Undermining User Privacy on Mobile Devices Using AI

2019-01-01
Gulmezoglu, Berk
Zankl, Andreas
Tol, M. Caner
Islam, Saad
Eisenbarth, Thomas
Sunar, Berk
Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to user privacy. This is because applications leave distinct footprints in the processor, which malware can use to infer user activities. In this work, we show that these inference attacks can greatly be enhanced with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with deep learning methods including convolutional neural networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zero-permission app in well under a minute. The app detects running applications, opened websites, and streaming videos with up to 98% accuracy and a profiling phase of at most 6 seconds. This is possible, as deep learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users.
ACM Asia Conference on Computer and Communications Security (Asia CCS)

Suggestions

Static Malware Detection Using Stacked Bi-Directional LSTM
Demirci, Deniz; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
The recent proliferation in the use of the Internet and personal computers has made it easier for cybercriminals to expose Internet users to widespread and damaging threats. In order protect the end users against such threats, a security system must be proactive. It needs to detect malicious files or executables before reaching the end-user. To create an efficient and low-cost malware detection mechanism, in the present study, we propose stacked bidirectional long short-term memory (Stacked BiLSTM) based de...
A Digital Twins Approach to Smart Grid Security Testing and Standardization
Atalay, Manolya; Angın, Pelin (2020-06-01)
The exponential growth of the Internet of Things in recent years has created an ever larger cyber attack surface, introducing new security vulnerabilities for all computerized systems. Among the most significant of those systems are industrial control systems (ICS) consisting of many cyber physical components, and smart grids are a prominent example of ICS, whose failures have potential to cause major disruptions in all aspects of our daily lives. In this paper, we provide an overview of smart grid cybersec...
Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach
Sarıtaş, Serkan; Sandberg, Henrik; Dan, Gyorgy (2019-01-01)
Identity theft through phishing and session hijacking attacks has become a major attack vector in recent years, and is expected to become more frequent due to the pervasive use of mobile devices. Continuous authentication based on the characterization of user behavior, both in terms of user interaction patterns and usage patterns, is emerging as an effective solution for mitigating identity theft, and could become an important component of defense-in-depth strategies in cyber-physical systems as well. In th...
Malicious user input detection on web-based attacks with the negative selection algorithm
Karataş, Mustafa Mer; Acar, Aybar Can; Department of Cyber Security (2019)
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Imm...
Automatic detection of cyber security events from Turkish twitter stream and Turkish newspaper data
Ural, Özgür; Acartürk, Cengiz; Department of Cyber Security (2019)
Cybersecurity experts scan the internet and face security events that influence users, institutions, and governments. An information security analyst regularly examines sources to stay up to date on security events in her/his domain of expertise. This may lead to a heavy workload for the information analysts if they do not have proper tools for security event investigation. For example, an information analyst may want to stay aware of cybersecurity events, such as a DDoS (Distributed Denial of Service) atta...
Citation Formats
B. Gulmezoglu, A. Zankl, M. C. Tol, S. Islam, T. Eisenbarth, and B. Sunar, “Undermining User Privacy on Mobile Devices Using AI,” Auckland, New Zealand, 2019, p. 214, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/68219.