Construction and Mitigation of User-Behavior-Based Covert Channels on Smartphones | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Mobile C... >Volume: 17 Issue: 1

Construction and Mitigation of User-Behavior-Based Covert Channels on Smartphones

PDF
Wen Qi; Wanfu Ding; Xinyu Wang; Yonghang Jiang; Yichen Xu; Jianping Wang
All Authors

Abstract:

To protect user privacy, many smartphone systems adopt the permission-based mechanism in which a user can evaluate the risk of requests for private information from a mob...Show More

Metadata

Abstract:

To protect user privacy, many smartphone systems adopt the permission-based mechanism in which a user can evaluate the risk of requests for private information from a mobile app before installing it. However, recent studies show that the permission based mechanism is vulnerable to application collusion attacks because two apps, which appear to be harmless individually, can establish a covert channel and use it to leak confidential information. Consequently, people have designed some covert channel detection schemes, by checking abnormal status of the phone. In this paper, we point out that existing covert channel detection schemes may fail to detect a new type of collusion attacks referred as user-behavior-based covert channels. We implement three covert channels on Android smartphones. Our work sets a new alarm for the security issue of using smartphones. We then study the countermeasures to this new type of covert channels. Instead of trying to directly detect the proposed new type of covert channels, we propose two mitigation solutions to reduce the effectiveness of such covert channels. The mitigation solutions are also valid to other existing sensor-based side channels and/or covert channels on the phone.
Published in: IEEE Transactions on Mobile Computing ( Volume: 17, Issue: 1, 01 January 2018)
Page(s): 44 - 57
Date of Publication: 24 April 2017

ISSN Information:

DOI: 10.1109/TMC.2017.2696945

Funding Agency:

References is not available for this document.
Contents

1 Introduction

In the past few years, smartphone users are increasing explosively. It is predicted that such growth will keep speedy in the near future. According to a recent study by Ericsson [1], the number of smartphone subscribers worldwide is 2.7 billion in 2014 and is expected to reach 6.1 billion by 2020. With such a rapid growth of users, smartphone is becoming a new domain for various hackers to steal sensitive data of users, such as leaking contacts [2], sending messages to contacts furtively [3], and stealing credit card information  [4].

References is not available for this document.

Contact IEEE to Subscribe
More Like This
A Game Theory Based Collaborative Security Detection Method for Internet of Things Systems

IEEE Transactions on Information Forensics and Security

Published: 2018

The Internet of Things for healthcare monitoring: Security review and proposed solution

2014 Third IEEE International Colloquium in Information Science and Technology (CIST)

Published: 2014

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.