Rui Ning,Cong Wang,ChunSheng Xin,Jiang Li,Hongyi Wu

DOI: https://doi.org/10.1016/j.pmcj.2019.101106

IF: 3.848

2020-01-01

Pervasive and Mobile Computing

Abstract:In this paper, we report a newfound vulnerability on smartphones due to the malicious use of unsupervised sensor data. We demonstrate that an attacker can train deep Convolutional Neural Networks (CNN) by using magnetometer or orientation data to effectively infer the Apps and their usage information on a smartphone with an accuracy of over 80%. Furthermore, we show that such attacks can become even worse if sophisticated attackers exploit motion sensors to cluster the magnetometer or orientation data, improving the accuracy to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only 15% and at the same time has negligible effect on benign Apps.

Ping Dong,Namin Hou,Yuting Tang,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1016/j.hcc.2024.100222

2024-01-01

High-Confidence Computing

Abstract:The development of wireless communication network technology has provided people with diversified and convenient services. However, with the expansion of network scale and the increase in the number of devices, malicious attacks on wireless communication are becoming increasingly prevalent, causing significant losses. Currently, wireless communication systems authenticate identities through certain data identifiers. However, this software-based data information can be forged or replicated. This article proposes the authentication of device identity using the hardware fingerprint of the terminal’s Radio Frequency (RF) components, which possesses properties of being genuine, unique, and stable, holding significant implications for wireless communication security. Through the collection and processing of raw data, extraction of various features including time-domain and frequency-domain features, and utilizing machine learning algorithms for training and constructing a legal fingerprint database, it is possible to achieve close to a 97% recognition accuracy for Fifth Generation (5G) terminals of the same model. This provides an additional and robust hardware-based security layer for 5G communication security, enhancing monitoring capability and reliability.

Jiayu Zhang,Zhiyun Wang,Xiaoyu Ji,Wenyuan Xu,Gang Qu,Minjian Zhao

DOI: https://doi.org/10.1109/jiot.2020.3024572

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:With the increasing popularity of the Internet-of-Things (IoT) devices, the demand for fast and convenient battery charging services grows rapidly. Wireless charging is a promising technology for such a purpose and its usage has become ubiquitous. However, the close distance between the charger and the device being charged not only makes proximity-based and near-field communication attacks possible but also introduces a new type of vulnerabilities. In this article, we propose to create fingerprints for wireless chargers based on the intrinsic nonlinear distortion effects of the underlying charging circuit. Using such fingerprints, we design the WirelessID system to detect potential short-range malicious wireless charging attacks. WirelessID collects signals in the standby state of the charging process and sends them to a trusted server, which can extract the fingerprint and then identify the charger. We conduct experiments on eight commercial chargers over a period of five months and collect 8000 traces of signal. We use 10% of the traces as the training data set and the rest for testing. The results show that on the standard performance metrics, we have achieved 99.0% precision, 98.9% recall, and 98.9% $F1$ -score.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Pan,Yi-Chao Chen,Guangtao Xue,Xiaoyu Ji

DOI: https://doi.org/10.1145/3117811.3117824

2017-01-01

Abstract:Near-field communication (NFC) plays a crucial role in the operation of mobile devices to enhance applications such as payment, social networks, private communication, gaming, and etc. Despite of the convenience, existing NFC standards like ISO-13157 require additional hardware (e.g., loop antenna and dedicated chip) and thereby hindering their wide-scale applications. In this work, we seek to propose a novel near-field communication protocol, MagneComm, which utilizes Magnetic Induction (MI) signals emitted from CPUs and captured by magnetometers on mobile devices for communication. Since CPUs and magnetometers are readily available components in mobile devices, MagneComm eliminates the requirement for special hardware and complements existing near-field communication protocols by providing additional bandwidth. We systematically analyze the characteristics of magnetic signals of CPUs and facilitate MagneComm with one-way communication, full-duplex communication, and multi-transmitter schemes in accordance with the hardware availability on devices. We prototype MagneComm on both laptops and smartphones. Extensive evaluation results show that MagneComm achieves up to 110bps within 10cm.

