1,764 research outputs found
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
With the rapid growth of the Internet-of-Things (IoT), concerns about the
security of IoT devices have become prominent. Several vendors are producing
IP-connected devices for home and small office networks that often suffer from
flawed security designs and implementations. They also tend to lack mechanisms
for firmware updates or patches that can help eliminate security
vulnerabilities. Securing networks where the presence of such vulnerable
devices is given, requires a brownfield approach: applying necessary protection
measures within the network so that potentially vulnerable devices can coexist
without endangering the security of other devices in the same network. In this
paper, we present IOT SENTINEL, a system capable of automatically identifying
the types of devices being connected to an IoT network and enabling enforcement
of rules for constraining the communications of vulnerable devices so as to
minimize damage resulting from their compromise. We show that IOT SENTINEL is
effective in identifying device types and has minimal performance overhead
Detection of application used on a mobile device based on network traffic
Smartphones have become very popular over the past years, thus being owned by almost every individual, the devices also follow their owners throughout the day thus having access to a lot of information about their users. Additionally various companies provide additional services through applications on mobile devices which makes them highly interested in what people do with their mobile devices, as it allows perfection of these services.
To collect usage data, on top of having user consent, a company must be able to actually see what is happening on the device. But in regards to growing concern about user privacy, operating systems on mobile devices isolate applications limiting their access to only a small part of information of what is happening on the device. Options like running surveys exist, but are highly dependent on honesty of the people and expensive.
To gain the information about running applications network traffic can be utilized as more and more devices are constantly connected to the internet. On the other hand, as well as application isolation, the network traffic is also being more and more protected.
This thesis starts with reviewing previous works to give a picture of what kind of information can be extracted from mobile device and it's network traffic and how it can be used. The main aim of this thesis is to implement a system that detects the used applications and their running times by combining mobile network traffic with application launch times and using machine learning. To assess the detection quality and scalability thoroughly, several tests are performed.
The implemented detection system shows good potential as it achieves near perfect results in optimal conditions, yet to provide these conditions in every case, a lot of work has to be done still
Practical Traffic Analysis Attacks on Secure Messaging Applications
Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp have
become extremely popular in recent years. Unfortunately, such IM services have
been targets of continuous governmental surveillance and censorship, as these
services are home to public and private communication channels on socially and
politically sensitive topics. To protect their clients, popular IM services
deploy state-of-the-art encryption mechanisms. In this paper, we show that
despite the use of advanced encryption, popular IM applications leak sensitive
information about their clients to adversaries who merely monitor their
encrypted IM traffic, with no need for leveraging any software vulnerabilities
of IM applications. Specifically, we devise traffic analysis attacks that
enable an adversary to identify administrators as well as members of target IM
channels (e.g., forums) with high accuracies. We believe that our study
demonstrates a significant, real-world threat to the users of such services
given the increasing attempts by oppressive governments at cracking down
controversial IM channels.
We demonstrate the practicality of our traffic analysis attacks through
extensive experiments on real-world IM communications. We show that standard
countermeasure techniques such as adding cover traffic can degrade the
effectiveness of the attacks we introduce in this paper. We hope that our study
will encourage IM providers to integrate effective traffic obfuscation
countermeasures into their software. In the meantime, we have designed and
deployed an open-source, publicly available countermeasure system, called
IMProxy, that can be used by IM clients with no need for any support from IM
providers. We have demonstrated the effectiveness of IMProxy through
experiments
Can Passive Mobile Application Traffic be Identified using Machine Learning Techniques
Mobile phone applications (apps) can generate background traffic when the end-user is not actively using the app. If this background traffic could be accurately identified, network operators could de-prioritise this traffic and free up network bandwidth for priority network traffic. The background app traffic should have IP packet features that could be utilised by a machine learning algorithm to identify app-generated (passive) traffic as opposed to user-generated (active) traffic. Previous research in the area of IP traffic classification focused on classifying high level network traffic types originating on a PC device. This research was concerned with classifying low level app traffic originating on mobile phone device. An innovative experiment setup was designed in order to answer the research question. A mobile phone running Android OS was configured to capture app network data. Three specific data trace procedures where then designed to comprehensively capture sample active and passive app traffic data. Feature generation in previous research recommend computing new features based on IP packet data. This research proposes a different approach. Feature generation was enabled by exposing inherent IP packet attributes as opposed to computing new features. Specific evaluation metrics were also designed in order to quantify the accuracy of the machine learning models at classifying active and passive app traffic. Three decision tree models were implemented; C5.0, C&R tree and CHAID tree. Each model was built using a standard implementation and with boosting. The findings indicate that passive app network traffic can be classified with an accuracy up to 84.8% using a CHAID decision tree algorithm with model boosting enabled. The finding also suggested that features derived from the inherent IP packet attributes, such as time frame delta and bytes in flight, had significant predictive value
Mobile web and app QoE monitoring for ISPs - from encrypted traffic to speed index through machine learning
International audienceWeb browsing is one of the key applications of the Internet. In this paper, we address the problem of mobile Web and App QoE monitoring from the Internet Service Provider (ISP) perspective, relying on in-network, passive measurements. Our study targets the analysis of Web and App QoE in mobile devices, including mobile browsing in smartphones and tablets, as well as mobile apps. As a proxy to Web QoE, we focus on the analysis of the well-known Speed Index (SI) metric. Given the wide adoption of end-to-end encryption, we resort to machine-learning models to infer the SI of individual web page and app loading sessions, using as input only packet level data. Empirical evaluations on a large, multi mobile-device corpus of Web and App QoE measurements for top popular websites and selected apps demonstrate that the proposed solution can properly infer the SI from in-network, encrypted-traffic measurements, relying on learning-based models. Our study also reveals relevant network and web page content characteristics impacting Web QoE in mobile devices, providing a complete overview on the mobile Web and App QoE assessment problem
- …