Double Edged Mobile and Wearable Side-Channels: Motion Leakage and Countermeasure

Project: Research

View graph of relations

Description

Rich sensors on mobile and wearable devices nowadays could offer valuable data fordesigning a variety of useful applications. However, these data recently are also revealedas double-edged swords, as they could form side-channels to leak aspects of user'sinformation that is considered vital. In this project, we investigate a specific piece withinthis broad problem space: can the sensitive information, like passwords and personaldata, frequently typed by user on mobile devices be inferred through the motion sensorsof wearable devices on user's wrist? If so, the implication is serious, as the bar to launchthis side-channel attack is trivial. Hence, if the answer is positive, it is natural towonder how to prevent such motion or privacy leakage.The first aim of this project is to investigate whether the low-end wearable sensorsowns the capability of accurate motion tracing to launch the side-channel attack above.User may hold the mobile device in an arbitrary gesture for typing and mobile's screensize is tiny. Lacking effective motion sensor processing technique, the typing plane, i.e.,mobile's screen, cannot be reliably reconstructed in the first place, and erroneous sensorreadings cannot truthfully derive wearable's moving neither. Therefore, without explicitlyaddressing this challenge, it is unclear whether the motion leakage is viable onminiature mobile devices with a possibly arbitrary typing plane attitude.The second aim of this project is to develop an effective countermeasure against suchpotential privacy leakage. Our proposed solution is inspired by the sensor-formed side-channelas well, but adopting a different channel frequency, i.e., sensor, in the design.We observe that most mobile devices are equipped with front camera. Our key idea is touse eye gaze for typing private information. This design is secure primarily due to twofacts: 1) the eye gaze itself is difficult to eavesdrop and decode, and 2) no hand motionsare involved in the typing.In summary, the idea proposed in this project to investigate the double-edged sides ofmobile and wearable side-channels is of essential novelty, which closes the design loopfor both the security risk discovery and countermeasure proposal. It can alarm peoplethe potential privacy leakage risk when using mobile devices, while it could also providean effective solution to migrate this issue. Moreover, the technical contributions made inmotion tracing and gaze-based typing designs are also innovative. They may appeal todata analytics, sensing system design, and other domains as well.

Detail(s)

Project number9042531
Grant typeGRF
StatusFinished
Effective start/end date1/01/1822/06/22