proposed PriWhisper+ by extensive experiments on Android smartphones. The results of the experiment show that the PriWhisper+ can protect the data confidentiality within thirty centimeters of communication range.

Yang Xu,Guojun Wang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1016/j.future.2018.09.042

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Android is a successful mobile platform with a thriving application ecosystem. However, despite its security precautions like permission mechanism, it is still vulnerable to privilege escalation threats and particularly confused deputy attacks that exploit the permission leak vulnerabilities of Android applications. Worse, most existing detection and protection techniques have become costly and unresponsive in current Android dynamic permission environments. In this paper, we propose a configurable Android security framework to prevent the exploitation of permission leak vulnerabilities of third-party applications via confused deputy attacks. Our framework collects the runtime states of applications and enforces policy and capability-based access control to restrain riskful inter-application communications, so as to provide more responsive, adaptive, and flexible application protection. Besides, our framework provides users with a flexible runtime policy configuration together with a complementary security mechanism to mitigate risks induced by inappropriate policies. Additionally, we present a sophisticated access decision cache system with a proactive maintenance method that ensures the efficiency and dependability of decision services. Theoretical analysis and experimental evaluation demonstrate that our approach provides configurable and effective protections for third-party applications against permission leak vulnerabilities at small performance and usability costs.

Yuhao Luo,Dawu Gu,Juanru Li

DOI: https://doi.org/10.1109/icist.2013.6747691

2013-01-01

Abstract:Although Android has introduced many security mechanisms, users often expose privacy information to attacker due to the system's defensive privacy protecting policy. The problem is that for most inexperienced users, no mandatory protection is provided. To address this issue, we propose a data-centric privacy enhancement design to actively restrict privacy violation on Android. The main idea is to first build trusted database by introducing secure enhanced kernel and data-at-rest encryption. Then, the system enforces an isolation of applications with privacy data access privilege mode. The design focuses on data protection and keeps persistent mandatory access control model from kernel to application layer, and could resist most common privacy leakage attacks. Compared with other heavyweight isolation scheme, the overhead is also controlled into an acceptable range due to our lightweight design principle.

Yang Xu,Ju Ren,Yaoxue Zhang,Guojun Wang

DOI: https://doi.org/10.1109/ispa/iucc.2017.00116

2017-01-01

Abstract:Android is the world's most popular mobile platform. Nevertheless, in spite of continuous efforts on its permission system, it is still incapable of resisting privilege escalation attacks, specially, the confused deputy attacks on numerous poor-designed applications. Worse yet, most existing security solutions become costly or rigid in recent Android dynamic permission environment. In this paper, we proposed a flexible and efficient security extension to Android middleware for protecting the vulnerable privileged applications from being abused by malwares in the dynamic permission scenario. Our framework maintains fresh permission states of applications at runtime and enforces access control on inter-component communications conservatively by checking the capability differences between applications, so as to provide more precise and temperate protection for applications. Moreover, we also introduced an efficient cache mechanism together with an optimized proactive updating method for decisions, which contributes significantly to improving the inspection efficiency. Finally, experimental results reveal that our framework is effective and adaptable in defending against confused deputy attacks on applications with negligible overhead and limited impact on application usability.

Weizhe Zhang,Hui He,Qizhen Zhang,Tai-hoon Kim

DOI: https://doi.org/10.1155/2014/282417

IF: 1.938

2014-01-01

International Journal of Distributed Sensor Networks

Abstract:With the popularity of Android platform based mobile phones, privacy protection of Android platform becomes a focus area. Now protection for Android based smart phone has many shortages, and also most phone protection systems are based on C/S model. In this paper, we propose a browser-free multilevel smart phone privacy protection system, which is based on the Android sensor platform. In this system, protection is ensured by means of SMS, which turns out to be easy, quick, and convenient. Users can send SMS to phones remotely as operating instructions; then the sensors on remote phones execute the instructions and return useful information. Second, the sensors based on the daemon process mechanism are used to prevent the sensors from being maliciously closed and uninstalled. Third, our system adopts SIM detecting mechanism to judge whether the SIM card is removed or changed. If exception is detected, the phone will be locked automatically by its inside sensors. The three points ensure full protection of phone privacy. Test results show that our system has good robustness and low resource consumption.

Soteris Demetriou,Nan Zhang,Yeonjoon Lee,Xiaofeng Wang,Carl Gunter,Xiaoyong Zhou,Michael Grace

DOI: https://doi.org/10.48550/arXiv.1703.01537

2017-03-04

Cryptography and Security

Abstract:A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). Those systems tend to rely on the Wi-Fi router to authenticate other devices; as verified in our study, IoT vendors tend to trust all devices connected to the HAN. This treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control, as confirmed in our measurement study. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing the cost of the device, or software developers who we need to trust to implement security correctly. In this work, we present a new technique to control the communication between the IoT devices and their apps in a unified, backward-compatible way. Our approach, called Hanguard, does not require any changes to the IoT devices themselves, the IoT apps or the OS of the participating phones. Hanguard achieves a fine-grained, per-app protection through bridging the OS-level situation awareness and the router-level per-flow control: each phone runs a non-system userspace Monitor app to identify the party that attempts to access the protected IoT device and inform the router through a control plane of its access decision; the router enforces the decision on the data plane after verifying whether the phone should be allowed to talk to the device. Hanguard uses a role-based access control (RBAC) schema which leverages type enforcement (TE) and multi-category security (MCS) primitives to define highly flexible access control rules. We implemented our design over both Android and iOS (>95% of mobile OS market share) and a popular router. Our study shows that Hanguard is both efficient and effective in practice.

Kecheng Liu,Wenlong Shen,Yu Cheng,Lin X. Cai,Qing Li,Sheng Zhou,Zhisheng Niu

DOI: https://doi.org/10.1109/jiot.2018.2877174

IF: 10.6

2019-04-01

IEEE Internet of Things Journal

Abstract:Mobile device-to-device (D2D) network has now become a standardized feature in many mobile devices, by which mobile devices can communicate with each other even when commercial Internet access is not available. Because D2D network is expected to be an intrinsic part of the Internet of Things (IoT) and mobile device is the smartest and the most advanced commercial device in everyday usage, the D2D feature and related security protocols it adopts influences the design and implementation of many other IoT devices. While D2D network provides tangible benefits to users, it also raises the security risks of information leaking. This paper presents an in-depth empirical security analysis on mobile D2D network among Android devices. Android apps could establish a mobile D2D network in various ways, including Wi-Fi hotspot, Wi-Fi Direct, and Bluetooth. Those mobile D2D protocols normally take different protection mechanisms, which makes security investigation considerably challenging. In this paper, we focus on most popular apps in the Google Play Store, with aggregated downloads more than 500 million. Our analysis reveals some critical vulnerabilities. The key findings are bi-fold. First, the current mobile D2D network framework enabled by Android has significant flaw of overprivilege issue. Second, we have identified that most data transfer over mobile D2D network is unencrypted. Furthermore, we exploit the identified Android framework flaws to construct three proof-of-concept attacks and we conclude this paper with security lessons and suggestions of possible solutions against the identified security issues.

computer science, information systems,telecommunications,engineering, electrical & electronic