Yushi Cheng,Xiaoyu Ji,Wenyuan Xu,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1145/3321705.3329817

2019-01-01

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

Xiaoyu Ji,Xinyan Zhou,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2020.3025023

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:With the proliferation of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is to verify the device legitimacy when they share no secrets in advance. Previous research proposed device authentication schemes based on pre-built database or exploiting physical properties. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present NAuth, a nonlinearity-enhanced, location-sensitive authentication mechanism. Especially, we target at the secure authentication within a limited range such as 20 cm, which is typical for face-to-face scenarios. NAuth designs a verification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the feasibility and security of NAuth theoretically and evaluate its performance experimentally. Results demonstrate that NAuth can verify the device legitimacy in the presence of nearby attackers.

Zenghua Xia,Chang Liu,Neil Zhenqiang Gong,Qi Li,Yong Cui,Dawn Song

DOI: https://doi.org/10.1145/3292500.3330702

2019-01-01

Abstract:Malicious accounts are one of the biggest threats to the security and privacy of online social networks (OSNs). In this work, we study a new type of OSN, called privacy-centric mobile social network (PC-MSN), such as KakaoTalk and LINE, which has attracted billions of users recently. The design of PC-MSN is inspired to protect their users' privacy from strangers: (1) a stranger is not easy to send a friend request to a user who does not want to make friends with strangers; and (2) strangers cannot view a user's post. Such a design mitigates the security issue of malicious accounts. At the same time, it also brings the battleground between attackers and defenders to an earlier stage, i.e., making friendship, than the one studied in previous works. Also, previous defense proposals mostly rely on certain assumptions on the attacker, which may not be robust in the new PC-MSNs. As a result, previous malicious accounts detection approaches are less effective on a PC-MSN. To mitigate this issue, we study the patterns in friend requests to distinguish malicious accounts, and perform a systematic study over 1 million labeled data from WLink, a real PC-MSN with billions of users, to confirm our hypothesis. Based on the results, we propose dozens of new features and leverage machine learning to detect malicious accounts. We evaluate our method and compare it with existing methods, and the results show that our method achieves a precision of 99.5% and a recall of 98.4%, which significantly outperform previous state-of-the-art methods. Importantly, we qualitatively analyze the robustness of the designed features, and our evaluation shows that using only robust features can achieve the same level of performance as using all features. WLink has deployed our detection method. Our method can detect 0.59 million malicious accounts daily, which is 6 times higher than the previous deployment on WLink, with a precision of over 90%.

Bing-Zhe He,Chien-Ming Chen,Yi-Ping Su,Hung-Min Sun

DOI: https://doi.org/10.1016/j.eswa.2013.09.032

IF: 8.5

2013-01-01

Expert Systems with Applications

Abstract:Recently, on-line social networking sites become more and more popular. People like to share their personal information such as their name, birthday and photos on these public sites. However, personal information could be misused by attackers. One kind of attacks called Identity Theft Attack is addressed in on-line social networking sites. After collecting the personal information of a victim, the attacker can create a fake identity to impersonate this victim and cheat the victim's friends in order to destroy the trust relationships on the on-line social networking sites. In this paper, we propose a scheme to protect users from Identity Theft Attacks. In our work, users' personal information can be still kept public. It means that this scheme does not violate the nature of the social networks. Compared with previous works, the proposed scheme incurs less overhead for users. Experimental results also demonstrate the practicality of the proposed scheme.

Yanzi Zhu,Zhujun Xiao,Yuxin Chen,Zhijing Li,Max Liu,Ben Y. Zhao,Haitao Zheng

2018-01-01

Abstract:Our work demonstrates a new set of silent reconnaissance attacks, which leverages the presence of commodity WiFi devices to track users inside private homes and offices, without compromising any WiFi network, data packets, or devices. We show that just by sniffing existing WiFi signals, an adversary can accurately detect and track movements of users inside a building. This is made possible by our new signal model that links together human motion near WiFi transmitters and variance of multipath signal propagation seen by the attacker sniffer outside of the property. The resulting attacks are cheap, highly effective, and yet difficult to detect. We implement the attack using a single commodity smartphone, deploy it in 11 real-world offices and residential apartments, and show it is highly effective. Finally, we evaluate potential defenses, and propose a practical and effective defense based on AP signal obfuscation.

