ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (7): 1371-1392.doi: 10.7544/issn1000-1239.2018.20170982

所属专题: 2018物联网安全专题

• 信息安全 • 上一篇    下一篇

基于差分隐私的Android物理传感器侧信道防御方法

唐奔宵,王丽娜,汪润,赵磊,王丹磊   

  1. (空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉 430072) (武汉大学国家网络安全学院 武汉 430072) (tangbenxiao@whu.edu.cn)
  • 出版日期: 2018-07-01
  • 基金资助: 
    国家自然科学基金重点项目(U1536204);国家自然科学基金项目(61672394,61672393)

A Defensive Method Against Android Physical Sensor-Based Side-Channel Attack Based on Differential Privacy

Tang Benxiao, Wang Lina, Wang Run, Zhao Lei, Wang Danlei   

  1. (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072) (School of Cyber Science and Engineering, Wuhan University, Wuhan 430072)
  • Online: 2018-07-01

摘要: Android物理传感器侧信道防御研究主要针对以移动设备传感器为媒介的隐私泄露攻击.当前的防御方案主要为预防检测、虚拟键盘随机化等.然而,防御过程中不可控的用户决策以及层出不穷的新型侧信道攻击,导致传统方案无法从根本上解决基于物理传感器的隐私泄露威胁.针对上述问题,提出了一种基于差分隐私的Android物理传感器侧信道防御方法.通过注入少量的特殊分布噪声,混淆传感器原始数据,进而干扰侧信道构建过程.如何在保证传感器相关功能正常运行与用户体验的前提下,尽可能降低侧信道攻击成功率是面临的最大困难.通过设计并实现传感器相关功能抽取工具SensorTainter,对APP中传感器相关功能进行分析与分类,计算相关功能正常运行时能够承受的传感器数据混淆范围.依据对47 144个APP以及典型传感器侧信道攻击的实验分析结果,证明该防御方案能够有效限制传感器侧信道攻击,单次点击事件攻击的准确率最高减少27个百分点.由于在Android应用框架层构建,该防御方案对于用户完全透明,具有很好的扩展能力.

关键词: Android, 物理传感器, 侧信道, 差分隐私, 隐私保护

Abstract: The defensive research against Android physical sensor-based side-channel attacks mainly aims at the privacy leak which leverage mobile sensors as medium. The current defensive methods are malicious activity detection, virtual keyboards randomization, etc. However, these traditional methods can hardly protect user’s privacy from sensor-based side-channel attacks fundamentally, for the unpredictable user decision and variety of novel attacks. In order to overcome the above problems, this paper presents a defensive method against physical sensor-based side-channel attacks based on differential privacy. This defensive method interferes the process of side-channel construction by injecting random noise coincident with the Laplace distribution which can obfuscate the original sensor data. The primary challenge of the proposal method is reducing the success rate of side-channel attacks as much as possible on the premise that ensuring normal operation of the sensor-based function and user experience. Taking the advantages of a sensor-based function extraction tool SensorTainter we designed, the sensor-based functions are analyzed detailedly and classified according to the types of based sensors and algorithms, thus we estimate the ranges of sensor data obfuscation for each category of sensor-based function. By analyzing 47 144 apps and 9 typical sensor-based side-channel attacks, the experiment proves that our defensive method can effectively defense against sensor-based attacks, which results in an accuracy decrease of 27 percent points at most in one attempt during key-event side-channel attacks and about 7 percent points in tracking side-channel attacks. Because of implementing in Android framework, this defensive method is completely user transparent and has great expansibility.

Key words: Android, physical sensor, side channel, differential privacy, privacy protection

中图分类号: