The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis

In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.Comment: 55 page

An overall assessment of Mobile Internal Acquisition Tool

n/

Evaluating IP security and mobility on lightweight hardware

This work presents an empirical evaluation of applicability of selected existing IP security and mobility mechanisms to lightweight mobile devices and network components with limited resources and capabilities. In particular, we consider the Host Identity Protocol (HIP), recently specified by the IETF for achieving authentication, secure mobility and multihoming, data protection and prevention of several types of attacks. HIP uses the Diffie-Hellman protocol to establish a shared secret for two hosts, digital signatures to provide integrity of control plane and IPsec ESP encryption to protect user data. These computationally expensive operations might easily stress CPU, memory and battery resources of a lightweight client, as well as negatively affect data throughput and latency.We describe our porting experience with HIP on an embedded Linux PDA, a Symbian-based smartphone and two OpenWrt Wi-Fi access routers, thereby contributing to the protocol deployment. We present a set of measurement results of different HIP operations on these devices and evaluate the impact of public-key cryptography on the processor load, memory usage and battery lifetime, as well as the influence of the IPsec encryption on Round-Trip Time and TCP throughput. In addition, we assess how the lightweight hardware of a mobile handheld or a Wi-Fi access router in turn affects the duration of certain protocol operations including HIP base exchange, HIP mobility update, puzzle solving procedure and generation of an asymmetric key pair. After analyzing the empirical results we make conclusions and recommendations on applicability of unmodified HIP and IPsec to resource-constrained mobile devices. We also survey related work and draw parallels with our own research results

Evaluating IP security on lightweight hardware

TCP/IP communications stack is being increasingly used to interconnect mobile phones, PDAs, sensor motes and other wireless embedded devices. Although the core functionality of communications protocols has been successfully adopted to lightweight hardware from the traditional Internet and desktop computers, suitability of strong security mechanisms on such devices remains questionable. Insufficient processor, memory and battery resources, as well as constraints of wireless communications limit the applicability of many existing security protocols that involve computationally intensive operations. Varying capabilities of devices and application scenarios with different security and operational requirements complicate the situation further and call for agile and flexible security systems. This study does an empirical evaluation of applicability of selected existing IP security mechanisms to lightweight (resource-constrained) devices. In particular, we evaluate various components of the Host Identity Protocol (HIP), standardized by the Internet Engineering Task Force for achieving authentication, shared key negotiation, secure mobility and multihoming and, if used with IPsec, integrity and confidentiality of user data. Involving a set of cryptographic operations, HIP might easily stress a lightweight client, while affecting performance of applications running on it and shortening battery lifetime of the device. We present a background and related work on network-layer security, as well as a set of measurement results of various security components obtained on devices representing lightweight hardware: embedded Linux PDAs, Symbian-based smartphones, OpenWrt Wi-Fi access routers and wireless sensor platforms. To improve computational and energy efficiency of HIP, we evaluate several lightweight mechanisms that can substitute standard protocol components and provide a good trade-off between security and performance in particular application scenarios. We describe cases where existing HIP security mechanisms (i) can be used unmodified and (ii) should be tailored or replaced to suit resource-constrained environments. The combination of presented security components and empirical results on their applicability can serve as a reference framework for building adaptable and flexible security services for future lightweight communication systems

Code White: A Signed Code Protection Mechanism for Smartphones

This research develops Code White, a hardware-implemented trusted execution mechanism for the Symbian mobile operating system. Code White combines a signed whitelist approach with the execution prevention technology offered by the ARM architecture. Testing shows that it prevents all untrusted user applications from executing while allowing all trusted applications to load and run. Performance testing in contrast with an unmodified Symbian system shows that the difference in load time increases linearly as the application file size increases. The predicted load time for an application with a one megabyte code section remains well below one second, ensuring uninterrupted experience for the user. Smartphones have proven to be invaluable to military, civic, and business users due in a large part to their ability to execute code just like any desktop computer can. While many useful applications have been developed for these users, numerous malicious programs have also surfaced. And while smartphones have desktop-like capabilities to execute software, they do not have the same resources to scan for malware. More efficient means, like Code White, which minimize resource usage are needed to protect the data and capabilities found in smartphones

