power to peep all inference attacks by malicious
play

Power to peep-all: Inference Attacks by Malicious Batteries on - PowerPoint PPT Presentation

Nov 25, 2022 •337 likes •739 views

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices Pavel Lifshits, Roni Forte , Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein Speaker: Pavel Lifshits SMART BATTERY

  1. Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices Pavel Lifshits, Roni Forte , Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein Speaker: Pavel Lifshits

  5. SMART BATTERY  Programmability  Sensors: current, voltage, temperature Why?  Safety overheating, over/under voltage  Extend battery life  Performance

  6. SMART BATTERY - PROGRAMMABILITY Software defined battery Smart battery System (SOSP ‘15) See spec. By Microsoft & Tesla http://sbs-forum.org/specs/

  7. INSIDE SMARTPHONE BATTERY Btemp NFC antenna BSI (battery size/status/system indicator)

  8. INSIDE SMARTPHONE BATTERY Your phone batteries are getting smarter!

  9. Do the smart batteries create a new privacy threat?

  10. Do the smart batteries create a new privacy threat?

  11. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History

  12. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications

  13. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing

  14. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing  Photo shot

  15. IF THE ATTACKER GETS ON YOUR BATTERY  Browsing History  Applications  Typing  Photo shot  Communication profile – Phone calls

  16. AGENDA  General scheme for malicious battery attacks  Examples: Keystroke inference Combination of multiple attacks  Data exfiltration mechanism via browser

  17. METHODOLOGY

  18. METHODOLOGY

  19. METHODOLOGY

  20. METHODOLOGY

  21. APP SPECIFIC PIPELINE Activity Novelty Classifier Detector Detector Device Known Classify Active? Event? Ignore Ignore Label App-specific Classifier

  22. BROWSING HISTORY ATTACK PIPELINE Activity Novelty Webpage Detector Detector Classifier Device Known Classify Active? Webpage? Webpage Ignore Ignore Webpage App-specific Classifier

  23. BROWSING HISTORY ATTACK PIPELINE Activity Novelty Webpage Detector Detector Classifier Device Known Classify Active? Webpage? Webpage Ignore Ignore Webpage App-specific Classifier

  24. CONSTRAINT - FIT INSIDE THE BATTERY Power requirements - <70 mA phone at rest - Computational complexity - Signal sample rate Storage

  25. CONSTRAINT - FIT INSIDE THE BATTERY Power requirements - <70 mA phone at rest - Computational complexity - Signal sample rate Storage

  26. KEYSTROKE INFERENCE

  27. KEYSTROKE INFERENCE 000000000000000000000001110110000001110001110011110111000111000000000000000000000000000000000000000000000000000000000000

  28. KEYSTROKE INFERENCE ' C ' Convolutional Neural Network

  29. KEYSTROKE INFERENCE ' C ' Convolutional Neural Network

  30. KEYSTROKE INFERENCE - RESULTS

  31. COMBINATION OF ATTACKS Top 1 – 18% Top 2 – 30% Top 3 – 40% Top 5 – 50%

  32. EXFILTRATION Wifi / Bluetooth Manipulate voltage App Battery Status API

  33. EXFILTRATION Victim

  34. EXFILTRATION Malicious Battery Attacker Victim

  35. SEE PAPER FOR -  Attacks – (Sections 6 & 7)  Web fingerprinting (open-world, Alexa top 100%)  Keystroke  Camera  Incoming calls  Robustness analysis - (Section 8)  Network conditions  Sample rate  Browsers  Phones  Users  Why Power channel leaks data? (Section 10)  Defenses & Mitigation (Section 11)

  36. THEORETICAL?!

  37. THEORETICAL?!

  38. THEORETICAL?!

  39. QUESTIONS ? Pavel Lifshits, pavell@ef.technion.ac.il Mark Silberstein, mark@ee.technion.ac.il

Recommend

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash Sudhodanan Soheil Khodayari Juan Caballero 24/02/2020, NDSS 2020 COSI Attack A malicious web site infers the state of a user (the victim) at another web

767 views • 54 slides
MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise and purify our thoughts like a strain picture, or a passage from the grander poets. It always does one good. 5 MODERN 6 MODERN 7 MODERN 8