Guangtao Xue,Hao Pan,Yi-Chao Chen,Xiaoyu Ji,Jiadi Yu

DOI: https://doi.org/10.1109/tmc.2021.3133481

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Near-field communication (NFC) technology emerges as a vital role with appealing benefits for users to improve mobile device’s functionality. Although today’s most smartphones and smartwatches come with NFC support, other mobile devices (e.g., PC and laptops) and IoT devices that don’t equip with dedicated radio modules cannot take advantage of wide-scale NFC capability. We design and develop MagneComm+ , an NFC-like implementation scheme without dedicated hardware and propose a novel near-field communication protocol that is applicable to almost all mobile devices and IoT devices. The key idea is to utilize the electromagnetic induction (EMI) signal emitted from the computing devices (e.g., CPUs) and captured by magnetometers on mobile devices for communication. We tackle challenges in data encoding/decoding , preamble detection , retransmission and error correction , multi-transmitter , and full-duplex schemes, to efficiently generate and reliably receive EMI signal with the hardware available on devices. We prototype MagneComm+ on both between laptops and smartphones, as well as between two laptops with an external magnetometer. Extensive evaluation results show that our MagneComm+ supports around $10~cm$10cm communication distance with average 110 bps (bit per second) data rate on the normal-speed mode, and maximum 17.28 kbps on the full-speed mode.

Hao Pan,Lanqing Yang,Honglu Li,Chuang-Wen You,Xiaoyu Ji,Yi-Chao Chen,Zhenxian Hu,Guangtao Xue

DOI: https://doi.org/10.1109/secon52354.2021.9491601

2021-01-01

Abstract:Various characteristics of mobile applications (apps) and associated in-app services have been used reveal potentially-sensitive user information; however, privacy concerns have prompted third-party apps to rigorously restrict access to data related to mobile app usage. This paper outlines a novel approach to the extraction of detailed app usage information based on analysis of the electromagnetic (EM) signals emitted from mobile devices when executing app-related tasks. Note that this type of EM leakage becomes high-complex when multiple apps are used simultaneously and is subject to interference from geomagnetic signals generated by device movement. This paper proposes a deep learning-based multi-label classification system to identify apps and in-app services based on magnetometer readings. The proposed MAGTHIEF system uses accelerometer and gyroscope data to cancel out the offset in geomagnetic signals followed by an elaborate deep region convolution neural network (DRCNN) to differentiate among multiple apps and the corresponding inapp services. Experiments on 50 apps demonstrated the efficacy of MAGTHIEF in identifying multiple apps and in-app services, achieving high average macro F1 scores of 0.87 and 0.95, respectively. MAGTHIEF also achieved time duration accuracy of 89.5% in recognizing app trajectory in the real-world scene.

Xiaoyu Ji,Yushi Cheng,Juchuan Zhang,Yuehan Chi,Wenyuan Xu,Yi-Chao Chen

DOI: https://doi.org/10.1145/3495158

2021-01-01

ACM Transactions on Sensor Networks

Abstract:With the widespread use of smart devices, device authentication has received much attention. One popular method for device authentication is to utilize internally measured device fingerprints, such as device ID, software or hardware-based characteristics. In this article, we propose DeMiCPU, a stimulation-response-based device fingerprinting technique that relies on externally measured information, i.e., magnetic induction (MI) signals emitted from the CPU module that consists of the CPU chip and its affiliated power-supply circuits. The key insight of DeMiCPU is that hardware discrepancies essentially exist among CPU modules and thus the corresponding MI signals make promising device fingerprints, which are difficult to be modified or mimicked. We design a stimulation and a discrepancy extraction scheme and evaluate them with 90 mobile devices, including 70 laptops (among which 30 are of totally identical CPU and operating system) and 20 smartphones. The results show that DeMiCPU can achieve 99.7% precision and recall on average, and 99.8% precision and recall for the 30 identical devices, with a fingerprinting time of 0.6~s. The performance can be further improved to 99.9% with multi-round fingerprinting. In addition, we implement a prototype of DeMiCPU docker, which can effectively reduce the requirement of test points and enlarge the fingerprinting area.

Hao Pan,Feitong Tan,Wenhao Li,Yi-Chao Chen,Lanqing Yang,Guangtao Xue,Xiaoyu Ji

DOI: https://doi.org/10.1109/secon55815.2022.9918604

2022-01-01

Abstract:This study reveals that on-board hardware modules leak electromagnetic (EM) emissions whenever audio or camera data is accessed, and proposes Magdefender scheme that explores the possibility of using the magnetometer built into mobile devices to detect eavesdropping instances by malicious apps and even the unscrupulous phone vendors. However, the target EM signals generated by accessing multimedia data is weak and tends to be buried beneath other noisy EM signals from apps running in the foreground. It is also subject to the external interference from geomagnetic signals generated by the device movement. To cope with the challenges, we adopt a generative adversarial networks (GAN) based model to facilitate the extraction of target EM signals indicating the occurrence of eavesdropping from the overall magnetometer readings. We also develop a neural network-based classifier with triplet loss embedding to identify the EM signals from the camera and/or microphones. Empirical results demonstrate the efficacy of MagDefenderin recognizing instances of eavesdropping on cameras/microphones data, with average accuracy of 97.3% when applied to the trained devices, and average 91.5% on unseen mobile devices.

