【 摘 要 】

The widespread use of smartphones in our everyday life gives rise to privacy concerns. Fingerprinting smartphones can jeopardize user privacy by enabling remote identification of users without users' awareness. In this dissertation we study the feasibility of using on-board sensors such as microphones, accelerometers and gyroscopes to fingerprint smartphones. During fabrication, subtle imperfections arise in device sensors which induce distinctive anomalies in the generated signal. Using machine learning techniques we can distinguish smartphones generating such distinctive anomalies.We first look at fingerprinting smartphones through on-board microphones and speakers. We explore different acoustic features and analyze their ability to successfully fingerprint smartphones. Our study identifies the prominent acoustic features capable of fingerprinting smartphones with a high success rate, and also examines the impact of background noise and other variables on fingerprinting accuracy. Next, we surreptitiously fingerprint smartphones using the imperfections of motion sensors (i.e., accelerometers and gyroscopes) embedded in modern smartphones, through a web page. We analyze how well motion sensor fingerprinting works under real-world constraints by collecting data from a large number of smartphones under both lab and public environments. Our study demonstrates that motion sensor fingerprinting is effective even with 500 users. We also develop a model to estimate prediction accuracy for larger user populations; our model provides a conservative estimate of at least 10% classification accuracy with 100000 users, which suggests that motion sensor fingerprinting can be effective when combined with even a weak browser fingerprint. We then investigate the use of motion sensors on the web and find, distressingly, that many sites send motion sensor data to servers for storage and analysis, paving the way for potential fingerprinting. Finally, we consider the problem of developing countermeasures for motion sensor fingerprinting; we propose several practical countermeasures and evaluate their usability through a large-scale user study. We find that countermeasures such as data obfuscation and sensor quantization are really promising in the sense that they not only drastically reduce fingerprinting accuracy but also remain benign to applications using motion sensors.

【 预 览 】

附件列表

Files	Size	Format	View
Understanding and mitigating the privacy risks of smartphone sensor fingerprinting	12372KB	PDF	download