Segurança em Dispositivos Móveis - LOGALIFE

O projeto LOGALIFE surgiu de uma autoproposta realizada para a unidade curricular (UC) de Projeto de Segurança. Esta UC, pertencente ao primeiro ano do Mestrado de Cibersegurança e Informática Forense, tem como principal objetivo que os estudantes definam uma autoproposta de projeto que possa ser desenvolvida como projeto final de Mestrado. O objetivo desta UC foi atingido uma vez que o tema autoproposto foi precisamente o utilizado como projeto final do segundo e último ano do Mestrado. Este projeto nasce da curiosidade de longa data em perceber qual o nível de privacidade que um utilizador Android tem ao utilizar diversas aplicações a partir do momento em que este cede algumas permissões. A ideia do projeto surgiu ao reparar que aplicações simples como calculadoras, aplicações de produtividade, aplicações de fitness, etc. pedem recorrentemente permissões que parecem excessivas para as funcionalidades anunciadas pela aplicação. A ideia evoluiu para, em vez de ser feita uma análise às aplicações, ser desenvolvida uma aplicação que obtenha o máximo de informações do utilizador sem que este se aperceba, ou seja, a ideia principal passa por desenvolver a aplicação pensando como um programador “mal-intencionado” e perceber que informações são possíveis de obter com e sem a cedência de permissões do utilizador. Ao longo do desenvolvimento da aplicação LOGALIFE todas as informações obtidas e a forma como as mesmas foram adquiridas foram reportadas no relatório desenvolvido em simultâneo com o projeto. Para além da aplicação Android e do relatório foi também desenvolvida uma aplicação WEB com o propósito de apresentar e analisar os dados obtidos. Esta aplicação WEB é como se fosse o painel de administrador que seria utilizado pelo programador “mal-intencionado” para aceder aos dados dos utilizadores da aplicação LOGALIFE

Neyman-Pearson Decision in Traffic Analysis

The increase of encrypted traffic on the Internet may become a problem for network-security applications such as intrusion-detection systems or interfere with forensic investigations. This fact has increased the awareness for traffic analysis, i.e., inferring information from communication patterns instead of its content. Deciding correctly that a known network flow is either the same or part of an observed one can be extremely useful for several network-security applications such as intrusion detection and tracing anonymous connections. In many cases, the flows of interest are relayed through many nodes that reencrypt the flow, making traffic analysis the only possible solution. There exist two well-known techniques to solve this problem: passive traffic analysis and flow watermarking. The former is undetectable but in general has a much worse performance than watermarking, whereas the latter can be detected and modified in such a way that the watermark is destroyed. In the first part of this dissertation we design techniques where the traffic analyst (TA) is one end of an anonymous communication and wants to deanonymize the other host, under this premise that the arrival time of the TA\u27s packets/requests can be predicted with high confidence. This, together with the use of an optimal detector, based on Neyman-Pearson lemma, allow the TA deanonymize the other host with high confidence even with short flows. We start by studying the forensic problem of leaving identifiable traces on the log of a Tor\u27s hidden service, in this case the used predictor comes in the HTTP header. Afterwards, we propose two different methods for locating Tor hidden services, the first one is based on the arrival time of the request cell and the second one uses the number of cells in certain time intervals. In both of these methods, the predictor is based on the round-trip time and in some cases in the position inside its burst, hence this method does not need the TA to have access to the decrypted flow. The second part of this dissertation deals with scenarios where an accurate predictor is not feasible for the TA. This traffic analysis technique is based on correlating the inter-packet delays (IPDs) using a Neyman-Pearson detector. Our method can be used as a passive analysis or as a watermarking technique. This algorithm is first made robust against adversary models that add chaff traffic, split the flows or add random delays. Afterwards, we study this scenario from a game-theoretic point of view, analyzing two different games: the first deals with the identification of independent flows, while the second one decides whether a flow has been watermarked/fingerprinted or not