524 views • 24 slides
Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim, Simon Rehwald, Antoine Scemama, Florian Andres, Alexander Pretschner Technische Universitt Mnchen Department of Informatics Chair of Software

512 views • 24 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
PEEP recruitment maneuver Step 1 (lung) PEEP Recruits (opens) collapsed alveoli FiO

PEEP recruitment maneuver Step 1 (lung) PEEP Recruits (opens) collapsed alveoli FiO

2/1/2013 Case 1: 40 yo Male restrained driver high speed MVA P 140, RR 40 labored, BP 100/70, O 2 sat 70 Chestwheeze, crackles Robert M. Rodriguez, MD FAAEM Tender sternum and ribs without crepitus Clinical Professor of Medicine

486 views • 6 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr

Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr

Inference attacks on location data S ebastien Gambs Universit e du Qu ebec ` a Montr eal (UQAM), Canada gambs.sebastien@uqam.ca 17 July 2017 S ebastien Gambs Inference attacks on location data 1 Location-based services (LBSs)

524 views • 30 slides
I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia , Xinshu Dong , Zhenkai Liang , Prateek Saxena ! School of Computing, National University of Singapore ! Advanced Digital

496 views • 28 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of Control Methods of Taking Control Common Points of Attack Multifront Attacks Chapter 12 Auditing to Recognize Attacks Malicious

535 views • 7 slides
Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media

Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media

Software and Web Security 2 Attacks on Clients: Dynamic Content &amp; XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client sends malicious input

835 views • 56 slides
Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The Humble Keylogger Malware Malicious Hardware In-Cable Devices Malicious Keyboards Supply Chain Attacks Malicious BIOS

591 views • 14 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&amp;P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are

Hackers are Equal Opportunity Businessmen: Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. Kaspersky 60% of enterprises said

449 views • 13 slides
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem , Apratim Bhattacharya, Michael Backes Mario Fritz,Yang Zhang CISPA Helmholtz Center for Information Security, Max Planck Institute for Informatics 1

568 views • 20 slides
Firewalls What is a firewall? A machine to protect a network from malicious external

Firewalls What is a firewall? A machine to protect a network from malicious external

Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic Lecture 9 Page 1

602 views • 29 slides
RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th

RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th

RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th April, 2017. IMPS 2017, Paris, France. Anindya Maiti , Kirsten Crager , Murtuza Jadliwala , Jibo He , Kevin Kwiat and Charles

361 views • 35 slides
Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28,

Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28,

Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28, 2019 The Outline Masquerading Time Series Rainier Anomaly DNS Modeling + Detection Traffic Spark The Outline Masquerading Time Series

615 views • 39 slides
What does it take to make a good CS conference? Reverse-Engineering Conference Rankings Peep

What does it take to make a good CS conference? Reverse-Engineering Conference Rankings Peep

What does it take to make a good CS conference? Reverse-Engineering Conference Rankings Peep Kngas , Svitlana Vakulenko, Marlon Dumas, Luciano Garcia- Banuelos, Cristhian Parra, Fabio Casati, Marju Valge, Svetlana Vorotnikova, and Karina

207 views • 20 slides
Server -side security risks (esp sp. . injection jection atta ttacks) s) websec 1 Attacks

Server -side security risks (esp sp. . injection jection atta ttacks) s) websec 1 Attacks

Web Securi rity ty Server -side security risks (esp sp. . injection jection atta ttacks) s) websec 1 Attacks on the web server malicious input web server er output This can be attacks on Availability: i.e. DoS attack, where attacker

1.86k views • 79 slides
Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy

Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy

Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy Vorobeychik, and Xenofon Koutsoukos Institute for Software Integrated Systems Department of Electrical Engineering and Computer Science Malicious E-Mails

315 views • 14 slides
introducing peeple who we are what we do programme aims The Peep Learning Together

introducing peeple who we are what we do programme aims The Peep Learning Together

introducing peeple who we are what we do programme aims The Peep Learning Together Programme is a family learning programme which aims to support parents to: improve the Home Learning Environment (HLE) by valuing and extending

417 views • 14 slides

More recommend