1. bookVolume 2018 (2018): Issue 1 (January 2018)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures

Published Online: 11 Jan 2018
Page range: 88 - 108
Received: 31 May 2017
Accepted: 16 Sep 2017
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

The ability to track users’ activities across different websites and visits is a key tool in advertising and surveillance. The HTML5 DeviceMotion interface creates a new opportunity for such tracking via fingerprinting of smartphone motion sensors. We study the feasibility of carrying out such fingerprinting under real-world constraints and on a large scale. In particular, we collect measurements from several hundred users under realistic scenarios and show that the state-of-the-art techniques provide very low accuracy in these settings. We then improve fingerprinting accuracy by changing the classifier as well as incorporating auxiliary information. We also show how to perform fingerprinting in an open-world scenario where one must distinguish between known and previously unseen users.

Keywords

[1] U.S. Mobil App Report. http://www.ella.net/pdfs/comScore-US-Mobile-App-Report-2014.pdf.Search in Google Scholar

[2] Amazon Mechanical Turk. https://www.mturk.com/mturk/welcome.Search in Google Scholar

[3] Android TelephonyManager. http://developer.android.com/reference/android/telephony/TelephonyManager.html#getDeviceId().Search in Google Scholar

[4] Apple places kill date on apps that use ‘UDID’ device identifiers. http://www.zdnet.com/article/apple-places-killdate-on-apps-that-use-udid-device-identifiers/.Search in Google Scholar

[5] Mobile apps overtake PC Internet usage in U.S. http://money.cnn.com/2014/02/28/technology/mobile/mobileapps-internet/.Search in Google Scholar

[6] Percentage of all global web pages served to mobile phones from 2009 to 2016. http://www.statista.com/statistics/241462/global-mobile-phone-website-traffic-share/.Search in Google Scholar

[7] sklearn.ensemble.VotingClassifier. http://scikit-learn.org/stable/modules/generated/sklearn.ensemble.VotingClassifier.html.Search in Google Scholar

[8] We Spend More Time On Smartphones Than Traditional PCs: Nielsen. http://www.ibtimes.com/we-spend-more-time-smartphones-traditional-pcs-nielsen-1557807.Search in Google Scholar

[9] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, and Claudia Diaz. The Web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 674–689, 2014.Search in Google Scholar

[10] Gunes Acar, Marc Juarez, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, and Bart Preneel. FPDetective: dusting the web for fingerprinters. In Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security (CCS), pages 1129–1140, 2013.Search in Google Scholar

[11] Duncan Black, Robert Albert Newing, Iain McLean, Alistair McMillan, and Burt L Monroe. The theory of committees and elections. Springer, 1958.Search in Google Scholar

[12] Hristo Bojinov, Yan Michalevsky, Gabi Nakibly, and Dan Boneh. Mobile Device Identification via Sensor Fingerprinting. CoRR, abs/1408.1416, 2014. urlhttp://arxiv.org/abs/1408.1416.Search in Google Scholar

[13] G. Brown, A. Pocock, M.-J. Zhao, and M. Luján. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. The Journal of Machine Learning Research, 13:27–66, 2012.Search in Google Scholar

[14] Anupam Das, Nikita Borisov, and Matthew Caesar. Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components. In Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 441–452, 2014.Search in Google Scholar

[15] Anupam Das, Nikita Borisov, and Matthew Caesar. Exploring Ways To Mitigate Sensor-Based Smartphone Fingerprinting. CoRR, abs/1503.01874, 2015.Search in Google Scholar

[16] Anupam Das, Nikita Borisov, and Matthew Caesar. Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS), 2016.Search in Google Scholar

[17] Jean Charles de Borda. Mémoire sur les élections au scrutin, histoire de l’académie royale des sciences. Paris, France, 1781.Search in Google Scholar

[18] Sanorita Dey, Nirupam Roy, Wenyuan Xu, Romit Roy Choudhury, and Srihari Nelakuditi. AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable. In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS), 2014.Search in Google Scholar

