Mobile Social Networking Under Side-Channel Attacks: Practical Security Challenges

Mobile social networks (MSNs) are the networks of individuals with similar interests connected to each other through their mobile devices. Recently, MSNs are proliferating fast supported by emerging wireless technologies that allow to achieve more efficient communication and better networking performance across the key parameters, such as lower delay, higher data rate, and better coverage. At the same time, most of the MSN users do not fully recognize the importance of security on their handheld mobile devices. Due to this fact, multiple attacks aimed at capturing personal information and sensitive user data become a growing concern, fueled by the avalanche of new MSN applications and services. Therefore, the goal of this work is to understand whether the contemporary user equipment is susceptible to compromising its sensitive information to the attackers. As an example, various information security algorithms implemented in modern smartphones are thus tested to attempt the extraction of the said private data based on the traces registered with inexpensive contemporary audio cards. Our obtained results indicate that the sampling frequency, which constitutes the strongest limitation of the off-the-shelf side-channel attack equipment, only delivers low-informative traces. However, the success chances to recover sensitive data stored within a mobile device may increase significantly when utilizing more efficient analytical techniques as well as employing more complex attack equipment. Finally, we elaborate on the possible utilization of neural networks to improve the corresponding encrypted data extraction process, while the latter part of this paper outlines solutions and practical recommendations to protect from malicious side-channel attacks and keep the personal user information protected.

[1]  Ming Li,et al.  Privacy-Preserving Distributed Profile Matching in Proximity-Based Mobile Social Networks , 2013, IEEE Transactions on Wireless Communications.

[2]  Mirco Musolesi,et al.  Sensing meets mobile social networks: the design, implementation and evaluation of the CenceMe application , 2008, SenSys '08.

[3]  Xiaolei Dong,et al.  Securing m-healthcare social networks: challenges, countermeasures and future directions , 2013, IEEE Wireless Communications.

[4]  Robert W. Brennan,et al.  An artificial neural network approach to the problem of wireless sensors network localization , 2013 .

[5]  Antonio Iera,et al.  When D2D communication improves group oriented services in beyond 4G networks , 2015, Wirel. Networks.

[6]  Sajal K. Das,et al.  A trust-based framework for data forwarding in opportunistic networks , 2013, Ad Hoc Networks.

[7]  M. Capella,et al.  The Gamification of Advertising: Analysis and Research Directions of In-Game Advertising, Advergames, and Advertising in Social Network Games , 2013 .

[8]  Song Guo,et al.  Neighbor Similarity Trust against Sybil Attack in P2P E-Commerce , 2015, IEEE Trans. Parallel Distributed Syst..

[9]  Adi Shamir,et al.  Physical key extraction attacks on PCs , 2016, Commun. ACM.

[10]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[11]  Sylvain Guilley,et al.  NICV: Normalized inter-class variance for detection of side-channel leakage , 2014, 2014 International Symposium on Electromagnetic Compatibility, Tokyo.

[12]  William K. Robertson,et al.  An empirical analysis of input validation mechanisms in web applications and languages , 2012, SAC '12.

[13]  A. Levina,et al.  Construction of linear and robust codes that is based on the scaling function coefficients of wavelet transforms , 2015 .

[14]  Yann LeCun,et al.  Stereo Matching by Training a Convolutional Neural Network to Compare Image Patches , 2015, J. Mach. Learn. Res..

[15]  Athanasios V. Vasilakos,et al.  Software-Defined and Virtualized Future Mobile and Wireless Networks: A Survey , 2014, Mobile Networks and Applications.

[16]  Yang Liu,et al.  Device-to-Device Users Clustering Based on Physical and Social Characteristics , 2015, Int. J. Distributed Sens. Networks.

[17]  Zhu Han,et al.  Self-Interest-Driven incentives for ad dissemination in autonomous mobile social networks , 2013, 2013 Proceedings IEEE INFOCOM.

[18]  Guanhua Yan,et al.  Privacy-Preserving Profile Matching for Proximity-Based Mobile Social Networking , 2013, IEEE Journal on Selected Areas in Communications.

[19]  Yang Li,et al.  Introduction to side-channel attacks and fault attacks , 2016, 2016 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC).

[20]  Guang-Bin Huang,et al.  Extreme Learning Machine for Multilayer Perceptron , 2016, IEEE Transactions on Neural Networks and Learning Systems.

[21]  Bruce W. Suter,et al.  The multilayer perceptron as an approximation to a Bayes optimal discriminant function , 1990, IEEE Trans. Neural Networks.

[22]  Jin-Hee Cho,et al.  Dynamic Trust Management for Delay Tolerant Networks and Its Application to Secure Routing , 2014, IEEE Transactions on Parallel and Distributed Systems.

[23]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[24]  Simha Sethumadhavan,et al.  Silencing Hardware Backdoors , 2011, 2011 IEEE Symposium on Security and Privacy.

[25]  Xiaolong Zhang,et al.  MobiSNA: a mobile video social network application , 2009, MobiDE.

[26]  Wei Cai,et al.  Next Generation Mobile Cloud Gaming , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[27]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2009 .

[28]  Dusit Niyato,et al.  Applications, Architectures, and Protocol Design Issues for Mobile Social Networks: A Survey , 2011, Proceedings of the IEEE.

[29]  Kwok-Wo Wong,et al.  A symmetric color image encryption algorithm using the intrinsic features of bit distributions , 2013, Commun. Nonlinear Sci. Numer. Simul..