Secure covert communications over streaming media using dynamic steganography

Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems get really serious. This thesis describes a theoretical and experimental investigation of secure covert communications over streaming media using dynamic steganography. A covert VoIP communications system was developed in C++ to enable the implementation of the work being carried out. A new information theoretical model of secure covert communications over streaming media was constructed to depict the security scenarios in streaming media-based steganographic systems with passive attacks. The model involves a stochastic process that models an information source for covert VoIP communications and the theory of hypothesis testing that analyses the adversary‘s detection performance. The potential of hardware-based true random key generation and chaotic interval selection for innovative applications in covert VoIP communications was explored. Using the read time stamp counter of CPU as an entropy source was designed to generate true random numbers as secret keys for streaming media steganography. A novel interval selection algorithm was devised to choose randomly data embedding locations in VoIP streams using random sequences generated from achaotic process. A dynamic key updating and transmission based steganographic algorithm that includes a one-way cryptographical accumulator integrated into dynamic key exchange for covert VoIP communications, was devised to provide secure key exchange for covert communications over streaming media. The discrete logarithm problem in mathematics and steganalysis using t-test revealed the algorithm has the advantage of being the most solid method of key distribution over a public channel. The effectiveness of the new steganographic algorithm for covert communications over streaming media was examined by means of security analysis, steganalysis using non parameter Mann-Whitney-Wilcoxon statistical testing, and performance and robustness measurements. The algorithm achieved the average data embedding rate of 800 bps, comparable to other related algorithms. The results indicated that the algorithm has no or little impact on real-time VoIP communications in terms of speech quality (< 5% change in PESQ with hidden data), signal distortion (6% change in SNR after steganography) and imperceptibility, and it is more secure and effective in addressing the security problems than other related algorithms

Honeypot for Wireless Sensor Networks

People have understood that computer systems need safeguarding and require knowledge of security principles for their protection. While this has led to solutions for system components such as malware-protection, firewalls and intrusion detection systems, the ubiquitous usage of tiny microcomputers appeared at the same time. A new interconnectivity is on the rise in our lives. Things become “smart” and increasingly build new networks of devices. In this context the wireless sensor networks here interact with users and also, vice versa as well; unprivileged users able to interact with the wireless sensor network may harm the privileged user as a result. The problem that needs to be solved consists of possible harm that may be caused by an unprivileged user interacting with the wireless sensor network of a privileged user and may come via an attack vector targeting a vul- nerability that may take as long as it is needed and the detection of such mal-behaviour can only be done if a sensing component is implemented as a kind of tool detecting the status of the attacked wireless sensor network component and monitors this problem happening as an event that needs to be researched further on. Innovation in attack detection comprehension is the key aspect of this work, because it was found to be a set of hitherto not combined aspects, mechanisms, drafts and sketches, lacking a central combined outcome. Therefore the contribution of this thesis consists in a span of topics starting with a summary of attacks, possible countermeasures and a sketch of the outcome to the design and implementation of a viable product, concluding in an outlook at possible further work. The chosen path for the work in this research was experimental prototype construction following an established research method that first highlights the analysis of attack vectors to the system component and then evaluates the possibilities in order to im- prove said method. This led to a concept well known in common large-scale computer science systems, called a honeypot. Its common definitions and setups were analy- sed and the concept translation to the wireless sensor network domain was evaluated. Then the prototype was designed and implemented. This was done by following the ap- proach set by the science of cybersecurity, which states that the results of experiments and prototypes lead to improving knowledge intentionally for re-use