Euijin Choo,Mohamed Nabeel,Mashael Alsabah,Issa Khalil,Ting Yu,Wei Wang

DOI: https://doi.org/10.48550/arXiv.1911.12080

2019-11-27

Abstract:In this paper, we propose to identify compromised mobile devices from a network administrator's point of view. Intuitively, inadvertent users (and thus their devices) who download apps through untrustworthy markets are often allured to install malicious apps through in-app advertisement or phishing. We thus hypothesize that devices sharing a similar set of apps will have a similar probability of being compromised, resulting in the association between a device being compromised and apps in the device. Our goal is to leverage such associations to identify unknown compromised devices (i.e., devices possibly having yet currently not having known malicious apps) using the guilt-by-association principle. Admittedly, such associations could be quite weak as it is often hard, if not impossible, for an app to automatically download and install other apps without explicit initiation from a user. We describe how we can magnify such weak associations between devices and apps by carefully choosing parameters when applying graph-based inferences. We empirically show the effectiveness of our approach with a comprehensive study on the mobile network traffic provided by a major mobile service provider. Concretely, we achieve nearly 98\% accuracy in terms of AUC (area under the ROC curve). Given the relatively weak nature of association, we further conduct in-depth analysis of the different behavior of a graph-inference approach, by comparing it to active DNS data. Moreover, we validate our results by showing that detected compromised devices indeed present undesirable behavior in terms of their privacy leakage and network infrastructure accessed.

Cryptography and Security

Shuaike Dong,Zhou Li,Di Tang,Jiongyi Chen,Menghan Sun,Kehuan Zhang

DOI: https://doi.org/10.48550/arXiv.1909.00104

2019-08-31

Abstract:The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

Cryptography and Security

Yujin Huang,Chunyang Chen

DOI: https://doi.org/10.1109/tifs.2022.3172213

IF: 7.231

2022-05-20

IEEE Transactions on Information Forensics and Security

Abstract:On-device deep learning is rapidly gaining popularity in mobile applications. Compared to offloading deep learning from smartphones to the cloud, on-device deep learning enables offline model inference while preserving user privacy. However, such mechanisms inevitably store models on users' smartphones and may invite adversarial attacks as they are accessible to attackers. Due to the characteristic of the on-device model, most existing adversarial attacks cannot be directly applied for on-device models. In this paper, we introduce a grey-box adversarial attack framework to hack on-device models by crafting highly similar binary classification models based on identified transfer learning approaches and pre-trained models from TensorFlow Hub. We evaluate the attack effectiveness and generality in terms of four different settings including pre-trained models, datasets, transfer learning approaches and adversarial attack algorithms. The results demonstrate that the proposed attacks remain effective regardless of different settings, and significantly outperform state-of-the-art baselines. We further conduct an empirical study on real-world deep learning mobile apps collected from Google Play. Among 53 apps adopting transfer learning, we find that 71.7% of them can be successfully attacked, which includes popular ones in medicine, automation, and finance categories with critical usage scenarios. The results call for the awareness and actions of deep learning mobile app developers to secure the on-device models. The code of this work is available at https://github.com/Jinxhy/SmartAppAttack.

Ziming Zhao,Gail-Joon Ahn,Hongxin Hu,Deepinder Mahi

2012-01-01

Abstract:Existing research on net-centric attacks has focused on the detection of attack events on network side and the removal of rogue programs from client side. However, such approaches largely overlook the way on how attack tools and unwanted programs are developed and distributed. Recent studies in underground economy reveal that suspicious attackers heavily utilize online social networks to form special interest groups and distribute malicious code. Consequently, examining social dynamics, as a novel way to complement existing research efforts, is imperative to systematically identify attackers and tactically cope with net-centric threats. In this paper, we seek a way to understand and analyze social dynamics relevant to net-centric attacks and propose a suite of measures called SocialImpact for systematically discovering and mining adversarial evidence. We also demonstrate the feasibility and applicability of our approach by implementing a proof-of-concept prototype Cassandra with a case study on real-world data archived from the Internet.

