The Experts below are selected from a list of 6036 Experts worldwide ranked by ideXlab platform
Prasant Mohapatra - One of the best experts on this subject based on the ideXlab platform.
-
uncovering Privacy Leakage in ble network traffic of wearable fitness trackers
International Workshop on Mobile Computing Systems and Applications, 2016Co-Authors: Aveek K Das, Parth H Pathak, Chennee Chuah, Prasant MohapatraAbstract:There has been a tremendous increase in popularity and adoption of wearable fitness trackers. These fitness trackers predominantly use Bluetooth Low Energy (BLE) for communicating and syncing the data with user's smartphone. This paper presents a measurement-driven study of possible Privacy Leakage from BLE communication between the fitness tracker and the smartphone. Using real BLE traffic traces collected in the wild and in controlled experiments, we show that majority of the fitness trackers use unchanged BLE address while advertising, making it feasible to track them. The BLE traffic of the fitness trackers is found to be correlated with the intensity of user's activity, making it possible for an eavesdropper to determine user's current activity (walking, sitting, idle or running) through BLE traffic analysis. Furthermore, we also demonstrate that the BLE traffic can represent user's gait which is known to be distinct from user to user. This makes it possible to identify a person (from a small group of users) based on the BLE traffic of her fitness tracker. As BLE-based wearable fitness trackers become widely adopted, our aim is to identify important Privacy implications of their usage and discuss prevention strategies.
-
HotMobile - Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers
Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications - HotMobile '16, 2016Co-Authors: Aveek K Das, Parth H Pathak, Chennee Chuah, Prasant MohapatraAbstract:There has been a tremendous increase in popularity and adoption of wearable fitness trackers. These fitness trackers predominantly use Bluetooth Low Energy (BLE) for communicating and syncing the data with user's smartphone. This paper presents a measurement-driven study of possible Privacy Leakage from BLE communication between the fitness tracker and the smartphone. Using real BLE traffic traces collected in the wild and in controlled experiments, we show that majority of the fitness trackers use unchanged BLE address while advertising, making it feasible to track them. The BLE traffic of the fitness trackers is found to be correlated with the intensity of user's activity, making it possible for an eavesdropper to determine user's current activity (walking, sitting, idle or running) through BLE traffic analysis. Furthermore, we also demonstrate that the BLE traffic can represent user's gait which is known to be distinct from user to user. This makes it possible to identify a person (from a small group of users) based on the BLE traffic of her fitness tracker. As BLE-based wearable fitness trackers become widely adopted, our aim is to identify important Privacy implications of their usage and discuss prevention strategies.
-
characterizing Privacy Leakage of public wifi networks for users on travel
International Conference on Computer Communications, 2013Co-Authors: Ningning Cheng, Xinlei Wang, Wei Cheng, Prasant Mohapatra, Aruna SeneviratneAbstract:Deployment of public wireless access points (also known as public hotspots) and the prevalence of portable computing devices has made it more convenient for people on travel to access the Internet. On the other hand, it also generates large Privacy concerns due to the open environment. However, most users are neglecting the Privacy threats because currently there is no way for them to know to what extent their Privacy is revealed. In this paper, we examine the Privacy Leakage in public hotspots from activities such as domain name querying, web browsing, search engine querying and online advertising. We discover that, from these activities multiple categories of user Privacy can be leaked, such as identity Privacy, location Privacy, financial Privacy, social Privacy and personal Privacy. We have collected real data from 20 airport datasets in four countries and discover that the Privacy Leakage can be up to 68%, which means two thirds of users on travel leak their private information while accessing the Internet at airports. Our results indicate that users are not fully aware of the Privacy Leakage they can encounter in the wireless environment, especially in public WiFi networks. This fact can urge network service providers and website designers to improve their service by developing better Privacy preserving mechanisms.
-
INFOCOM - Characterizing Privacy Leakage of public WiFi networks for users on travel
2013 Proceedings IEEE INFOCOM, 2013Co-Authors: Ningning Cheng, Xinlei Wang, Wei Cheng, Prasant Mohapatra, Aruna SeneviratneAbstract:Deployment of public wireless access points (also known as public hotspots) and the prevalence of portable computing devices has made it more convenient for people on travel to access the Internet. On the other hand, it also generates large Privacy concerns due to the open environment. However, most users are neglecting the Privacy threats because currently there is no way for them to know to what extent their Privacy is revealed. In this paper, we examine the Privacy Leakage in public hotspots from activities such as domain name querying, web browsing, search engine querying and online advertising. We discover that, from these activities multiple categories of user Privacy can be leaked, such as identity Privacy, location Privacy, financial Privacy, social Privacy and personal Privacy. We have collected real data from 20 airport datasets in four countries and discover that the Privacy Leakage can be up to 68%, which means two thirds of users on travel leak their private information while accessing the Internet at airports. Our results indicate that users are not fully aware of the Privacy Leakage they can encounter in the wireless environment, especially in public WiFi networks. This fact can urge network service providers and website designers to improve their service by developing better Privacy preserving mechanisms.
