Files in this item

FilesDescriptionFormat

application/pdf

application/pdfDAS-DISSERTATION-2016.pdf (13MB)
(no description provided)PDF

Description

Title:Understanding and mitigating the privacy risks of smartphone sensor fingerprinting
Author(s):Das, Anupam
Director of Research:Borisov, Nikita
Doctoral Committee Chair(s):Borisov, Nikita
Doctoral Committee Member(s):Caesar, Matthew; Choudhury, Romit Roy; Smaragdis, Paris; Boneh, Dan
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:Ph.D.
Genre:Dissertation
Subject(s):fingerprinting
motion sensors
privacy
microphone and speaker
Abstract:The widespread use of smartphones in our everyday life gives rise to privacy concerns. Fingerprinting smartphones can jeopardize user privacy by enabling remote identification of users without users' awareness. In this dissertation we study the feasibility of using on-board sensors such as microphones, accelerometers and gyroscopes to fingerprint smartphones. During fabrication, subtle imperfections arise in device sensors which induce distinctive anomalies in the generated signal. Using machine learning techniques we can distinguish smartphones generating such distinctive anomalies. We first look at fingerprinting smartphones through on-board microphones and speakers. We explore different acoustic features and analyze their ability to successfully fingerprint smartphones. Our study identifies the prominent acoustic features capable of fingerprinting smartphones with a high success rate, and also examines the impact of background noise and other variables on fingerprinting accuracy. Next, we surreptitiously fingerprint smartphones using the imperfections of motion sensors (i.e., accelerometers and gyroscopes) embedded in modern smartphones, through a web page. We analyze how well motion sensor fingerprinting works under real-world constraints by collecting data from a large number of smartphones under both lab and public environments. Our study demonstrates that motion sensor fingerprinting is effective even with 500 users. We also develop a model to estimate prediction accuracy for larger user populations; our model provides a conservative estimate of at least 10% classification accuracy with 100000 users, which suggests that motion sensor fingerprinting can be effective when combined with even a weak browser fingerprint. We then investigate the use of motion sensors on the web and find, distressingly, that many sites send motion sensor data to servers for storage and analysis, paving the way for potential fingerprinting. Finally, we consider the problem of developing countermeasures for motion sensor fingerprinting; we propose several practical countermeasures and evaluate their usability through a large-scale user study. We find that countermeasures such as data obfuscation and sensor quantization are really promising in the sense that they not only drastically reduce fingerprinting accuracy but also remain benign to applications using motion sensors.
Issue Date:2016-07-01
Type:Thesis
URI:http://hdl.handle.net/2142/92742
Rights Information:Copyright 2016 Anupam Das
Date Available in IDEALS:2016-11-10
Date Deposited:2016-08


This item appears in the following Collection(s)

Item Statistics