Ziyi Zhou,Xing Han,Zeyuan Chen,Yuhong Nan,Juanru Li,Dawu Gu

DOI: https://doi.org/10.1109/dsn53405.2022.00059

2022-01-01

Abstract:A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting a first in-depth security analysis, however, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to easily (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps. To further evaluate the impact of our identified issues, we propose a pipeline that integrates both static and dynamic analysis. We examined 1,025/894 Android/iOS apps, each app holding more than 100 million installations. We confirmed 396/398 Android/iOS apps are affected. Our research systematically reveals the threats against OTAuth services. Finally, we provide suggestions on how to mitigate these threats accordingly.

Guosheng Xu,Siyi Li,Hao Zhou,Shucen Liu,Yutian Tang,Li,Xiapu Luo,Xusheng Xiao,Guoai Xu,Haoyu Wang

DOI: https://doi.org/10.1145/3485447.3512151

2022-01-01

Abstract:Online content sharing is a widely used feature in Android apps. In this paper, we observe a new Fake-Share attack that adversaries can abuse existing content sharing services to manipulate the displayed source of shared content to bypass the content review of targeted Online Social Apps (OSAs) and induce users to click on the shared fraudulent content. We show that seven popular content-sharing services (including WeChat, AliPay, and KakaoTalk) are vulnerable to such an attack. To detect this kind of attack and explore whether adversaries have leveraged it in the wild, we propose DeFash, a multi-granularity detection tool including static analysis and dynamic verification. The extensive in-the-lab and in-the-wild experiments demonstrate that DeFash is effective in detecting such attacks. We have identified 51 real-world apps involved in Fake-Share attacks. We have further harvested over 24K Sharing Identification Information (SIIs) that can be abused by attackers. It is hence urgent for our community to take actions to detect and mitigate this kind of attack.

Yuwei Yao,Xinpeng Zhang,Hanzhou Wu,Zichi Wang,Jiangfeng Wang

DOI: https://doi.org/10.1080/02564602.2020.1737586

2020-01-01

Abstract:With the development of smartphones and mobile wireless network, social discovery applications are becoming more and more popular now. These applications help users to chat with nearby people and make friends. However, the location of a user could be exploited by attackers in some situations. This paper concentrates on the protection of location privacy in social discovery application. Firstly, we formalize the location attack problem using probability theory. Then we propose a new distance obfuscation method to defend the location inference attack. Guided by entropy theory, we obfuscate the distance between two users with a specific probability instead of random obfuscation to make the inference attack more difficult. To keep the balance between the privacy level and the service quality, we resolve the optimal mechanism. Experimental results show that the proposed method performs well in protecting the users' locations without significantly compromising the quality-of-service of social discovery applications.

Yaniv Altshuler,Nadav Aharony,Yuval Elovici,Alex Pentland,Manuel Cebrian

DOI: https://doi.org/10.48550/arXiv.1010.1028

2010-10-06

Abstract:In this paper we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, which we dub Stealing Reality. We present Stealing Reality, explain why it differs from traditional types of network attacks, and discuss why its impact is significantly more dangerous than that of other attacks. We also present our initial analysis and results regarding the form that an SR attack might take, with the goal of promoting the discussion of defending against such an attack, or even just detecting the fact that one has already occurred.

Social and Information Networks,Physics and Society

Xuan Ding,Lan Zhang,Zhiguo Wan,Ming Gu

DOI: https://doi.org/10.1109/CASoN.2010.139

2010-01-01

Abstract:Nowadays, online social network data are increasingly made publicly available to third parties. Several anonymization techniques have been studied and adopted to preserve privacy in the publishing of data. However, recent works have shown that de-anonymization of the released data is not only possible but also practical. In this paper, we present a brief yet systematic review of the existing de-anonymization attacks in online social networks. We unify the models of de-anonymization, centering around the concept of feature matching. We survey the de-anonymization methods in two categories: mapping-based approaches and guessing-based approaches. We discuss three techniques that would potentially improve the surveyed attacks.

