1,134 research outputs found
Detecting smartphone state changes through a Bluetooth based timing attack
International audienceBluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Blue-tooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures
Detection of Advanced Bots in Smartphones through User Profiling
abstract: This thesis addresses the ever increasing threat of botnets in the smartphone domain and focuses on the Android platform and the botnets using Online Social Networks (OSNs) as Command and Control (C&C;) medium. With any botnet, C&C; is one of the components on which the survival of botnet depends. Individual bots use the C&C; channel to receive commands and send the data. This thesis develops active host based approach for identifying the presence of bot based on the anomalies in the usage patterns of the user before and after the bot is installed on the user smartphone and alerting the user to the presence of the bot. A profile is constructed for each user based on the regular web usage patterns (achieved by intercepting the http(s) traffic) and implementing machine learning techniques to continuously learn the user's behavior and changes in the behavior and all the while looking for any anomalies in the user behavior above a threshold which will cause the user to be notified of the anomalous traffic. A prototype bot which uses OSN s as C&C; channel is constructed and used for testing. Users are given smartphones(Nexus 4 and Galaxy Nexus) running Application proxy which intercepts http(s) traffic and relay it to a server which uses the traffic and constructs the model for a particular user and look for any signs of anomalies. This approach lays the groundwork for the future host-based counter measures for smartphone botnets using OSN s as C&C; channel.Dissertation/ThesisM.S. Computer Science 201
A tourism overcrowding sensor using multiple radio techniques detection
The motivation for this dissertation came from the touristic pressure felt in the historic
neighborhoods of Lisbon. This pressure is the result of the rise in the number of touristic
arrivals and the proliferation of local accommodation. To mitigate this problem the
research project in which this dissertation is inserted aims to disperse the pressure felt
by routing the tourists to more sustainable locations and locations that are not crowded.
The goal of this dissertation is then to develop a crowding sensor to detect, in real-time,
the number of persons in its vicinity by detecting how many smartphones it observes in
its readings. The proposed solution aims to detect the wireless trace elements generated
by the normal usage of smartphones. The technologies in which the sensor will detect
devices are Wi-Fi, Bluetooth and the mobile network.
For testing the results gathered by the sensor we developed a prototype that was deployed
on our campus and in a museum, during an event with strong attendance. The data
gathered was stored in a time-series database and a data visualization tool was used to
interpret the results.
The overall conclusions of this dissertation are that it is possible to build a sensor that
detects nearby devices thereby allowing to detect overcrowding situations. The prototype
built allows to detect crowd mobility patterns. The composition of technologies and
identity unification are topics deserving future research.A motivação para a presente dissertação surgiu da pressão turÃstica sentida nos bairros
históricos de Lisboa. Esta pressão é a consequência de um crescimento do número de
turistas e de uma cada vez maior utilização e proliferação do alojamento local. Para
mitigar este problema o projeto de investigação em que esta dissertação está inserida
pretende dispersar os turistas por locais sustentáveis e que não estejam sobrelotados.
O objetivo desta dissertação é o de desenvolver um sensor que consiga detetar, em tempo
real, detetar quantas pessoas estão na sua proximidade com base nos smartphones que
consegue detetar. A solução proposta tem como objetivo detetar os traços gerados pela
normal utilização de um smartphone. As tecnologias nas quais o sensor deteta traços de
utilização são Wi-Fi, Bluetooth e a rede móvel.
Para realizar os testes ao sensor, foi desenvolvido um protótipo que foi instalado no
campus e num museu durante um evento de grande afluência. Os dados provenientes
destes testes foram guardados numa base de dados de séries temporais e analisados
usando uma ferramenta de visualização de dados.
As conclusões obtidas nesta dissertação são que é possÃvel criar um sensor capaz de detetar
dispositivos na sua proximidade e detetar situações de sobrelotação/apinhamento. O
protótipo contruÃdo permite detectar padrões de mobilidade de multidões. A composição
de tecnologias e a unificação de identidade são problemas que requerem investigação futura
Continuous Authentication for Voice Assistants
Voice has become an increasingly popular User Interaction (UI) channel,
mainly contributing to the ongoing trend of wearables, smart vehicles, and home
automation systems. Voice assistants such as Siri, Google Now and Cortana, have
become our everyday fixtures, especially in scenarios where touch interfaces
are inconvenient or even dangerous to use, such as driving or exercising.
Nevertheless, the open nature of the voice channel makes voice assistants
difficult to secure and exposed to various attacks as demonstrated by security
researchers. In this paper, we present VAuth, the first system that provides
continuous and usable authentication for voice assistants. We design VAuth to
fit in various widely-adopted wearable devices, such as eyeglasses,
earphones/buds and necklaces, where it collects the body-surface vibrations of
the user and matches it with the speech signal received by the voice
assistant's microphone. VAuth guarantees that the voice assistant executes only
the commands that originate from the voice of the owner. We have evaluated
VAuth with 18 users and 30 voice commands and find it to achieve an almost
perfect matching accuracy with less than 0.1% false positive rate, regardless
of VAuth's position on the body and the user's language, accent or mobility.
VAuth successfully thwarts different practical attacks, such as replayed
attacks, mangled voice attacks, or impersonation attacks. It also has low
energy and latency overheads and is compatible with most existing voice
assistants
- …