Shenyao Jiang,Wangqiu Zhou,Hao Zhou,Jialin Deng,Haisheng Tan,Zhi Liu,Zhenjiang Li

DOI: https://doi.org/10.1109/iwqos61813.2024.10682854

2024-01-01

Abstract:Device authentication plays a crucial role in preventing illegal access and ensuring smooth usage of magnetic wireless charging. However, current authentication techniques suffer from security vulnerabilities and are incompatible with low-cost receiver devices, thus severely limiting their applications. In this paper, we propose FreAuth, a novel Frequency feature-based device Authentication technology for magnetic wireless power transfer systems. Technically, we begin by conducting circuit measurements at the transmitter side to subtly retrieve impedance information related to the receiver without the need for its corporation. Then, we employ a dual-frequency interleaved-based subtraction technique to remove the ideal receiver impedance and capture the fairly weak frequency features. Furthermore, we normalize the captured frequency features to account for environment variations. These steps allow us to generate and store a hardware fingerprint for the receiver based on its frequency features. During device authentication, we use a discrete Frechet distance-based algorithm for fingerprint matching. We devise and implement a prototype of FreAuth and conduct extensive experiments to evaluate the proposed scheme. The experimental results validate the reliability (95.74% authentication accuracy among 60+ devices) and robustness (anti-interference with device location variations) of our FreAuth.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Deliang Yang,Guoliang Xing,Jun Huang,Xiangmao Chang,Xiaofan Jiang

DOI: https://doi.org/10.1109/IoTDI49375.2020.00009

2020-01-01

Abstract:Recent years have witnessed the increasing penetration of wireless charging base stations in the workplace and public areas, such as airports and cafeteria. Such an emerging wireless charging infrastructure has presented opportunities for new indoor localization and identification services for mobile users. In this paper, we present QID, the first system that can identify a Qi-compliant mobile device during wireless charging in real-time. QID extracts features from the clock oscillator and control scheme of the power receiver and employs light-weight algorithms to classify the device. QID adopts 2-dimensional motion unit to emulate a variety of multi-coil designs of Qi, which allows for fine-grained device fingerprinting. Our results show that QID achieves high recognition accuracy. With the prevalence of public wireless charging stations, our results also have important implications for mobile user privacy.

Yushi Cheng,Xiaoyu Ji,Wenyuan Xu,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1145/3321705.3329817

2019-01-01

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

Hao Ma,Lingni Ma

DOI: https://doi.org/10.1109/IECON.2010.5675413

2010-01-01

Abstract:Contactless battery charging platform is an emerging technology that brings safety, reliability and convenience to low-profile charging applications. In this paper, an improved three-layer circular coil array PCB winding is proposed, which can generate the near-uniform magnetic field over a specific operation area. Moreover, an optimal circuit design procedure is developed to maintain the approximately constant output voltage, regardless of the magnetic coupling variation. The coil structure is analyzed with finite-element simulation and verified with EMC scanner test results. Measurements and experiments are further carried out to confirm the almost uniform magnetic coupling and validate the circuit design procedure. The design proposed in this paper is well adaptable to a universal battery charging platform.

Lanqing Yang,Yi-Chao Chen,Hao Pan,Dian Ding,Guangtao Xue,Linghe Kong,Jiadi Yu,Minglu Li

DOI: https://doi.org/10.1109/infocom41043.2020.9155534

2020-01-01

Abstract:Understanding the nature of user-device interactions (e.g., who is using the device and what he/she is doing with it) is critical to many applications including time management, user profiles, and privacy protection. However, in scenarios where mobile devices are shared among family members or multiple employees in a company, conventional account-based statistics are not meaningful. This poses an even bigger problem when dealing with sensitive data. Moreover, fingerprint readers and front-facing cameras were not designed to continuously identify users. In this study, we developed MAGPRINT, a novel approach to fingerprint users based on unique patterns in the electromagnetic (EM) signals associated with the specific use patterns of users. Initial experiments showed that time-varying EM patterns are unique to individual users. They are also temporally and spatially consistent, which makes them suitable for fingerprinting. MAGPRINT has a number of advantages over existing schemes: i) Non-intrusive fingerprinting, ii) implementation using a small and easy-to-deploy device, and iii) high accuracy thanks to the proposed classification algorithm. In experiments involving 30 users, MAGPRINT achieves 94.3% accuracy in classifying users from these traces, which represents an 10.9% improvement over the state-of-the-art classification method.

