MISSILE: A System of Mobile Inertial Sensor-Based Sensitive Indoor Location Eavesdropping

Privacy concerns on smartphones have been raised by the public as more and more personal data are now stored on them. In this paper, we show that location information can be compromised through mobile inertial sensors which are considered insensitive and accessible by any mobile application in both iOS and Android without special privilege. We present MISSILE, an automatic system that can infer users’ indoor location using labeled sensor data as prior knowledge. The key idea is that when a user reaches a particular indoor location, it is very likely that he/she has passed through some unique interior structures of a building, such as winding corridors, fire stop doors or elevators. These structures exhibit repeatable motion and environment patterns in mobile sensors that can be recognized by supervised learning. In our MISSILE system, the location labels of training data are automatically attained by Bluetooth beacons deployed in sensitive locations. With effective feature extraction procedure robust modeling, MISSILE shows good success rate for inference attack. For example, in a university campus with 15 sensitive locations, MISSILE achieves up to 73% correct prediction score whereas a random guess can only achieve 1/(15 + 1) = 6.25%. Further improvements on system performance and countermeasures are also discussed.

[1]  Brian Neil Levine,et al.  Turning Off GPS Is Not Enough: Cellular Location Leaks over the Internet , 2013, Privacy Enhancing Technologies.

[2]  S. S. Wilks The Large-Sample Distribution of the Likelihood Ratio for Testing Composite Hypotheses , 1938 .

[3]  Robert Piché,et al.  A Survey of Selected Indoor Positioning Methods for Smartphones , 2017, IEEE Communications Surveys & Tutorials.

[4]  Jeih-Weih Hung,et al.  Robust entropy-based endpoint detection for speech recognition in noisy environments , 1998, ICSLP.

[5]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[6]  Andrew G. Dempster,et al.  How feasible is the use of magnetic field alone for indoor positioning? , 2012, 2012 International Conference on Indoor Positioning and Indoor Navigation (IPIN).

[7]  Guevara Noubir,et al.  My Magnetometer Is Telling You Where I've Been?: A Mobile Device Permissionless Location Attack , 2018, WISEC.

[8]  Ramón F. Brena,et al.  Evolution of Indoor Positioning Technologies: A Survey , 2017, J. Sensors.

[9]  Gabi Nakibly,et al.  PowerSpy: Location Tracking Using Mobile Device Power Analysis , 2015, USENIX Security Symposium.

[10]  Nobuo Kawaguchi,et al.  Pedestrian dead reckoning based on human activity sensing knowledge , 2014, UbiComp Adjunct.

[11]  Sang H. Son,et al.  HybridBaro: Mining Driving Routes Using Barometer Sensor of Smartphone , 2017, IEEE Sensors Journal.

[12]  Triet Vo Huu,et al.  Inferring User Routes and Locations Using Zero-Permission Mobile Sensors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Jingyu Hua,et al.  We Can Track You if You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[14]  Klara Nahrstedt,et al.  Identity, location, disease and more: inferring your secrets from android public resources , 2013, CCS.

[15]  Nancy Chinchor,et al.  MUC-4 evaluation metrics , 1992, MUC.

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[17]  Andreas W. Kempa-Liehr,et al.  Distributed and parallel time series feature extraction for industrial big data applications , 2016, ArXiv.

[18]  Zhuoqing Morley Mao,et al.  Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks , 2014, USENIX Security Symposium.

[19]  Ram Dantu,et al.  Magnetic Maps for Indoor Navigation , 2011, IEEE Transactions on Instrumentation and Measurement.

[20]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[21]  Mitsuaki Akiyama,et al.  RouteDetector: Sensor-based Positioning System That Exploits Spatio-Temporal Regularity of Human Mobility , 2015, WOOT.

[22]  Feng Hao,et al.  TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript , 2016, J. Inf. Secur. Appl..

[23]  Niraj K. Jha,et al.  PinMe: Tracking a Smartphone User around the World , 2018, IEEE Transactions on Multi-Scale Computing Systems.

[24]  Piotr Skrzypczynski,et al.  Performance Comparison of EKF-Based Algorithms for Orientation Estimation on Android Platform , 2015, IEEE Sensors Journal.

[25]  Xiaohui Liang,et al.  When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals , 2016, CCS.

[26]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[27]  Eamonn J. Keogh,et al.  An online algorithm for segmenting time series , 2001, Proceedings 2001 IEEE International Conference on Data Mining.

[28]  Gabi Nakibly,et al.  Gyrophone: Recognizing Speech from Gyroscope Signals , 2014, USENIX Security Symposium.

[29]  Yongdae Kim,et al.  Location Leaks on the GSM Air Interface , 2011 .

[30]  Aleksandr Ometov,et al.  Mobile Social Networking Under Side-Channel Attacks: Practical Security Challenges , 2017, IEEE Access.

[31]  Mianxiong Dong,et al.  Location Privacy in Usage-Based Automotive Insurance: Attacks and Countermeasures , 2019, IEEE Transactions on Information Forensics and Security.

[32]  Feng Hao,et al.  TouchSignatures: Identification of User Touch Actions based on Mobile Sensors via JavaScript , 2015, AsiaCCS.

[33]  Keuchul Cho,et al.  Analysis of Latency Performance of Bluetooth Low Energy (BLE) Networks , 2014, Sensors.

[34]  Nicholas Hopper,et al.  Location leaks over the GSM air interface , 2012, NDSS.

[35]  Khrystyna V. Kmetyk,et al.  DATA PROTECTION IN THE EU , 2019 .

[36]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[37]  David Akopian,et al.  Modern WLAN Fingerprinting Indoor Positioning Methods and Deployment Challenges , 2016, IEEE Communications Surveys & Tutorials.

[38]  Sasu Tarkoma,et al.  Accelerometer-based transportation mode detection on smartphones , 2013, SenSys '13.

[39]  Shridatt Sugrim,et al.  Elastic pathing: your speed is enough to track you , 2013, UbiComp.

[40]  Konrad Rieck,et al.  Privacy Threats through Ultrasonic Side Channels on Mobile Devices , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[41]  Youngnam Han,et al.  SmartPDR: Smartphone-Based Pedestrian Dead Reckoning for Indoor Localization , 2015, IEEE Sensors Journal.