Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ......
Transcript of Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ......
![Page 1: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/1.jpg)
Privacy in Public, and Security without Barriers
Prasant MohapatraUniversity of California, Davis
![Page 2: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/2.jpg)
Privacy in Public• Privacy: Identity and all related information• Public: Physical space and cyber space• Privacy in public space, privacy in social networks,
privacy in cyberspace – sounds like an oxymoron!• Consequence: Identity theft, surveillance, information
overload, targeted advertisements• Although highly desirable to have privacy in public, the
first step should be the awareness and quantification of privacy leak
• Privacy in public: Can we maintain some level of privacy while in public?
2
![Page 3: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/3.jpg)
Security without Barriers• Although desirable, security impacts performance and
usage convenience• Imposes several barriers – quality of experience,
performance, utility• Exploiting the performance barriers as signatures for
facilitating security - forensics• Simplifying authentication while maintaining robustness• Hard to enforce security without barriers – can we
minimize or obfuscate those?
3
![Page 4: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/4.jpg)
Organization
• Privacy in Publico Privacy leakageo Privacy Preserving Tracking
• Security without Barrierso Secret Message Sharing in Social Networkso Live Video Forensicso Sensor Assisted Authentication
• Concluding Remarks
4
![Page 5: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/5.jpg)
Characterizing Privacy Leakage
Motivation:
o What is leaked in public?o Quantifying privacy leakageo Enhance user awareness of privacy protectiono Improve website/app privacy designo Improve network protocol design
5
![Page 6: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/6.jpg)
Privacy leakage sources
• Client devices• Website-browsing content• Profiled ads from third party advertiser• A combination of these sources reveals a
significant amount of private information
6
![Page 7: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/7.jpg)
Our Methodology• Look at DNS packets, Probe Request Frames from user
deviceso For user name information o Location informationo Other information
• Concatenating the “host”, “directory” and “filename” in the HTTP header fields.o For website urlso For website contento For ad content
• Count the pieces of privacy information (privacy units) leaked in different privacy categories
7
![Page 8: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/8.jpg)
Privacy Leak from User Device• Device nickname
o Many users set device nicknames as their own names o Example: device nick name in a Multicast DNS packet
Domain Name System (query)Flags: 0x0000 (Standard query)QueriesGINGERs-iPhone.local: type ANY, class IN, "QU"
• Broadcasting SSID listo SSID list reveals the user’s previous accessed networkso Example: SSID in a Probe Request Frame
IEEE 802.11 wireless LAN management frameTag: SSID parameter set: UC Davis
8
![Page 9: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/9.jpg)
Privacy Leak from Web Accesses• Privacy info source
o URL linko Content in the website
• Possible inferenceo Home countryo Hobbyo Locationo Interest merchandizeo Age rangeo Gendero Other
9
![Page 10: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/10.jpg)
An example:
GET/plugins/activity.php?site=www.cnn.com&action&width=210&height=190&header=false&colorscheme=light&linktarget=_blank&border_color=white&font&recommendations=true HTTP/1.1\r\nReferer: http://www.cnn.com/\r\nAccept-Language: en-US\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; AskTbORJ/5.14.1.20007; MALC)\r\nHost: www.facebook.com\r\n
HTT
P re
ques
t
10
![Page 11: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/11.jpg)
Leaked Information
• The content:
o Ballot Measure Race - 2012 Election Center - Elections & Politics from
o people recommended this.
o Maryland, Maine, Washington approve same-sex marriage; 2 states legalize pot
o 2,770 people recommended this.
o Jay-Z: '99 problems but Mitt ain't one' - CNN.com Videoo 1,717 people recommended this.
• This website content infers user’s location and political interest.
11
![Page 12: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/12.jpg)
Privacy leak from Profiled Advertising
o Most of the ads pushed to the user are based on profiling from third party advertisers
o Possible inferences of ads:o Interest in merchandizeo Hobbyo Age rangeo Gendero Locationo other
12
![Page 13: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/13.jpg)
An example:
GET /pagead/ads?client=ca-pub-7712942546971716&output=html&h=200&slotname=1003552717&w=200&flash=11.1.111&url=h ttp%3A%2F%2Fwww.uzivoradio.com%2Fs-beograd.html&dt=1336765628611&shv=r20120502&js v=r20110914&saldr=1&prev_slotnames=0178323763&correlator=1336765558769&frm=20&adk =174632003&ga_vid=1235498640.1336765628&ga_sid=1336765628&ga_hid=1546525153&ga_fc =0&u_tz=-240&u_his=4&u_java=0&u_h=1347&u_w=1004&u_ah=1347&u_aw=1004&u_cd=32&u_npl ug=1&u_nmime=2&dff=sans-serif&dfs=16&adx=0&ady=286&biw=1004&bih=1347&oid=3&ref=http%3A%2F%2Fwww.uzivoradio.com%2Findex.php%3Fstrana%3Dprivacy&fu=0&ifi=2&dtd=M&xpc =bvF8Tksvg2&p=http%3A//www.uzivoradio.com HTTP/1.1 Host: googleads.g.doubleclick.net Accept-Encoding: gzip Referer
HTT
P re
ques
t
13
![Page 14: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/14.jpg)
Privacy LeakContent:
Hr Service Custom Solution/Free Consultations Experienced Consultants-Call Today.www.InfinitiHR.comBelmont TV - Since 1943 3D, LED, LCD, & Plasma TV Sale. Free Delivery & Setup. 3 Locations.www.BelmontTV.com
Loc: Olney, MARYLAND
Loc: ARLINGTON,VIRGINIA
LAUREL, MARYLAND
WHEATON, MARYLAND
ADAD
14
![Page 15: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/15.jpg)
Evaluation
• Real data from 40 airports in multiple countries
