Loading [a11y]/accessibility-menu.js
Construction and Mitigation of User-Behavior-Based Covert Channels on Smartphones | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Mobile C... >Volume: 17 Issue: 1

Construction and Mitigation of User-Behavior-Based Covert Channels on Smartphones

PDF
Wen Qi; Wanfu Ding; Xinyu Wang; Yonghang Jiang; Yichen Xu; Jianping Wang
All Authors

Abstract:

To protect user privacy, many smartphone systems adopt the permission-based mechanism in which a user can evaluate the risk of requests for private information from a mob...Show More

Metadata

Abstract:

To protect user privacy, many smartphone systems adopt the permission-based mechanism in which a user can evaluate the risk of requests for private information from a mobile app before installing it. However, recent studies show that the permission based mechanism is vulnerable to application collusion attacks because two apps, which appear to be harmless individually, can establish a covert channel and use it to leak confidential information. Consequently, people have designed some covert channel detection schemes, by checking abnormal status of the phone. In this paper, we point out that existing covert channel detection schemes may fail to detect a new type of collusion attacks referred as user-behavior-based covert channels. We implement three covert channels on Android smartphones. Our work sets a new alarm for the security issue of using smartphones. We then study the countermeasures to this new type of covert channels. Instead of trying to directly detect the proposed new type of covert channels, we propose two mitigation solutions to reduce the effectiveness of such covert channels. The mitigation solutions are also valid to other existing sensor-based side channels and/or covert channels on the phone.
Published in: IEEE Transactions on Mobile Computing ( Volume: 17, Issue: 1, 01 January 2018)
Page(s): 44 - 57
Date of Publication: 24 April 2017

ISSN Information:

DOI: 10.1109/TMC.2017.2696945

Funding Agency:

References is not available for this document.
Contents

1 Introduction

In the past few years, smartphone users are increasing explosively. It is predicted that such growth will keep speedy in the near future. According to a recent study by Ericsson [1], the number of smartphone subscribers worldwide is 2.7 billion in 2014 and is expected to reach 6.1 billion by 2020. With such a rapid growth of users, smartphone is becoming a new domain for various hackers to steal sensitive data of users, such as leaking contacts [2], sending messages to contacts furtively [3], and stealing credit card information  [4].