[30]  Fan Zhang,et al.  Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing , 2014, IEEE Transactions on Wireless Communications.

[31]  Theodore Tryfonas,et al.  A pilot study on the security of pattern screen-lock methods and soft side channel attacks , 2013, WiSec '13.

[32]  Sheng Chen,et al.  Social-Aware Resource Allocation for Device-to-Device Communications Underlaying Cellular Networks , 2015, IEEE Wireless Communications Letters.

[33]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[34]  Zhu Han,et al.  Exploiting social-interest interactions on user clustering and content dissemination in device-to-device communications , 2015, 2015 IEEE/CIC International Conference on Communications in China (ICCC).

[35]  Juan Li,et al.  MobiTrust: Trust Management System in Mobile Social Computing , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[36]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[37]  Lionel Brunie,et al.  Trust management and reputation systems in mobile participatory sensing applications: A survey , 2015, Comput. Networks.

[38]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[39]  Xiaohui Liang,et al.  Exploiting multimedia services in mobile social networks from security and privacy perspectives , 2014, IEEE Communications Magazine.

[40]  Lukasz Romaszko,et al.  Signal Correlation Prediction Using Convolutional Neural Networks , 2015, Neural Connectomics.

[41]  Xu Chen,et al.  Social trust and social reciprocity based cooperative D2D communications , 2013, MobiHoc.

[42]  Xiaohui Liang,et al.  Enabling Trustworthy Service Evaluation in Service-oriented Mobile Social Networks , 2022 .

[43]  Stefano Battiston,et al.  A model of a trust-based recommendation system on a social network , 2006, Autonomous Agents and Multi-Agent Systems.

[44]  Sunil Kumar,et al.  Intrusion detection technique for black hole attack in mobile ad hoc networks , 2015, Int. J. Inf. Priv. Secur. Integr..

[45]  Joshua Fogel,et al.  Internet social network communities: Risk taking, trust, and privacy concerns , 2009, Comput. Hum. Behav..

[46]  Victor C. M. Leung,et al.  A Survey on Mobile Social Networks: Applications, Platforms, System Architectures, and Future Research Directions , 2015, IEEE Communications Surveys & Tutorials.

[47]  Shuming Zhou,et al.  Trustworthiness-hypercube-based reliable communication in mobile social networks , 2016, Inf. Sci..

[48]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[49]  Máire O'Neill,et al.  Pre-processing power traces to defeat random clocking countermeasures , 2015, 2015 IEEE International Symposium on Circuits and Systems (ISCAS).

[50]  Konstantin Hyppönen,et al.  Utilizing national public-key infrastructure in mobile payment systems , 2008, Electron. Commer. Res. Appl..

[51]  Yuval Yarom,et al.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels , 2016, IACR Cryptol. ePrint Arch..

[52]  Aziz Mohaisen,et al.  Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and Tradeoffs , 2013, IEEE Transactions on Dependable and Secure Computing.

[53]  Zhu Han,et al.  Caching based socially-aware D2D communications in wireless content delivery networks: a hypergraph framework , 2016, IEEE Wireless Communications.

[54]  Sergey D. Andreev,et al.  Communication challenges in high-density deployments of wearable wireless devices , 2015, IEEE Wireless Communications.

[55]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[56]  Zhou Su,et al.  Big data in mobile social networks: a QoE-oriented framework , 2016, IEEE Network.

[57]  Xiaohui Liang,et al.  Security and privacy in mobile social networks: challenges and solutions , 2014, IEEE Wireless Communications.

[58]  S. Yang,et al.  AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[59]  Qinghua Li,et al.  Routing in Socially Selfish Delay Tolerant Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[60]  Nabeel Al-Qirim,et al.  Privacy Issues in Mobile Social Networks , 2012, ANT/MobiWIS.

[61]  Xiaofei Wang,et al.  TOSS: Traffic offloading by social network service-based opportunistic sharing in mobile social networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[62]  Xuemin Shen,et al.  SACRM: Social Aware Crowdsourcing with Reputation Management in mobile sensing , 2014, Comput. Commun..

[63]  Markus G. Kuhn,et al.  Electromagnetic Eavesdropping Risks of Flat-Panel Displays , 2004, Privacy Enhancing Technologies.

[64]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[65]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[66]  Athanasios V. Vasilakos,et al.  BASA: building mobile Ad-Hoc social networks on top of android , 2014, IEEE Network.

[67]  Cheng Soon Ong,et al.  Multivariate spearman's ρ for aggregating ranks using copulas , 2016 .

[68]  Andrey Bogdanov,et al.  Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[69]  Robert M. Pap,et al.  Handbook of neural computing applications , 1990 .

[70]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[71]  Pavel Masek,et al.  IP home gateway as universal multi-purpose enabler for smart home services , 2014, Elektrotech. Informationstechnik.

[72]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[73]  Ying Wang,et al.  A novel design for content delivery over software defined mobile social networks , 2015, IEEE Network.

[74]  Kun Yang,et al.  Mobile Social Networks: Architectures, Social Properties, and Key Research Challenges , 2013, IEEE Communications Surveys & Tutorials.

[75]  Martin Feldhofer,et al.  Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes , 2008 .

[76]  Boleslaw K. Szymanski,et al.  Exploiting Friendship Relations for Efficient Routing in Mobile Social Networks , 2012, IEEE Transactions on Parallel and Distributed Systems.

[77]  Antonio Iera,et al.  Overlapping coalitions for D2D-supported data uploading in LTE-A systems , 2015, 2015 IEEE 26th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).