Security and Privacy for Ubiquitous Mobile Devices

We live in a world where mobile devices are already ubiquitous. It is estimated that in the United States approximately two thirds of adults own a smartphone, and that for many, these devices are their primary method of accessing the Internet. World wide, it is estimated that in May of 2014 there were 6.9 billion mobile cellular subscriptions, almost as much as the world population. of these 6.9 billion, approximately 1 billion are smart devices, which are concentrated in the developed world. In the developing world, users are moving from feature phones to smart devices as a result of lower prices and marketing efforts. Because smart mobile devices are ubiquitous, security and privacy are primary concerns. Threats such as mobile malware are already substantial, with over 2500 different types identified in 2010 alone. It is likely that, as the smart device market continues to grow, so to will concerns about privacy, security, and malicious software. This is especially true, because these mobile devices are relatively new. Our research focuses on increasing the security and privacy of user data on smart mobile devices. We propose three applications in this domain: (1) a service that provides private, mobile location sharing; (2) a secure, intuitive proximity networking solution; and (3) a potential attack vector in mobile devices, which utilizes novel covert channels. We also propose a first step defense mechanism against these covert channels. Our first project is the design and implementation of a service, which provides users with private and secure location sharing. This is useful for a variety of applications such as online dating, taxi cab services, and social networking. Our service allows users to share their location with one another with trust and location based access controls. We allow users to identify if they are within a certain distance of one another, without either party revealing their location to one another, or any third party. We design this service to be practical and efficient, requiring no changes to the cellular infrastructure and no explicit encryption key management for the users. For our second application, we build a modem, which enables users to share relatively small pieces of information with those that are near by, also known as proximity based networking. Currently there are several mediums which can be used to achieve proximity networking such as NFC, bluetooth, and WiFi direct. Unfortunately, these currently available schemes suffer from a variety of drawbacks including slow adoption by mobile device hardware manufactures, relatively poor usability, and wide range, omni-directional propagation. We propose a new scheme, which utilizes ultrasonic (high frequency) audio on typical smart mobile devices, as a method of communication between proximal devices. Because mobile devices already carry the necessary hardware for ultrasound, adoption is much easier. Additionally, ultrasound has a limited and highly intuitive propagation pattern because it is highly directional, and can be easily controlled using the volume controls on the devices. Our ultrasound modem is fast, achieving several thousand bits per second throughput, non-intrusive because it is inaudible, and secure, requiring attackers with normal hardware to be less than or equal to the distance between the sender and receiver (a few centimeters in our tests). Our third work exposes a novel attack vector utilizing physical media covert channels on smart devices, in conjunction with privilege escalation and confused deputy attacks. This ultimately results in information leakage attacks, which allow the attacker to gain access to sensitive information stored on a user\u27s smart mobile device such as their location, passwords, emails, SMS messages and more. Our attack uses our novel physical media covert channels to launder sensitive information, thereby circumventing state of the art, taint-tracking analysis based defenses and, at the same time, the current, widely deployed permission systems employed by mobile operating systems. We propose and implement a variety of physical media covert channels, which demonstrate different strengths such as high speed, low error rate, and stealth. By proposing several different channels, we make defense of such an attack much more difficult. Despite the challenging situation, in this work we also propose a novel defense technique as a first step towards research on more robust approaches. as a contribution to the field, we present these three systems, which together enrich the smart mobile experience, while providing mobile security and keeping privacy in mind. Our third approach specifically, presents a unique attack, which has not been seen in the wild , in an effort to keep ahead of malicious efforts

Security and Privacy Threats on Mobile Devices through Side-Channels Analysis

In recent years, mobile devices (such as smartphones and tablets) have become essential tools in everyday life for billions of people all around the world. Users continuously carry such devices with them and use them for daily communication activities and social network interactions. Hence, such devices contain a huge amount of private and sensitive information. For this reason, mobile devices become popular targets of attacks. In most attack settings, the adversary aims to take local or remote control of a device to access user sensitive information. However, such violations are not easy to carry out since they need to leverage a vulnerability of the system or a careless user (i.e., install a malware app from an unreliable source). A different approach that does not have these shortcomings is the side-channels analysis. In fact, side-channels are physical phenomenon that can be measured from both inside or outside a device. They are mostly due to the user interaction with a mobile device, but also to the context in which the device is used, hence they can reveal sensitive user information such as identity and habits, environment, and operating system itself. Hence, this approach consists of inferring private information that is leaked by a mobile device through a side-channel. Besides, side-channel information is also extremely valuable to enforce security mechanisms such as user authentication, intrusion and information leaks detection. This dissertation investigates novel security and privacy challenges on the analysis of side-channels of mobile devices. This thesis is composed of three parts, each focused on a different side-channel: (i) the usage of network traffic analysis to infer user private information; (ii) the energy consumption of mobile devices during battery recharge as a way to identify a user and as a covert channel to exfiltrate data; and (iii) the possible security application of data collected from built-in sensors in mobile devices to authenticate the user and to evade sandbox detection by malware. In the first part of this dissertation, we consider an adversary who is able to eavesdrop the network traffic of the device on the network side (e.g., controlling a WiFi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. Our work proves that it is possible to leverage machine learning techniques to identify user activity and apps installed on mobile devices analyzing the encrypted network traffic they produce. Such insights are becoming a very attractive data gathering technique for adversaries, network administrators, investigators and marketing agencies. In the second part of this thesis, we investigate the analysis of electric energy consumption. In this case, an adversary is able to measure with a power monitor the amount of energy supplied to a mobile device. In fact, we observed that the usage of mobile device resources (e.g., CPU, network capabilities) directly impacts the amount of energy retrieved from the supplier, i.e., USB port for smartphones, wall-socket for laptops. Leveraging energy traces, we are able to recognize a specific laptop user among a group and detect intruders (i.e., user not belonging to the group). Moreover, we show the feasibility of a covert channel to exfiltrate user data which relies on temporized energy consumption bursts. In the last part of this dissertation, we present a side-channel that can be measured within the mobile device itself. Such channel consists of data collected from the sensors a mobile device is equipped with (e.g., accelerometer, gyroscope). First, we present DELTA, a novel tool that collects data from such sensors, and logs user and operating system events. Then, we develop MIRAGE, a framework that relies on sensors data to enhance sandboxes against malware analysis evasion