Smartphone software for department of computer science

The presented document provides an overview of the Smartphone Software for Department of Computer Science project development through out several phases: analysis of the project proposal, preliminary study of the concepts involved in the project, design decisions and modeling, implementation, experiments and conclusions obtained in the end, as well as a reflection on possible future system improvements. The final version of the system, which was built after the design and implementation decisions made through out the development of the project, is a prototype mainly composed of an application for Android smartphones leaning on a distributed architecture in order to provide all its expected functionalities. Thus, the system is based on a mixture of the two main distributed systems architectural models: client-server and peer-to-peer. The functionalities that lean on the client-server architecture are those whose data are relative to information of general interest and need to be always (ideally) available: consulting news, information and schedules for courses, frequently asked questions, maps and indoors positioning. On the other hand, functionalities such as the chat system and the possibility of contacting with the students of a certain course depend on the availability of the users, so a peer-to-peer architectural model was developed to support them. Regarding the system functionalities, the in-door localization and the chat system were determined as the most relevant ones. With the aim to provide those functionalities, the choice made was to implement an in-door positioning based on the RedPin model and, on the other hand, to make use of an already existing Java solution to build a chat system by means of multicast DNS and DNS Service Discovery: JmDNS

State-of-the-Art Multihoming Protocols and Support for Android

Il traguardo più importante per la connettività wireless del futuro sarà sfruttare appieno le potenzialità offerte da tutte le interfacce di rete dei dispositivi mobili. Per questo motivo con ogni probabilità il multihoming sarà un requisito obbligatorio per quelle applicazioni che puntano a fornire la migliore esperienza utente nel loro utilizzo. Sinteticamente è possibile definire il multihoming come quel processo complesso per cui un end-host o un end-site ha molteplici punti di aggancio alla rete. Nella pratica, tuttavia, il multihoming si è rivelato difficile da implementare e ancor di più da ottimizzare. Ad oggi infatti, il multihoming è lontano dall’essere considerato una feature standard nel network deployment nonostante anni di ricerche e di sviluppo nel settore, poiché il relativo supporto da parte dei protocolli è quasi sempre del tutto inadeguato. Naturalmente anche per Android in quanto piattaforma mobile più usata al mondo, è di fondamentale importanza supportare il multihoming per ampliare lo spettro delle funzionalità offerte ai propri utenti. Dunque alla luce di ciò, in questa tesi espongo lo stato dell’arte del supporto al multihoming in Android mettendo a confronto diversi protocolli di rete e testando la soluzione che sembra essere in assoluto la più promettente: LISP. Esaminato lo stato dell’arte dei protocolli con supporto al multihoming e l’architettura software di LISPmob per Android, l’obiettivo operativo principale di questa ricerca è duplice: a) testare il roaming seamless tra le varie interfacce di rete di un dispositivo Android, il che è appunto uno degli obiettivi del multihoming, attraverso LISPmob; e b) effettuare un ampio numero di test al fine di ottenere attraverso dati sperimentali alcuni importanti parametri relativi alle performance di LISP per capire quanto è realistica la possibilità da parte dell’utente finale di usarlo come efficace soluzione multihoming

A Peer-to-Peer Network Framework Utilising the Public Mobile Telephone Network

P2P (Peer-to-Peer) technologies are well established and have now become accepted as a mainstream networking approach. However, the explosion of participating users has not been replicated within the mobile networking domain. Until recently the lack of suitable hardware and wireless network infrastructure to support P2P activities was perceived as contributing to the problem. This has changed with ready availability of handsets having ample processing resources utilising an almost ubiquitous mobile telephone network. Coupled with this has been a proliferation of software applications written for the more capable `smartphone' handsets. P2P systems have not naturally integrated and evolved into the mobile telephone ecosystem in a way that `client-server' operating techniques have. However as the number of clients for a particular mobile application increase, providing the `server side' data storage infrastructure becomes more onerous. P2P systems offer mobile telephone applications a way to circumvent this data storage issue by dispersing it across a network of the participating users handsets. The main goal of this work was to produce a P2P Application Framework that supports developers in creating mobile telephone applications that use distributed storage. Effort was assigned to determining appropriate design requirements for a mobile handset based P2P system. Some of these requirements are related to the limitations of the host hardware, such as power consumption. Others relate to the network upon which the handsets operate, such as connectivity. The thesis reviews current P2P technologies to assess which was viable to form the technology foundations for the framework. The aim was not to re-invent a P2P system design, rather to adopt an existing one for mobile operation. Built upon the foundations of a prototype application, the P2P framework resulting from modifications and enhancements grants access via a simple API (Applications Programmer Interface) to a subset of Nokia `smartphone' devices. Unhindered operation across all mobile telephone networks is possible through a proprietary application implementing NAT (Network Address Translation) traversal techniques. Recognising that handsets operate with limited resources, further optimisation of the P2P framework was also investigated. Energy consumption was a parameter chosen for further examination because of its impact on handset participation time. This work has proven that operating applications in conjunction with a P2P data storage framework, connected via the mobile telephone network, is technically feasible. It also shows that opportunity remains for further research to realise the full potential of this data storage technique