Abstract
(type = abstract)
The proliferation of the mobile devices (e.g., smartphones, smartwatches and fitness trackers) has brought great convenience to our daily lives. Mobile users can enjoy the online access anytime and anywhere through WiFi or cellular services, monitor daily activities (e.g., walking steps) via wearable devices, or flexibly access the devices via touch screens and microphones. The pervasive mobile sensors can further benefit the public sector, such as providing real-time data for public transportation, emergency and public safety protection. While the mobile technologies facilitate a wide range of useful applications to the users, an adversary may leverage them to derive the user’s sensitive private information. This dissertation focuses on exploring the security threats of the mobile devices given the various embedded sensors. Moreover, we explore to utilize mobile sensing technologies as opportunities for protecting not only the personal privacy but also the public security.
As the smartphone is the most popular mobile device worldwide, we first investigate to what extent the users’ personal information such as social relationships and demographics could be revealed from their smartphones, in particular through the simple signal information of the pervasive Wi-Fi Access Points (AP) without examining any Wi-Fi traffic. We successfully derive the users’ activities at daily visited places from the surrounding APs and utilize that as the basis to infer the users’ social interactions and individual behaviors. Our approaches capture how closely people interact with each other based on their physical closeness to infer their social relationships and recognize the individual behaviors via their activity characteristics (e.g., activeness and time slots) at their daily visited places to estimate the users’ demographics.
Moreover, the increasing popularity of wearable devices motivates us to examine the possible sensitive information leakage from the user’s personal wearable devices. We demonstrate a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people are accessing key-based security systems (e.g., ATM machines). We develop a system to show that the motion sensors on a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enables an adversary to reproduce the hand movement trajectories of the user to recover the secret key entries.
Besides security threats, we also find that mobile technologies bring unique opportunities to protect the personal privacy. We propose to use an off-the-shelf wearable device (e.g., a smartwatch or bracelet) as a secure token to secure the Voice Assistant (VA) systems (e.g., Google Home and Amazon Alexa), which have been shown to be under a high risk of sensitive information leakage in the various acoustic attacks (e.g., impersonation, replay and hidden command attacks). In particular, the proposed system exploits the motion sensors, readily available on most wearables, to describe the voice command in the vibration domain, which is then compared with the audio domain information (recorded by the VA device’s microphone) to verify whether the voice command comes from the legitimate user.
Finally, we provide a low-cost and easy-to-scale solution to address the ever-increasing public safety concerns caused by the portable dangerous objects (e.g., lethal weapons, chemical explosives and home-made bombs) in the public places such as museums, stadiums, theme parks and schools. Our proposed detection system utilizes the fine-grained channel state information (CSI) from existing WiFi networks to detect the existence of suspicious objects hidden inside baggage and further identify the dangerous material type of the object without penetrating the user’s privacy through physically opening the baggage. Compared to the existing X-ray based object scanning infrastructure, this detection system based on the commodity WiFi could become a game-changer, which significantly reduces the deployment cost and is easy to set up in numerous public venues.