11,886 research outputs found
Your WiFi is leaking: what do your mobile apps gossip about you?
This paper describes how mobile device apps can inadvertently broadcast personal information through their use of wireless networks despite the correct use of encryption. Using a selection of personas we illustrate how app usage can be tied to personal information. Users would likely assume the confidentiality of personal information (including age, religion, sexuality and gender) when using an encrypted network. However, we demonstrate how encrypted traffic pattern analysis can allow a remote observer to infer potentially sensitive data passively and undetectably without any network credentials. Without the ability to read encrypted WiFi traffic directly, we process the limited side-channel data available (timings and frame sizes) to enable remote app detection. These side-channel data measurements are represented as histograms and used to construct a Random Forest classifier capable of accurately identifying mobile apps from the encrypted traffic they cause. The Random Forest algorithm was able to correctly identify apps with a mean accuracy of ∼99% within the training set. The classifier was then adapted to form the core of a detection program that could monitor multiple devices in real-time. Tests in a closed-world scenario showed 84% accuracy and demonstrated the ability to overcome the data limitations imposed by WiFi encryption. Although accuracy suffers greatly (67%) when moving to an open-world scenario, a high recall rate of 86% demonstrates that apps can unwittingly broadcast personal information openly despite using encrypted WiFi. The open-world false positive rate (38% overall, or 72% for unseen activity alone) leaves much room for improvement but the experiment demonstrates a plausible threat nevertheless. Finally, avenues for improvement and the limitations of this approach are identified. We discuss potential applications, strategies to prevent these leaks, and consider the effort required for an observer to present a practical privacy threat to the everyday WiFi user. This paper presents and demonstrates a nuanced and difficult to solve privacy vulnerability that cannot not be mitigated without considerable changes to current- and next-generation wireless communication protocols
No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position
News reports of the last few years indicated that several intelligence
agencies are able to monitor large networks or entire portions of the Internet
backbone. Such a powerful adversary has only recently been considered by the
academic literature. In this paper, we propose a new adversary model for
Location Based Services (LBSs). The model takes into account an unauthorized
third party, different from the LBS provider itself, that wants to infer the
location and monitor the movements of a LBS user. We show that such an
adversary can extrapolate the position of a target user by just analyzing the
size and the timing of the encrypted traffic exchanged between that user and
the LBS provider. We performed a thorough analysis of a widely deployed
location based app that comes pre-installed with many Android devices:
GoogleNow. The results are encouraging and highlight the importance of devising
more effective countermeasures against powerful adversaries to preserve the
privacy of LBS users.Comment: 14 pages, 9th International Conference on Network and System Security
(NSS 2015
Firmware enhancements for BYOD-aware network security
In today’s connected world, users migrate within a complex set of networks, including, but not limited to, 3G and 4G (LTE) services provided by mobile operators, Wi-Fi hotspots in private and public places, as well as wireless and/or wired LAN access in business and home environments. Following the widely expanding Bring Your Own Device (BYOD) approach, many public and educational institutions have begun to encourage customers and students to use their own devices at all times. While this may be cost-effective in terms of decreased investments in hardware and consequently lower maintenance fees on a long-term basis, it may also involve some security risks. In particular, many users are often connected to more than one network and/or communication service provider at the same time, for example to a 3G/4G mobile network and to a Wi-Fi. In a BYOD setting, an infected device or a rogue one can turn into an unwanted gateway, causing a security breach by leaking information across networks. Aiming at investigating in greater detail the implications of BYOD on network security in private and business settings we are building a framework for experiments with mobile routers both in home and business networks. This is a continuation of our earlier work on communications and services with enhanced security for network appliances
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
- …