Mobile devices based eavesdropping of handwriting

Recent THaW paper:

When filling out privacy-related forms in public places such as hospitals or clinics, people usually are not aware that the sound of their handwriting can leak personal information. In this paper, we explore the possibility of eavesdropping on handwriting via nearby mobile devices based on audio signal processing and machine learning. By presenting a proof-of-concept system, WritingHacker, we show the usage of mobile devices to collect the sound of victims’ handwriting, and to extract handwriting-specific features for machine learning based analysis. An attacker can keep a mobile device, such as a common smartphone, touching the desk used by the victim to record the audio signals of handwriting. Then, the system can provide a word-level estimate for the content of the handwriting. Moreover, if the relative position between the device and the handwriting is known, a hand motion tracking method can be further applied to enhance the system’s performance. Our prototype system’s experimental results show that the accuracy of word recognition reaches around 70 – 80 percent under certain conditions, which reveals the danger of privacy leakage through the sound of handwriting.

July 2020: Tuo Yu, Haiming Jin, and Klara Nahrstedt. Mobile devices based eavesdropping of handwritingIEEE Transactions on Mobile Computing 19(7), pages 1649–1663, July 2020. IEEE. DOI: 10.1109/TMC.2019.2912747 

SoK: A Minimalist Approach to Formalizing Analog Sensor Security

Recent THaW paper:

May 2020: Chen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, and Kevin Fu. SoK: A Minimalist Approach to Formalizing Analog Sensor Security. pages 233–248, May 2020. IEEE. DOI: 10.1109/sp40000.2020.00026 

Over the last six years, several papers demonstrated how intentional analog interference based on acoustics, RF, lasers, and other physical modalities could induce faults, influence, or even control the output of sensors. Damage to the availability and integrity of sensor output carries significant risks to safety-critical systems that make automated decisions based on trusted sensor measurement. This IEEE S&P conference ‘Systematization of Knowledge’ paper provides a framework for assessing the security of analog sensors without sensor engineers needing to learn significantly new notation. The primary goals of the systematization are (1) to enable more meaningful quantification of risk for the design and evaluation of past and future sensors, (2) to better predict new attack vectors, and (3) to establish defensive design patterns that make sensors more resistant to analog attacks.

New THaW dissertations

The THaW team recently released the dissertations of two of its newest PhDs.

Tuo Yu, University of Illinois: The two faces of mobile sensing

https://www.ideals.illinois.edu/handle/2142/107938

Abstract: The recent popularization of mobile devices equipped with high-performance sensors has given rise to the fast development of mobile sensing technology. Mobile sensing applications analyze the signals generated by human activities and environment changes, and thus get a better understanding of the environment and human behaviors. Nowadays, researchers have developed diverse mobile sensing applications, which benefit people’s living, such as gesture recognition, vital sign monitoring, localization, and identification. Mobile sensing has two faces. While benefiting people’s lives, its growing capability would also spawn new threats to security and privacy. Exploring the dual character of mobile sensing is challenging. On one hand, while the commercialization of new mobile devices enlarges the design space, it is challenging to design effective mobile sensing systems, which use less or cheaper sensors and achieve better performance or more functionalities. On the other hand, attackers can utilize the sensing strategies to track victims’ activities and cause privacy leakages. It is challenging to find the potential leakages, because mobile sensing attacks usually use side channels and target the information hidden in non-textual data. To target the above challenges, I present the Mobile Sensing Application-Attack (MSAA) framework, a general model showing the structures of mobile sensing applications and attacks, and how the two faces are connected. MSAA reflects our principle of designing effective mobile sensing systems, i.e., we reduce the cost and improve the performance of current systems by exploring different sensors, various requirements for user/environment contexts, and different sensing algorithms. MSAA also shows our principle of exploring information leakages, i.e., we break a sensing system into basic components, and for each component we consider what user information could be extracted if data are leaked. I take handwriting input and indoor walking path tracking as examples, and show how we design effective mobile sensing techniques and also investigate their potential threats following MSAA. I design an audio-based handwriting input method for tiny mobile devices, which allows users to input words by writing on tables with fingers. Then, I explore the attacker’s capability of recognizing a victim’s handwriting content based on the handwriting sound. I also present an in-shoe force sensor-based indoor walking path tracking system, which enables smart shoes to locate users. Meanwhile, I show how likely a victim can be located if the foot force data are leaked to attackers. Our experiment results show that our applications can achieve satisfactory performance, and also confirm the threats of privacy leakage if they are maliciously used, which reveals the two faces of mobile sensing.

Travis Peters, Dartmouth College: Trustworthy Wireless Personal Area Networks.

https://www.cs.dartmouth.edu/~trdata/reports/abstracts/TR2020-878/

Abstract: In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems.

First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX.

Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time.

Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions.

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems

A new THaW paper was published at USENIX Security last week. It describes using a laser at a distance of 110 meters to stimulate audio sensors on smart speakers and thereby insert audio commands that are accepted as coming from a legitimate user. Techniques for dealing with this vulnerability are proposed.

Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu. Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems. In Proceedings of the USENIX Security Symposium (USENIX Security), pages 2631–2648, August 2020. USENIX Association.

Paper and video presentation at https://www.usenix.org/conference/usenixsecurity20/presentation/sugawara 

THaW graduates: where are they now?

