Double Edged Mobile and Wearable Side-Channels: Motion Leakage and Countermeasure
DescriptionRich sensors on mobile and wearable devices nowadays could offer valuable data for designing a variety of useful applications. However, these data recently are also revealed as double-edged swords, as they could form side-channels to leak aspects of user's information that is considered vital. In this project, we investigate a specific piece within this broad problem space: can the sensitive information, like passwords and personal data, frequently typed by user on mobile devices be inferred through the motion sensors of wearable devices on user's wrist? If so, the implication is serious, as the bar to launch this side-channel attack is trivial. Hence, if the answer is positive, it is natural to wonder how to prevent such motion or privacy leakage.The first aim of this project is to investigate whether the low-end wearable sensors owns the capability of accurate motion tracing to launch the side-channel attack above. User may hold the mobile device in an arbitrary gesture for typing and mobile's screen size is tiny. Lacking effective motion sensor processing technique, the typing plane, i.e., mobile's screen, cannot be reliably reconstructed in the first place, and erroneous sensor readings cannot truthfully derive wearable's moving neither. Therefore, without explicitly addressing this challenge, it is unclear whether the motion leakage is viable on miniature mobile devices with a possibly arbitrary typing plane attitude.The second aim of this project is to develop an effective countermeasure against such potential privacy leakage. Our proposed solution is inspired by the sensor-formed side-channel as well, but adopting a different channel frequency, i.e., sensor, in the design. We observe that most mobile devices are equipped with front camera. Our key idea is to use eye gaze for typing private information. This design is secure primarily due to two facts: 1) the eye gaze itself is difficult to eavesdrop and decode, and 2) no hand motions are involved in the typing.In summary, the idea proposed in this project to investigate the double-edged sides of mobile and wearable side-channels is of essential novelty, which closes the design loop for both the security risk discovery and countermeasure proposal. It can alarm people the potential privacy leakage risk when using mobile devices, while it could also provide an effective solution to migrate this issue. Moreover, the technical contributions made in motion tracing and gaze-based typing designs are also innovative. They may appeal to data analytics, sensing system design, and other domains as well.
|Effective start/end date||1/01/18 → …|