Aruna Seneviratne - One of the best experts on this subject based on the ideXlab platform.
-
a first look into Privacy Leakage in 3d mixed reality data
European Symposium on Research in Computer Security, 2019Co-Authors: Jaybie De Guzman, Kanchana Thilakarathna, Aruna SeneviratneAbstract:We have seen a rise in mixed (MR) and augmented reality (AR) applications and devices in recent years. Subsequently, we have become familiar with the sensing power of these applications and devices, and we are only starting to realize the nascent risks that these technology puts over our Privacy and security. Current Privacy protection measures are primarily aimed towards known and well-utilised data types (i.e. location, on-line activity, biometric, and so on) while a few works have focused on looking into the security and Privacy risks of and providing protection on MR data, particularly on 3D MR data. In this work, we primarily reveal the Privacy Leakage from released 3D MR data and how the Leakage persist even after implementing spatial generalizations and abstractions. Firstly, we formalize the spatial Privacy problem in 3D mixed reality data as well as the adversary model. Then, we demonstrate through an inference model how adversaries can identify 3D spaces and, potentially, infer more spatial information. Moreover, we also demonstrate how compact 3D MR Data can be in terms of memory usage which allows adversaries to create lightweight 3D inference models of user spaces.
-
characterizing Privacy Leakage of public wifi networks for users on travel
International Conference on Computer Communications, 2013Co-Authors: Ningning Cheng, Xinlei Wang, Wei Cheng, Prasant Mohapatra, Aruna SeneviratneAbstract:Deployment of public wireless access points (also known as public hotspots) and the prevalence of portable computing devices has made it more convenient for people on travel to access the Internet. On the other hand, it also generates large Privacy concerns due to the open environment. However, most users are neglecting the Privacy threats because currently there is no way for them to know to what extent their Privacy is revealed. In this paper, we examine the Privacy Leakage in public hotspots from activities such as domain name querying, web browsing, search engine querying and online advertising. We discover that, from these activities multiple categories of user Privacy can be leaked, such as identity Privacy, location Privacy, financial Privacy, social Privacy and personal Privacy. We have collected real data from 20 airport datasets in four countries and discover that the Privacy Leakage can be up to 68%, which means two thirds of users on travel leak their private information while accessing the Internet at airports. Our results indicate that users are not fully aware of the Privacy Leakage they can encounter in the wireless environment, especially in public WiFi networks. This fact can urge network service providers and website designers to improve their service by developing better Privacy preserving mechanisms.
-
INFOCOM - Characterizing Privacy Leakage of public WiFi networks for users on travel
2013 Proceedings IEEE INFOCOM, 2013Co-Authors: Ningning Cheng, Xinlei Wang, Wei Cheng, Prasant Mohapatra, Aruna SeneviratneAbstract:Deployment of public wireless access points (also known as public hotspots) and the prevalence of portable computing devices has made it more convenient for people on travel to access the Internet. On the other hand, it also generates large Privacy concerns due to the open environment. However, most users are neglecting the Privacy threats because currently there is no way for them to know to what extent their Privacy is revealed. In this paper, we examine the Privacy Leakage in public hotspots from activities such as domain name querying, web browsing, search engine querying and online advertising. We discover that, from these activities multiple categories of user Privacy can be leaked, such as identity Privacy, location Privacy, financial Privacy, social Privacy and personal Privacy. We have collected real data from 20 airport datasets in four countries and discover that the Privacy Leakage can be up to 68%, which means two thirds of users on travel leak their private information while accessing the Internet at airports. Our results indicate that users are not fully aware of the Privacy Leakage they can encounter in the wireless environment, especially in public WiFi networks. This fact can urge network service providers and website designers to improve their service by developing better Privacy preserving mechanisms.
Michael R Lyu - One of the best experts on this subject based on the ideXlab platform.
-
spyaware investigating the Privacy Leakage signatures in app execution traces
International Symposium on Software Reliability Engineering, 2015Co-Authors: Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R LyuAbstract:A new security problem on smartphones is the wide spread of spyware nested in apps, which occasionally and silently collects user's private data in the background. The state-of-the-art work for Privacy Leakage detection is dynamic taint analysis, which, however, suffers usability issues because it requires flashing a customized system image to track the taint propagation and consequently incurs great overhead. Through a real-world Privacy Leakage case study, we observe that the spyware behaviors share some common features during execution, which may further indicate a correlation between the data flow of Privacy Leakage and some specific features of program execution traces. In this work, we examine such a hypothesis using the newly proposed SpyAware framework, together with a customized TaintDroid as the ground truth. SpyAware includes a profiler to automatically profile app executions in binder calls and system calls, a feature extractor to extract feature vectors from execution traces, and a classifier to train and predict spyware executions based on the feature vectors. We conduct an evaluation experiment with 100 popular apps downloaded from Google Play. Experimental results show that our approach can achieve promising performance with 67.4% accuracy in detecting device id spyware executions and 78.4% in recognizing location spyware executions.