Select All
1.
Ericsson, “Ericsson mobility report,” (2014). [Online]. Available: https://www.ericsson.com/res/docs/2014/ericsson-mobility-report-november-2014.pdf
Google Scholar
2.
N. M. S. R. Center, “Security Alert: New Malware–FireLeaker–Takes Your Contacts Without Permission,” 2012. [Online]. Available: http://research.nq.com/?p=518
Google Scholar
3.
D. Maslennikov, “Selfmite: Attack using SMS worm to increase pay-per-install income,” 2014. [Online]. Available: http://www.adaptivemobile.com/blog/selfmite-worm
Google Scholar
4.
A. Bauer, “Android Malware Steals Credit Card Information,” 2014. [Online]. Available: http://blog.avira.com/android-malware/
Google Scholar
5.
R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang, “Soundcomber: A stealthy and context-aware sound trojan for smartphones,” in Proc. 18th Annu. Netw. & Distrib. Syst. Security Sympos., 2011, pp. 17–33.
Google Scholar
6.
C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun, “Analysis of the communication between colluding applications on modern smartphones,” in Proc. 28th Annu. Comput. Security Appl. Conf., 2012, pp. 51–60.
CrossRef Google Scholar
7.
J.-F. Lalande and S. Wendzel, “Hiding privacy leaks in android applications using low-attention raising covert channels,” in Proc. Int. Conf. Availability Rel. Security, 2013, pp. 701–710.
CrossRef Google Scholar
8.
A. Al-Haiqi, M. Ismail, and R. Nordin, “A new sensors-based covert channel on android,” Sci. World J., vol. 2014, 2014, Art. no. 969628.
CrossRef Google Scholar
9.
L. Deshotels, “Inaudible sound as a covert channel in mobile devices,” in Proc. 8th USENIX Conf. Offensive Technol., 2014, pp. 16–16.
Google Scholar
10.
E. Novak, Y. Tang, Z. Hao, Q. Li, and Y. Zhang, “Physical media covert channels on smart mobile devices,” in Proc. Int. Joint Conf. Pervasive Ubiquitous Comput., 2015, pp. 367–378.
CrossRef Google Scholar
11.
R. Hasan, N. Saxena, T. Haleviz, S. Zawoad, and D. Rinehart, “Sensing-enabled channels for hard-to-detect command and control of mobile devices,” in Proc. 8th Sympos. Inf. Comput. Commun. Security, 2013, pp. 469–480.
CrossRef Google Scholar
12.
S. Chandra, Z. Lin, A. Kundu, and L. Khan, “Towards a systematic study of the covert channel attacks in smartphones,” in SECURECOMM’14. Berlin, Germany: Springer, 2014, pp. 427–435.
Google Scholar
13.
W. Enck, et al., “Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” in Proc. 9th USENIX Conf. Operating Syst. Des. Implementation, 2010, pp. 393–407.
Google Scholar
14.
S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, “Xmandroid: A new android evolution to mitigate privilege escalation attacks,” Technische Universität Darmstadt, 64289 Darmstadt, Germany. Tech. Rep. TR-2011–04, 2011.
Google Scholar
15.
W. Qi, Y. Xu, W. Ding, Y. Jiang, J. Wang, and K. Lu, “Privacy leaks when you play games: A novel user-behavior-based covert channel on smartphones,” in Proc. IEEE 23rd Int. Conf. Netw. Protocols, 2015, pp. 201–211.
CrossRef Google Scholar
16.
Z. Xu, K. Bai, and S. Zhu, “Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors,” in Proc. 5th ACM Conf. Security Privacy Wireless Mobile Netw., 2012, pp. 113–124.
CrossRef Google Scholar
17.
L. Zhang, et al., “Accurate online power estimation and automatic battery behavior based power model generation for smartphones,” in Proc. 8th IEEE/ACM/IFIP Int. Conf. Hardware/Software Codes. Syst. Synthesis, 2010, pp. 105–114.
CrossRef Google Scholar
18.
B. W. Lampson, “A note on the confinement problem,” Commun. ACM, vol. 16, no. 10, pp. 613–615, 1973.
CrossRef Google Scholar
19.
S. Zander, G. Armitage, and P. Branch, “A survey of covert channels and countermeasures in computer network protocols,” IEEE Commun. Surveys Tuts., vol. 9, no. 3, pp. 44–57, Jul. 2007.
View Article
Google Scholar
20.
S. Wendzel, S. Zander, B. Fechner, and C. Herdin, “Pattern-based survey and categorization of network covert channel techniques,” ACM Comput. Surveys, vol. 47, no. 3, pp. 50:1–50:26, 2015.
CrossRef Google Scholar
21.
R. A. Kemmerer and P. A. Porras, “Covert flow trees: A visual approach to analyzing covert storage channels,” IEEE Trans. Softw. Eng., vol. 17, no. 11, pp. 1166–1185, Nov. 1991.
View Article
Google Scholar
22.
C. Wang and S. Ju, “Searching covert channels by identifying malicious subjects in the time domain,” in Proc. 5th Annu. IEEE SMC Inf. Assurance Workshop, 2004, pp. 68–73.
Google Scholar
23.
G. Shah, A. Molina, and M. Blaze, “Keyboards and covert channels,” in Proc. 15th Conf. USENIX Security Symp., 2006, pp. 59–75.
Google Scholar
24.
Z. Wang and R. B. Lee, “Covert and side channels due to processor architecture,” in Proc. 22nd Annu. Comput. Security Appl. Conf., 2006, pp. 473–482.
CrossRef Google Scholar
25.
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds,” in Proc. 16th ACM Conf. Comput. Commun. Security, 2009, pp. 199–212.
CrossRef Google Scholar
26.
Z. Wu, Z. Xu, and H. Wang, “Whispers in the hyper-space: High-speed covert channel attacks in the cloud,” in Proc. 21st USENIX Conf. Security Symp., 2012, pp. 159–173.
Google Scholar
27.
Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, “An exploration of l2 cache covert channels in virtualized environments,” in Proc. 3rd ACM Workshop Cloud Comput. Security Workshop, 2011, pp. 29–40.
CrossRef Google Scholar
28.
L. Simon and R. Anderson, “PIN skimmer: Inferring PINs through the camera and microphone,” in Proc. 3rd ACM Workshop Security Privacy Smartphones Mobile Devices, 2013, pp. 67–78.
CrossRef Google Scholar
29.
J. Wang, K. Zhao, X. Zhang, and C. Peng, “Ubiquitous keyboard for small mobile devices: Harnessing multipath fading for fine-grained keystroke localization,” in Proc. 12th Annu. Int. Conf. Mobile Syst. Appl. Services, 2014, pp. 14–27.
CrossRef Google Scholar
30.
T. Zhu, Q. Ma, S. Zhang, and Y. Liu, “Context-free attacks using keyboard acoustic emanations,” in Proc. Conf. Comput. Commun. Security, 2014, pp. 453–464.
CrossRef Google Scholar

Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.