Privacy Leaks When You Play Games : A Novel User-Behavior-Based Covert Channel on Smartphones

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)peer-review

4 Scopus Citations
View graph of relations

Author(s)

  • Wen Qi
  • Yichen Xu
  • Wanfu Ding
  • Kejie Lu

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE 23rd International Conference on Network Protocols (ICNP 2015)
PublisherIEEE
Pages201-211
ISBN (Electronic)978-1-4673-8295-3
Publication statusPublished - Nov 2015

Conference

Title23rd IEEE International Conference on Network Protocols (ICNP 2015)
PlaceUnited States
CitySan Francisco
Period10 - 13 November 2015

Abstract

To protect user privacy, many smartphone systems, such as Android and Windows Phone, adopt the permission-based mechanism in which a user can evaluate the request of private information by a mobile app before installing it. However, recent studies show that the permission-based mechanism is vulnerable to application colluding attacks because two apps, which appear to be harmless individually, can establish a covert channel and use it to leak confidential information. In general, existing known covert channels usually work in a way that one app can modify the status of a system component, while the other can read the status. Even though several covert channel detection schemes have been proposed recently to fight against this type of covert channels, we point out that such designed covert channel detection schemes are not sufficient. In this paper, we demonstrate the possibility of establishing novel covert channels that work in quite different ways, in which one app (e.g., a game) can be designed deliberately such that the user will be induced to voluntarily modify the status of a system component (e.g., a motion sensor), while the other app can read the status of the system component. To validate our design, we implement three covert channels on Android. Our experiments show that these channels can bypass existing detection schemes. Moreover, we also measure the achievable throughput, error rate, and energy consumption in devices. The results demonstrate that our covert channels can achieve a transmission with high accuracy and low energy consumption. Our work sets a new alarm for the security issue of using smartphones.

Research Area(s)

  • Application colluding attack, Covert channel, Motion sensor, Smartphone security

Citation Format(s)

Privacy Leaks When You Play Games : A Novel User-Behavior-Based Covert Channel on Smartphones. / Qi, Wen; Xu, Yichen; Ding, Wanfu; Jiang, Yonghang; Wang, Jianping; Lu, Kejie.

Proceedings - 2015 IEEE 23rd International Conference on Network Protocols (ICNP 2015). IEEE, 2015. p. 201-211 7437129.

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)peer-review