As the THaW project draws to a close, we are proud to recognize the many students and postdocs who were involved in THaW research over the years. As noted below, they have moved on to positions in academia or industry. Unless otherwise noted, each is a PhD. (Please send any corrections or additions to David Kotz at info@thaw.org.)

Cybersecurity and Privacy Implications of Contact Tracing

Two THaW researchers participated as panelists in a recent online panel discussion about contact tracing, with an emphasis on the security and privacy aspects. The video is now available.

“The coronavirus pandemic has highlighted the need for contact tracing, an effort to retroactively discover and inform all the persons who had recent contact with an infected person. Traditional methods are labor-intensive and inherently limited by human memory. Smartphone apps have been proposed to proactively record contacts, for retrospective notifications to those who may have been proximate to someone later discovered to be infected. There are, however, inherent privacy and cybersecurity risks posed by such technologies, and the same technologies could be abused for purposes other than public health. It is thus essential for contact tracing technologies to be designed and deployed with the utmost care and transparency.”

THaW work on contact tracing

Early THaW research on contact tracing is finding new relevance as groups across the US and around the world scramble to develop privacy-preserving contact-tracing apps.  Notable app efforts include DP-3TPEPP-PT, and SafePaths.  All of those efforts focus on privacy-preserving apps for retrospective notification of persons who may have had “contact” with a person later determined to be ill with an infectious disease, where “contact” occurs when spending time in close proximity to the infected person.  THaW student Aarathi Prasad went further, devising a system that could also detect “close encounters”, e.g., for those who may have visited a place soon after the infected person left.  Some diseases, including perhaps the coronavirus, can linger in the air or on surfaces for hours.

The lead author on THaW’s work, Aarathi Prasad, is now a professor at Skidmore College, which just posted an extended story about her work. Her work was originally published in the paper below.

Aarathi Prasad and David Kotz. ENACT: Encounter-based Architecture for Contact Tracing. Proceedings of the ACM Workshop on Physical Analytics (WPA), pages 37–42. ACM Press, June 2017. doi:10.1145/3092305.3092310. ©Copyright ACM.

Abstract: Location-based sharing services allow people to connect with others who are near them, or with whom they shared a past encounter. Suppose it were also possible to connect with people who were at the same location but at a different time – we define this scenario as a close encounter, i.e., an incident of spatial and temporal proximity. By detecting close encounters, a person infected with a contagious disease could alert others to whom they may have spread the virus. We designed a smartphone-based system that allows people infected with a contagious virus to send alerts to other users who may have been exposed to the same virus due to a close encounter. We address three challenges: finding devices in close encounters with minimal changes to existing infrastructure, ensuring authenticity of alerts, and protecting privacy of all users. Finally, we also consider the challenges of a real-world deployment.

New THaW patents

The THaW team is pleased to announce two new patents derived from THaW research, bringing the project total to five patents and one pending.  For the complete list, visit our Tech Transfer page.  The two new patents are described below.

  • March 2020: Xiaohui Liang, Tianlong Yun, Ron Peterson, and David Kotz. Secure System For Coupling Wearable Devices To Computerized Devices with Displays, March 2020. USPTO; U.S. Patent 10,581,606; USPTO. Download from https://patents.google.com/patent/US20170279612A1/enPriority date 2014-08-18, Grant date 2020-03-03. Patent describes a system enabling information from mobile health sensors (eg Fitbit) to be displayed onto nearby screens without being affected by local security threats. The scheme uses visible light sensor on the mobile device. See papers liang:lighttouch and liang:jlighttouch.
  • February 2020: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Apparatus for Securely Configuring A Target Device and Associated Methods, February 2020. U.S. Patent 10,574,298; USPTO. Download from https://patents.google.com/patent/US20180191403A1/enThis is a patent. Priority date 2015-06-23, Grant date 2020-02-25. Patent based on “Wanda” device, described in other publications. Device implements a scheme for single antenna wi-fi device to determine its proximity to another wi-fi device with which it is communicating, in order to assure it is not unwittingly communicating with a distant adversary device rather than a nearby device. See paper pierson:wanda.

Do Breach Remediation Efforts Affect Patient Outcomes?

THaW professor Eric Johnson was recently interviewed on the DataBreach Today podcast.  “How do hospitals’ efforts to bolster information security in the aftermath of data breaches potentially affect patient outcomes? Professor Eric Johnson of Vanderbilt University discusses recent research that shows a worrisome relationship between breach remediation and the delivery of timely patient care.”

You can find the 14-minute podcast, and written summary, on DataBreachToday.com.

The podcast discusses a recent THaW paper:

Sung J. Choi, M. Eric Johnson, and Christoph U. Lehmann. Data breach remediation efforts and their implications for hospital quality. Health Services Research 54(5), pages 971–980, September 2019. John Wiley & Sons. DOI: 10.1111/1475-6773.13203

Proximity detection with single-antenna IoT devices

ACM SIGMOBILE has posted a video of our presentation of the THaW paper Proximity detection with single-antenna IoT devices at MobiCom’19.  Abstract below the video.

Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Proximity Detection with Single-Antenna IoT Devices. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), Article #21, October 2019. ACM Press. DOI 10.1145/3300061.3300120.

Abstract: Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques.

We present theoretical and practical evaluation of a method called SNAP – SiNgle Antenna Proximity – that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi’s preamble and the behavior of a signal in a transmitting antenna’s near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.