Sensor-Based Covert Channels on Mobile Devices

Smartphones have become ubiquitous in our daily activities, having billions of active users worldwide. The wide range of functionalities of modern mobile devices is enriched by many embedded sensors. These sensors, accessible by third-party mobile applications, pose novel security and privacy threats to the users of the devices. Numerous research works demonstrate that user keystrokes, location, or even speech can be inferred based on sensor measurements. Furthermore, the sensor itself can be susceptible to external physical interference, which can lead to attacks on systems that rely on sensor data. In this dissertation, we investigate how reaction of sensors in mobile devices to malicious physical interference can be exploited to establish covert communication channels between otherwise isolated devices or processes. We present multiple covert channels that use sensors’ reaction to electromagnetic and acoustic interference to transmit sensitive data from nearby devices with no dedicated equipment or hardware modifications. In addition, these covert channels can also transmit information between applications within a mobile device, breaking the logical isolation enforced by the operating system. Furthermore, we discuss how sensor-based covert channels can affect privacy of end users by tracking their activities on two different devices or across two different applications on the same device. Finally, we present a framework that automatically identifies covert channels that are based on physical interference between hardware components of mobile devices. As a result of the experimental evaluation, we can confirm previously known covert channels on smartphones, and discover novel sources of cross-component interference that can be used to establish covert channels. Focusing on mobile platforms in this work, we aim to show that it is of crucial importance to consider physical covert channels when assessing the security of the systems that rely on sensors, and advocate for holistic approaches that can proactively identify and estimate corresponding security and privacy risks

EU privacy and data protection law applied to AI: unveiling the legal problems for individuals

AI-powered emotion recognition, typing with thoughts or eavesdropping virtual assistants: three non-fictional examples illustrate how AI may impact society. AI-related products and services increasingly find their way into daily life. Are the EU's fundamental rights to privacy and data protection equipped to protect individuals effectively? In addressing this question, the dissertation concludes that no new legal framework is needed. Instead, adjustments are required. First, the extent of adjustments depends on the AI discipline. There is nothing like 'the AI'. AI covers various concepts, including the disciplines machine learning, natural language processing, computer vision, affective computing and automated reasoning. Second, the extent of adjustments depends on the type of legal problem: legal provisions are violated (type 1), cannot be enforced (type 2) or are not fit for purpose (type 3). Type 2 and 3 problems require either adjustments of current provisions or new judicial interpretations. Two instruments might be helpful for more effective legislation: rebuttable presumptions and reversal of proof. In some cases, the solution is technical, not legal. Research in AI should solve reasoning deficiencies in AI systems and their lack of common sense.Effective Protection of Fundamental Rights in a pluralist worl

Applications of slow-moving autonomous platforms for passive acoustic monitoring and density estimation of marine mammals