-
ISSRE - SpyAware: Investigating the Privacy Leakage signatures in app execution traces
2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE), 2015Co-Authors: Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R LyuAbstract:A new security problem on smartphones is the wide spread of spyware nested in apps, which occasionally and silently collects user's private data in the background. The state-of-the-art work for Privacy Leakage detection is dynamic taint analysis, which, however, suffers usability issues because it requires flashing a customized system image to track the taint propagation and consequently incurs great overhead. Through a real-world Privacy Leakage case study, we observe that the spyware behaviors share some common features during execution, which may further indicate a correlation between the data flow of Privacy Leakage and some specific features of program execution traces. In this work, we examine such a hypothesis using the newly proposed SpyAware framework, together with a customized TaintDroid as the ground truth. SpyAware includes a profiler to automatically profile app executions in binder calls and system calls, a feature extractor to extract feature vectors from execution traces, and a classifier to train and predict spyware executions based on the feature vectors. We conduct an evaluation experiment with 100 popular apps downloaded from Google Play. Experimental results show that our approach can achieve promising performance with 67.4% accuracy in detecting device id spyware executions and 78.4% in recognizing location spyware executions.
Yangfan Zhou - One of the best experts on this subject based on the ideXlab platform.
-
spyaware investigating the Privacy Leakage signatures in app execution traces
International Symposium on Software Reliability Engineering, 2015Co-Authors: Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R LyuAbstract:A new security problem on smartphones is the wide spread of spyware nested in apps, which occasionally and silently collects user's private data in the background. The state-of-the-art work for Privacy Leakage detection is dynamic taint analysis, which, however, suffers usability issues because it requires flashing a customized system image to track the taint propagation and consequently incurs great overhead. Through a real-world Privacy Leakage case study, we observe that the spyware behaviors share some common features during execution, which may further indicate a correlation between the data flow of Privacy Leakage and some specific features of program execution traces. In this work, we examine such a hypothesis using the newly proposed SpyAware framework, together with a customized TaintDroid as the ground truth. SpyAware includes a profiler to automatically profile app executions in binder calls and system calls, a feature extractor to extract feature vectors from execution traces, and a classifier to train and predict spyware executions based on the feature vectors. We conduct an evaluation experiment with 100 popular apps downloaded from Google Play. Experimental results show that our approach can achieve promising performance with 67.4% accuracy in detecting device id spyware executions and 78.4% in recognizing location spyware executions.
-
ISSRE - SpyAware: Investigating the Privacy Leakage signatures in app execution traces
2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE), 2015Co-Authors: Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R LyuAbstract:A new security problem on smartphones is the wide spread of spyware nested in apps, which occasionally and silently collects user's private data in the background. The state-of-the-art work for Privacy Leakage detection is dynamic taint analysis, which, however, suffers usability issues because it requires flashing a customized system image to track the taint propagation and consequently incurs great overhead. Through a real-world Privacy Leakage case study, we observe that the spyware behaviors share some common features during execution, which may further indicate a correlation between the data flow of Privacy Leakage and some specific features of program execution traces. In this work, we examine such a hypothesis using the newly proposed SpyAware framework, together with a customized TaintDroid as the ground truth. SpyAware includes a profiler to automatically profile app executions in binder calls and system calls, a feature extractor to extract feature vectors from execution traces, and a classifier to train and predict spyware executions based on the feature vectors. We conduct an evaluation experiment with 100 popular apps downloaded from Google Play. Experimental results show that our approach can achieve promising performance with 67.4% accuracy in detecting device id spyware executions and 78.4% in recognizing location spyware executions.
Zhenjiang Li - One of the best experts on this subject based on the ideXlab platform.
-
aLeak: Privacy Leakage through Context - Free Wearable Side-Channel
IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, 2018Co-Authors: Zhenjiang LiAbstract:We revisit a crucial Privacy problem in this paper - can the sensitive information, like the passwords and personal data, frequently typed by user on mobile devices be inferred through the motion sensors of wearable device on user's wrist, e.g., smart watch or wrist band? Existing works have achieved the initial success under certain context-aware conditions, such as 1) the horizontal keypad plane, 2) the known keyboard size, 3) and/or the last keystroke on a fixed “enter” button. Taking one step further, the key contribution of this paper is to fully demonstrate, more importantly alarm people, the further risks of typing Privacy Leakage in much more generalized context-free scenarios, which are related to most of us for the daily usage of mobile devices. We validate this feasibility by addressing a series of unsolved challenges and developing a prototype system aLeak. Extensive experiments show the efficacy of aLeak, which achieves promising successful rates in the attack from more than 300 rounds of different users' typings on various mobile platforms without any context-related information.