[19] Peter Eckersley. How Unique is Your Web Browser? In Proceedings of the 10th International Conference on Privacy Enhancing Technologies (PETS), pages 1–18, 2010.Search in Google Scholar

[20] Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, and Douglas Sicker. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proceedings of the 15th Conference on USENIX Security Symposium, 2006.Search in Google Scholar

[21] Tin Kam Ho, Jonathan J. Hull, and Sargur N. Srihari. Decision combination in multiple classifier systems. IEEE transactions on pattern analysis and machine intelligence, 16(1):66–75, 1994.Search in Google Scholar

[22] Thomas Hupperich, Davide Maiorca, Marc Kührer, Thorsten Holz, and Giorgio Giacinto. On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms? In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), pages 191–200. ACM, 2015.Search in Google Scholar

[23] Tadayoshi Kohno:2005, Andre Broido, and K. C. Claffy. Remote Physical Device Fingerprinting. IEEE Transaction on Dependable Secure Computing, 2(2):93–108, 2005.Search in Google Scholar

[24] Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling. Fingerprinting Mobile Devices Using Personalized Configurations. Proceedings on Privacy Enhancing Technologies (PoPETs), 2016(1):4–19, 2017.Search in Google Scholar

[25] Pierre Laperdrix, Walter Rudametkin, and Benoit Baudry. Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints. In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P), pages 878–894, 2016.Search in Google Scholar

[26] Zang Li, Wenyuan Xu, Rob Miller, and Wade Trappe. Securing Wireless Systems via Lower Layer Enforcements. In Proceedings of the 5th ACM Workshop on Wireless Security (WiSe), pages 33–42, 2006.Search in Google Scholar

[27] Gordon Lyon. Nmap: a free network mapping and security scanning tool. http://nmap.org/.Search in Google Scholar

[28] S.B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. In Proceedings of the 18th Annual IEEE International Conference on Computer Communications (INFOCOM), pages 227–234, 1999.Search in Google Scholar

[29] Keaton Mowery and Hovav Shacham. Pixel perfect: Fingerprinting canvas in HTML5. In Proceedings of Web 2.0 Security and Privacy Workshop (W2SP), 2012.Search in Google Scholar

[30] Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. You are what you include: large-scale evaluation of remote javascript inclusions. In Proceedings of the 19th ACM SIGSAC conference on Computer and Communications Security (CCS), pages 736–747, 2012.Search in Google Scholar

[31] Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits. PriVaricator: Deceiving Fingerprinters with Little White Lies. In Proceedings of the 24th International Conference on World Wide Web (WWW), pages 820–830, 2015.Search in Google Scholar

[32] Lukasz Olejnik, Gunes Acar, Claude Castelluccia, and Claudia Diaz. The leaking battery: A privacy analysis of the HTML5 Battery Status API. Cryptology ePrint Archive, Report 2015/616, 2015. http://eprint.iacr.org/2015/616.Search in Google Scholar

[33] Lukasz Olejnik, Claude Castelluccia, and Artur Janc. Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2012.Search in Google Scholar

[34] Neal Patwari and Sneha K. Kasera. Robust Location Distinction Using Temporal Link Signatures. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom), pages 111–122, 2007.Search in Google Scholar

[35] M.J. Riezenman. Cellular security: better, but foes still lurk. IEEE Spectrum, 37(6):39–42, 2000.10.1109/6.846096Open DOISearch in Google Scholar

[36] Jan Spooren, Davy Preuveneers, and Wouter Joosen. Mobile Device Fingerprinting Considered Harmful for Risk-based Authentication. In Proceedings of the 8th European Workshop on System Security (EuroSec), pages 1–6. ACM, 2015.Search in Google Scholar

[37] Fyodor Yarochkin, Meder Kydyraliev, and Ofir Arkin. Xprobe project. http://ofirarkin.wordpress.com/xprobe/.Search in Google Scholar

[38] Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. In Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 429–440, 2014.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo