1,972 research outputs found
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
Network steganography is the art of hiding secret information within innocent
network transmissions. Recent findings indicate that novel malware is
increasingly using network steganography. Similarly, other malicious activities
can profit from network steganography, such as data leakage or the exchange of
pedophile data. This paper provides an introduction to network steganography
and highlights its potential application for harmful purposes. We discuss the
issues related to countering network steganography in practice and provide an
outlook on further research directions and problems.Comment: 11 page
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Portable Tor Router: Easily Enabling Web Privacy for Consumers
On-line privacy is of major public concern. Unfortunately, for the average
consumer, there is no simple mechanism to browse the Internet privately on
multiple devices. Most available Internet privacy mechanisms are either
expensive, not readily available, untrusted, or simply provide trivial
information masking. We propose that the simplest, most effective and
inexpensive way of gaining privacy, without sacrificing unnecessary amounts of
functionality and speed, is to mask the user's IP address while also encrypting
all data. We hypothesized that the Tor protocol is aptly suited to address
these needs. With this in mind we implemented a Tor router using a single board
computer and the open-source Tor protocol code. We found that our proposed
solution was able to meet five of our six goals soon after its implementation:
cost effectiveness, immediacy of privacy, simplicity of use, ease of execution,
and unimpaired functionality. Our final criterion of speed was sacrificed for
greater privacy but it did not fall so low as to impair day-to-day
functionality. With a total cost of roughly $100.00 USD and a speed cap of
around 2 Megabits per second we were able to meet our goal of an affordable,
convenient, and usable solution to increased on-line privacy for the average
consumer.Comment: 6 pages, 5 figures, IEEE ICCE Conferenc
Hidden in Plain Sight: Exploring Encrypted Channels in Android apps
As privacy features in Android operating system improve, privacy-invasive
apps may gradually shift their focus to non-standard and covert channels for
leaking private user/device information. Such leaks also remain largely
undetected by state-of-the-art privacy analysis tools, which are very effective
in uncovering privacy exposures via regular HTTP and HTTPS channels. In this
study, we design and implement, ThirdEye, to significantly extend the
visibility of current privacy analysis tools, in terms of the exposures that
happen across various non-standard and covert channels, i.e., via any protocol
over TCP/UDP (beyond HTTP/S), and using multi-layer custom encryption over
HTTP/S and non-HTTP protocols. Besides network exposures, we also consider
covert channels via storage media that also leverage custom encryption layers.
Using ThirdEye, we analyzed 12,598 top-apps in various categories from
Androidrank, and found that 2887/12,598 (22.92%) apps used custom
encryption/decryption for network transmission and storing content in shared
device storage, and 2465/2887 (85.38%) of those apps sent device information
(e.g., advertising ID, list of installed apps) over the network that can
fingerprint users. Besides, 299 apps transmitted insecure encrypted content
over HTTP/non-HTTP protocols; 22 apps that used authentication tokens over
HTTPS, happen to expose them over insecure (albeit custom encrypted)
HTTP/non-HTTP channels. We found non-standard and covert channels with multiple
levels of obfuscation (e.g., encrypted data over HTTPS, encryption at nested
levels), and the use of vulnerable keys and cryptographic algorithms. Our
findings can provide valuable insights into the evolving field of non-standard
and covert channels, and help spur new countermeasures against such privacy
leakage and security issues.Comment: Extended version of an ACM CCS 2022 pape
- …