physical media covert channels on smart mobile devices
TRANSCRIPT
PHYSICAL MEDIA COVERT CHANNELS ON SMART MOBILE DEVICES -ED NOVAK ,YUTAO TANG, ZIJIANG HAO, QUN LI, YIFAN ZHANG
Presenter: Harshitha Chidananda
TABLE OF CONTENTS
Introduction Main problem Main points and
contributions Challenges Recent work
Strengths and Weaknesses
Open issues/ Direction of future research
My thoughts Summary and
conclusion
Key technical points PMCC Trojan Horse
Malware 5 example PMCCs Defense
mechanism Evaluation
Fundamental shift for computing • Carry sensitive information• Equipped with physical interface
hardware
MAIN PROBLEM
Device carry sensitive information about the user Malwares in many applications Applications access user’s information without permission
MAIN POINTS AND CONTRIBUTIONS
Information leakage malware Uses covert channels over physical “real-world” media, such as sound or light. First to use PMCC(Physical Media Covert Channels) Malware advantages:
New form Stealthy State-of-the-art defenses
Privilege escalation Information leakage
Defense mechanism Balances security with usability
CHALLENGES
Speed As little as 100 bits per second is enough to pose a serious threat
Stealth difficult to defend against. They must go unnoticed by the user Appear to be benign from the point of view of the software. Differentiate between benign and malicious sensor use Not interrupt the user with confirmation dialogs.
KEY TECHNICAL POINTS
Propose a new class of covert channels for smart mobile devices that utilize real world interfaces Generalized as “physical medium covert channels”- PMCC High stealth High speed
Design and implementation of five example PMCCs Use PMCCs to design a new variant of trojan horse malware
appears to be benign but actually leaks sensitive user information. Propose and implement a novel defense scheme that takes a framework approach. Evaluate prototypes of each covert channel and the defense mechanism.
RECENT WORK
Defense mechanisms Taint-analysis
Taint analysis can be used to identify sensitive information as it flows through an application and notifying the user or stopping this sensitive information from leaving the device and being leaked.
Elaborate security policy mechanisms Internal computation for security reasons
Application market curation Market curation techniques aim to identify and remove malicious applications from the market before users
even have a chance to install it.
PART 1:THREAT MODEL
Send information over the Internet without requesting the Internet permission Creating Applications that look normal Dual run using “ScheduledExecutorService” Android timing mechanism Accessing Sensitive Information
Android applications can ask the browser to open URLs on their behalf without declaring the
Internet permission. The attacker can include some
CGI parameters
(E.X., attackerhost.com/collector?usersecret=val)
transmit sensitive information to their own controlled host.
PART 2:TROJAN HORSE MALWARE DESIGN
Example Trojan Application — Jog-LogThe application asks for GPS and microphone permission
User uses jogging app while jogging
Later at night, app uses ScheduledExecutorService
Uses PMCC to transmit location information
Speaker is used to produce ultrasonic signalMicrophone is used to decode the ultrasound signalForms URL with the attacker’s host as a domain
User’s location as CGI parameterThe attacker sets up a special web server to respond to these requests
Records CGI parameters in a file associated with the IP address of the user
The attacker can now find the street address
PART 3: COVERT CHANNEL DESIGN Implementation of five physical media covert channels:
Ultrasound Speaker and Accelerometer Vibration and Accelerometer Flash and Camera User and Gyroscope
PART4 :DEFENSE SYSTEM ARCHITECTURE
PART 4: STAGE 1-GUARD SERVICE
GuardService exposes 3 methods: .add(component, device, tag) .remove(component, device) .lookup(component, device)
• Component begins using a sender device
• .add() is called• Taint-tag from the data flowing is stored in the
guardService
• .loopup() is called• Retrieve taint-tag from any active sender devices
• .remove() is called• When sender services are no longer needed
PART 4: STAGE 11 - TREATMENT
Alert the user weakest choice
Choose One One of the devices is turned off Tunable parameter
Dynamically Switch: Switch dynamically between two sensors.
Rate Limit For devices that needs 2 sensors to work(flash and camera) Limit the rate at which the device can be used
Altering the Signal Increase error rate Careful not to alter useful information
PART 5: EVALUATION
PART 5: EVALUATION
PART 5: EVALUATION
PART 5: EVALUATION
STRENGTHS AND WEAKNESSES
Strengths Good evaluation of each covert channel and defense
mechanisms Succeeds Good results Describes about developing a good malware Describes good defense mechanisms Easy to read
Weaknesses Repetitive No user study
OPEN ISSUES/ DIRECTION FOR FUTURE RESEARCH
Does not focus on the case where the attacker tries to use some physical medium covert channel to communicate with another proximal device.
Experiments on Apple smartphones Influence of defense mechanisms on performance
MY THOUGHTS
Simple English with few terms that needed to be Googled Pictorially eye catching Well explained Best way to make reader understand the importance of security Gave broader perception Realistic overview Good illustrations
SUMMARY AND CONCLUSION
First to use Physical Media Covert Channels Designed specifically for mobile devices New form of malware Novel Defense mechanism Alert community of potential threat
Thank You!QUESTIONS?