TY - GEN
T1 - I know what you did on your smartphone
T2 - 3rd IEEE International Conference on Communications and Network Security, CNS 2015
AU - Wang, Qinglong
AU - Yahyavi, Amir
AU - Kemme, Bettina
AU - He, Wenbo
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/12/3
Y1 - 2015/12/3
N2 - Smartphones and tablets are now ubiquitous in many people's lives and are used throughout the day in many public places. They are often connected to a wireless local area network (IEEE 802.11 WLANs) and rely on encryption protocols to maintain their security and privacy. In this paper, we show that even in presence of encryption, an attacker without access to encryption keys is able to determine the users' behavior, in particular, their app usage. We perform this attack using packet-level traffic analysis in which we use side-channel information leaks to identify specific patterns in packets regardless of whether they are encrypted or not. We show that just by collecting and analyzing small amounts of wireless traffic, one can determine what apps each individual smartphone user in the vicinity is using. Furthermore, and more worrying, we show that by using these apps the privacy of the user is more at risk compared to using online services through browsers on mobile devices. This is due to the fact that apps generate more identifiable traffic patterns. Using random forests to classify the apps we show that we are able to identify individual apps, even in presence of noise, with great accuracy. Given that most online services now provide native apps that may be identified by this method, these attacks represent a serious threat to users' privacy.
AB - Smartphones and tablets are now ubiquitous in many people's lives and are used throughout the day in many public places. They are often connected to a wireless local area network (IEEE 802.11 WLANs) and rely on encryption protocols to maintain their security and privacy. In this paper, we show that even in presence of encryption, an attacker without access to encryption keys is able to determine the users' behavior, in particular, their app usage. We perform this attack using packet-level traffic analysis in which we use side-channel information leaks to identify specific patterns in packets regardless of whether they are encrypted or not. We show that just by collecting and analyzing small amounts of wireless traffic, one can determine what apps each individual smartphone user in the vicinity is using. Furthermore, and more worrying, we show that by using these apps the privacy of the user is more at risk compared to using online services through browsers on mobile devices. This is due to the fact that apps generate more identifiable traffic patterns. Using random forests to classify the apps we show that we are able to identify individual apps, even in presence of noise, with great accuracy. Given that most online services now provide native apps that may be identified by this method, these attacks represent a serious threat to users' privacy.
UR - http://www.scopus.com/inward/record.url?scp=84966293221&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84966293221&partnerID=8YFLogxK
U2 - 10.1109/CNS.2015.7346855
DO - 10.1109/CNS.2015.7346855
M3 - Conference contribution
AN - SCOPUS:84966293221
T3 - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015
SP - 433
EP - 441
BT - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 28 September 2015 through 30 September 2015
ER -