Advances in mobile autonomous vehicles for oceanographic sensing provide new opportunities for passive acoustic monitoring of marine mammals. Acoustically equipped mobile autonomous platforms, including gliders, deep-water profiling floats, and drifting surface buoys can survey for a variety of marine mammal species over intermediate spatiotemporal scales. Additionally, such mobile platforms may provide an effective tool for population density estimation of marine mammals. This dissertation advances our understanding of how gliders, deep-water floats, and surface drifters can be used for passive acoustic monitoring and density estimation of two cetacean species, fin whales (Balaenoptera physalus), and Cuvier’s beaked whales (Ziphius cavirostris). One glider and two drifting deep-water floats were simultaneously deployed in the vicinity of a deep-water cabled hydrophone array offshore of San Clemente Island, California, USA. The glider was able to follow a pre-defined track while float movement was somewhat unpredictable. Fin whale 20 Hz pulses were recorded by all recorders throughout the two-week deployment and presence at hourly and daily scales were comparable across all recorders. Performance of an automated template detector did not differ by recorder type. However, the glider data contained up to 78% fewer fin whale detections per hour compared to the floats or stationary hydrophones because of increased low-frequency flow noise present during glider descents. Flow noise was related to glider speed through water and dive state. Glider speeds through water of 25 cm/s or less are suggested to minimize flow noise. The cabled hydrophone array was also used to estimate fin whale localizations and tracks concurrently with the glider survey. These tracks were used in a trial-based approach to estimate a detection function for six-minute snapshots containing fin whale 20 Hz pulses. Detection probability was strongly dependent on 40 Hz noise levels (flow noise) recorded on the glider. At the median noise level of 97 kHz dB re 1 μPa2/Hz, maximum detection range was nearly 40 km and the estimated effective survey was 870 km2. Density of fin whales was estimated as 2.4 whales per 1000 km2 (coefficient of variation, CV 0.55) using a group size estimate from the tracked whales and an externally derived vocal rate from tagged fin whales. The framework presented here could be applied to other baleen whale species to advance the use of autonomous gliders for density estimation of cetacean species. A second two-week glider and float deployment was conducted concurrently with the deployment of a commonly used deep-water stationary recorder, the High-frequency Acoustic Recording Package (HARP) and an array of drifting near-surface recorders in the Catalina Basin, California, USA. Acoustic recordings were analyzed for the presence of multiple marine mammal species, including beaked whales, delphinids, and minke whales and were compared across the glider, float, and HARPs. Detections of beaked whale echolocation clicks were variable across recorders, likely due to differences in the recording limits of each system, the spatial distribution of the recorders, and the short detection radius of such a high-frequency, directional signal type. Delphinid whistles and clicks were prevalent across all recorders, and at levels that may have masked beaked whale vocalizations. Minke whale (Balaenoptera acutorostrata) boing sounds were detected almost identically across all recorder types, as was expected given the relatively long detection range of the boing call type. Spatially explicit capture-recapture was used to estimate density of Cuvier’s beaked whales from the near-surface drifting array of acoustic recorders. A snapshot approach was used with presence or absence of echolocation clicks within a 1-minute snapshot acting as the sampling unit. Using external estimates of group size and echolocation probability in a 1-minute snapshot, the density of Cuvier’s beaked whales, from the two best models was estimated at 5.48 animals per 1000 km2 (CV 0.46). This estimate was similar to estimates calculated using trial-based and distance sampling approaches applied to the same data set. Simulation experiments were conducted to investigate potential bias in estimated density caused by the configuration of the drifting array. Bias from the array configuration was found to be negligible, increased array spacing (approximately doubling and tripling between-sensor spacing) decreased bias, and the drifting aspect of the recorders also decreased bias, compared to simulations with stationary sensors. This work provides evidence that animal presence and absence at broad spatial scales such as hours and days are comparable across gliders, deep-water floats, and stationary recorders. The spatial advantage of mobile instruments is most pronounced for species with short acoustic detection ranges, such as beaked whales. Marine mammal density can be estimated from gliders and mobile drifters using either a trial-based or SECR approach examples presented here provide an exciting advance in marine mammal population monitoring