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Chun-Ming Lai,Xiaoyun Wang,Yunfeng Hong,Yu-Cheng Lin,S. Felix Wu,Patrick McDaniel,Hasan Cam

DOI: https://doi.org/10.23919/CNSM.2017.8256040

2018-02-13

Abstract:Online social network (OSN) discussion groups are exerting significant effects on political dialogue. In the absence of access control mechanisms, any user can contribute to any OSN thread. Individuals can exploit this characteristic to execute targeted attacks, which increases the potential for subsequent malicious behaviors such as phishing and malware distribution. These kinds of actions will also disrupt bridges among the media, politicians, and their constituencies. For the concern of Security Management, blending malicious cyberattacks with online social interactions has introduced a brand new challenge. In this paper we describe our proposal for a novel approach to studying and understanding the strategies that attackers use to spread malicious URLs across Facebook discussion groups. We define and analyze problems tied to predicting the potential for attacks focused on threads created by news media organizations. We use a mix of macro static features and the micro dynamic evolution of posts and threads to identify likely targets with greater than 90% accuracy. One of our secondary goals is to make such predictions within a short (10 minute) time frame. It is our hope that the data and analyses presented in this paper will support a better understanding of attacker strategies and footprints, thereby developing new system management methodologies in handing cyber attacks on social networks.

Social and Information Networks

Cong Tang,Yonggang Wang,Hu Xiong,Tao Yang,Jianbin Hu,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1109/AINA.2011.57

2011-01-01

Abstract:Private attributes of Online Social Network (OSN) users can be inferred from other information (which is usually from users' friends and group information). To address this, social networking sites allow users to hide their friend lists and group lists, so that general public cannot see them. However, if a user doesn't make his friend list public, but his friends have public friend list where we can find him, we can do reverse lookup to extend the friend lists of the user. Furthermore, many social networks allow non-group members to list the members of public groups (e.g., Face book). These are strong violations of OSN users' privacy, and can be considered as privacy risks caused by the asymmetric configuration of settings in OSNs. In this paper we present the privacy risks due to the lack of symmetric configurations, which exist in most of the OSNs. To make our idea more clear, we propose a inference attack and show that it can be used to infer users' private information, even users already made their friend list private. We theoretically analyze the risk of proposed privacy issues, and evaluate the risk using experiments based on real-world OSN data. We show that it is not sufficient to only disable friend list and group list to guarantee privacy, and propose methods to mitigate these privacy issues.

Wangchenlu Huang,Shenao Wang,Yanjie Zhao,Guosheng Xu,Haoyu Wang

2024-05-17

Abstract:In the digital era, Online Social Networks (OSNs) play a crucial role in information dissemination, with sharing cards for link previews emerging as a key feature. These cards offer snapshots of shared content, including titles, descriptions, and images. In this study, we investigate the construction and dissemination mechanisms of these cards, focusing on two primary server-side generation methods based on Share-SDK and HTML meta tags. Our investigation reveals a novel type of attack, i.e., Sharing Card Forgery (SCF) attack that can be exploited to create forged benign sharing cards for malicious links. We demonstrate the feasibility of these attacks through practical implementations and evaluate their effectiveness across 13 various online social networks. Our findings indicate a significant risk, as the deceptive cards can evade detection and persist on social platforms, thus posing a substantial threat to user security. We also delve into countermeasures and discuss the challenges in effectively mitigating these types of attacks. This study not only sheds light on a novel phishing technique but also calls for heightened awareness and improved defensive strategies in the OSN ecosystem.

Cryptography and Security

Abbas Acar,Hossein Fereidooni,Tigist Abera,Amit Kumar Sikder,Markus Miettinen,Hidayet Aksu,Mauro Conti,Ahmad-Reza Sadeghi,Selcuk Uluagac

DOI: https://doi.org/10.1145/3395351.3399421

2020-05-14

Abstract:A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.

Cryptography and Security

Xiaoyu Ji,Yushi Cheng,Wenyuan Xu,Yuehan Chi,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1109/tmc.2021.3092209

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study the electromagnetic (EM) emission of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, e.g., a smartphone. We propose MagAttack, which exploits the electromagnetic side channel of a laptop to guess user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 30 popular applications, 30 YouTube videos, and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 30 applications with an average accuracy of 98.6 percent, and identify which video out of the 30 candidates being played with an average accuracy of 97.5 percent and visiting which website among the 50 candidates with an average accuracy of 90.4 percent.

computer science, information systems,telecommunications