关键词: Android, 物理传感器, 侧信道, 差分隐私, 隐私保护

Abstract: The defensive research against Android physical sensor-based side-channel attacks mainly aims at the privacy leak which leverage mobile sensors as medium. The current defensive methods are malicious activity detection, virtual keyboards randomization, etc. However, these traditional methods can hardly protect user’s privacy from sensor-based side-channel attacks fundamentally, for the unpredictable user decision and variety of novel attacks. In order to overcome the above problems, this paper presents a defensive method against physical sensor-based side-channel attacks based on differential privacy. This defensive method interferes the process of side-channel construction by injecting random noise coincident with the Laplace distribution which can obfuscate the original sensor data. The primary challenge of the proposal method is reducing the success rate of side-channel attacks as much as possible on the premise that ensuring normal operation of the sensor-based function and user experience. Taking the advantages of a sensor-based function extraction tool SensorTainter we designed, the sensor-based functions are analyzed detailedly and classified according to the types of based sensors and algorithms, thus we estimate the ranges of sensor data obfuscation for each category of sensor-based function. By analyzing 47 144 apps and 9 typical sensor-based side-channel attacks, the experiment proves that our defensive method can effectively defense against sensor-based attacks, which results in an accuracy decrease of 27 percent points at most in one attempt during key-event side-channel attacks and about 7 percent points in tracking side-channel attacks. Because of implementing in Android framework, this defensive method is completely user transparent and has great expansibility.

Key words: Android, physical sensor, side channel, differential privacy, privacy protection