Deliang Yang,Jun Huang,Xiangmao Chang,Xiaofan Jiang,Guoliang Xing

DOI: https://doi.org/10.5555/3324320.3324381

2019-01-01

Abstract:Recent years have witnessed the increasing penetration of wireless charging base stations in the workplace and public areas, such as airports and cafeteria, to allow users to charge their mobile devices. Such an emerging wireless charging infrastructure has presented opportunities for developing new indoor localization and identification services for mobile users. In this demo, we present QID, the first system that can identify a Qi-compliant device during wireless charging in real-time using features extracted from the clock oscillator and control scheme of the power receiver. QID employs 2-dimensional motion unit to regulate the inductive coupling between the power transmitting and receiving coils, which allows for fine-grained device fingerprinting.

Jianwei Liu,Xiang Zou,Leqi Zhao,Yusheng Tao,Sideng Hu,Jinsong Han,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2022.3173063

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Wireless charging is becoming an essential power supply pattern for electronic devices. Currently, mainstream smartphones are almost compatible with wireless charging. However, when the charging efficiency is continuously improved, its security challenge still remains open yet overlooked. In this paper, we reveal that severe security flaws exist in the wireless charging procedure of off-the-shelf commodity smartphones. Specifically, we find that an attacker can utilize the electromagnetic induction effect between the wireless charger and the smartphone to detect the activities and operations performed on the smartphone. We term such attack as EM-Surfing side-channel attack and build a theoretical model to show its feasibility. To explore the hazard of EM-Surfing , we propose a three-module attack method, with which we conduct real-world experiments over three mainstream models of smartphones. The results show that the attacker can achieve over 99%, 96%, 94%, and 97% accuracy when inferring the passcode, keystroke, App information, and speech content, respectively. We also design an App named SecCharging to prevent smartphones from EM-Surfing attacks. The defense experiment results demonstrate that SecCharging can mitigate the threats posed by EM-Surfing effectively.

Yirui Yang,Zihao Zhan,Honggang Yu,Qinghui Huang,Shuo Wang

DOI: https://doi.org/10.1109/apec48139.2024.10509303

2024-01-01

Abstract:This research uncovers that wireless charging of mobile phones generates a leakage magnetic field in the surrounding space, containing information about charging power. Using longwave radio technology with a ferrite rod antenna, signal detection extends to 1.5 meters, enabling inconspicuous measurement. Extracting features from the magnetic field waveforms, machine learning trains a Deep Neural Network model to distinguish user’s activities on the phone with 100% accuracy. This highlights the privacy risks posed by this wireless charging technology, providing valuable insights into potential privacy concerns.

Yan Zhang,Dianqi Han,Ang Li,Lili Zhang,Tao Li,Yanchao Zhang

DOI: https://doi.org/10.1109/tmc.2021.3072598

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Secure and usable user authentication is the first line of defense against cyber attacks on smart end-user devices. Advanced hacking techniques pose severe threats to the traditional authentication systems based on the password/PIN/fingerprint. We propose MagAuth, a secure and usable two-factor authentication scheme with commercial off-the-shelf (COTS) wrist wearables with magnetic strap bands to enhance the security and usability of password-based authentication for mobile touchscreen devices. In MagAuth, a user enrolls a self-chosen unlock pattern or touch gesture into his touchscreen device by performing it with the same hand the magnetic wrist wearable is on. The chosen unlock pattern or touch gesture serves as the first authentication factor, and the user's behavioral features manifested in the magnetic field changes during his finger movement correspond to the second factor. The user can unlock his touchscreen device only when both authentication factors can be validated. Comprehensive user experiments confirm the high security and usability of MagAuth. In particular, MagAuth achieves an average true-positive rate up to 96.3 percent and a false-positive rate no larger than 8.4 percent. Moreover, we show that MagAuth is highly resilient to various attacks.

computer science, information systems,telecommunications

Deliang Yang,Guoliang Xing,Jun Huang,Xiangmao Chang,Xiaofan Jiang

DOI: https://doi.org/10.1145/3498904

2022-01-01

ACM Transactions on Internet of Things

Abstract:Recent years have witnessed the increasing penetration of wireless charging base stations in the workplace and public areas, such as airports and cafeterias. Such an emerging wireless charging infrastructure has presented opportunities for new indoor localization and identification services for mobile users. In this paper, we present QID, the first system that can identify a Qi-compliant mobile device during wireless charging in real-time. QID extracts features from the clock oscillator and control scheme of the power receiver and employs light-weight algorithms to classify the device. QID adopts a 2-dimensional motion unit to emulate a variety of multi-coil designs of Qi, which allows for fine-grained device fingerprinting. Our results show that QID achieves high recognition accuracy. With the prevalence of public wireless charging stations, our results also have important implications for mobile user privacy.

Rongxiang Zhao

2006-01-01

Abstract:A design of contactless charging circuit based on magnetic amplifier is presented.The operating principle of the magnetic amplifier is described in detail,as well as the operating process of the circuit.The problems existing in(conventional) circuits are analyzed and some solutions are given to solve these problems.At last the design is verified by experiment.