• We evaluate the privacy leakage of travelers by pieces of information (privacy unit) concerning their identity, location, social relationship, financial condition and other personal information
15
![Page 16: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/16.jpg)
Results: Privacy Leakage• Photo: website (facebook)• Hobby: website• Name: device name, social website (facebook,
amazon, etc), other website content, apps• Home country: email, website• Shopping interest: website• Location: website content, facebook, ads, apps• Gender: facebook• Travel itinerary: website
16
![Page 17: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/17.jpg)
Websites Accessed in Different Datasets
17
![Page 18: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/18.jpg)
Leaked Information
18
![Page 19: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/19.jpg)
Leaked Information in Different Datasets (1)
19
![Page 20: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/20.jpg)
Leaked Information in Different Datasets (2)
20
![Page 21: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/21.jpg)
Third Party Ads in Different Datasets
21
![Page 22: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/22.jpg)
Privacy Leakage Inferences• Privacy leakages are high in public Wi-Fi
hotspots• Sensitive information is exposed from user
devices, website browsing, profiled ads in DNS, HTTP and other network protocols
• We characterize the leakage of travelers privacy based on real world airport datasets
• Our work triggers the alarm to safeguard the privacy leakages in public area
22
![Page 23: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/23.jpg)
Organization
• Privacy in Publico Privacy leakageo Privacy Preserving Tracking
• Security without Barrierso Secret Message Sharing in Social Networkso Live Video Forensicso Sensor Assisted Authentication
• Concluding Remarks
23
![Page 24: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/24.jpg)
ALPS: Privacy-Preserving Location Tracking
![Page 25: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/25.jpg)
Continuous Location-based Services
• Periodically and automatically records user’s whereabouts: Location trace
• With more coherent spatio-temporal data: o Better analyze user behavioro Better predict user requirement
• Applicationso Macro-scale: traffic monitoring,
urban planningo Micro-scale: trajectory sharing,
digital personal trainer
Top-right: Nike+; Button-right: Google Latitude
25
![Page 26: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/26.jpg)
Greater Risk to User Privacy
26
![Page 27: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/27.jpg)
Location Privacy Preservation Mechanisms (LPPM)
• Aim at protecting location privacyo Location is treated and protected independently
• Degrade the quality of location sampleso Accuracy: perturbation, dummy locationso Precision: spatial cloaking, temporal obfuscation
27
![Page 28: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/28.jpg)
Trace Privacy Preservation Challenges
• Challenge from correlation in location trace
• Challenge from the advancing capability of adversary
• Challenge from diverse privacy preferences of user
28
![Page 29: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/29.jpg)
Correlation in Location Trace• Location samples are correlated Spatially as
well as Temporally• Correlation can be exploited to partially remove
privacy protection• Example: spatial cloaking
29
![Page 30: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/30.jpg)
Adversary with Contextual Information
• Correlation in trace is determined and can be inferred from contexto Geographic context: road network, dead zoneo Mobility context: speed limit, mode of transport
• Map matching techniques
30
![Page 31: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/31.jpg)
Privacy Diversity: Personalized Privacy
• Different parts of a trace may possess very diverse privacy and QoS requirements
• LPPM should not only capture this personalized preference, but also protect it.
31
![Page 32: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/32.jpg)
Objective• Can we design a LPPM that can:
oResist correlation exploiting attack from contextual-aware adversaries
o Support personalized privacyo Take a mobile-centric and distributed
approachoMinimize the energy and communication
overhead
32
![Page 33: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/33.jpg)
Location-based Service Model
GPS
Cellular Mobile User
LBS Provider
Wi-Fi Positioning Eavesdropper
Adversary
LPPM
33
![Page 34: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/34.jpg)
Adversary Model• Goals
o To reconstruct actual trace from obfuscated traceo To extract user’s personalized privacy preference
• Knowledgeo Localization technologies available o Obfuscation algorithmo Mobility patterno Geographic/topology information
• Map-matching attack
34
![Page 35: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/35.jpg)
Our solution: Adaptive Context-aware Perturbation Framework
Localization Technologies
GPS WPS CID ...
Synthesizer
Perturbed Trace
Separation Tier
Choice
Loca
tion
Sam
ple
Conformation Tier
Reconstructor
NR Adversary DL Adversary
HMMAdversary
Evaluator
Distortion Metric
Reconstructed Trace
Actual Trace
Feedback
LBS UpdateTimer
Distortion Score
...
Privacy Profile
35
![Page 36: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/36.jpg)
Two-Tier Perturbation• Separation Tier:
o Inject noise by choosing from various localization means
o Proportional parameter: A probabilistic control knob for adjusting privacy level
• Conformation Tier: o Reintroduce artificial correlation to perturbed trace
according to context constraints
36
![Page 37: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/37.jpg)
Online Evaluation and Feedback• Modular adversary emulator
o Nearest-Road (NR) Adversaryo Distance-Limit (DL) Adversaryo Hidden-Markov-Model (HMM) Adversary
• Resulted distortion score from emulated reconstruction: o Reflects user’s privacy level at the presence of
adversaryo Provides feed back to setting appreciate proportional
parameter
37
![Page 38: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/38.jpg)
Experiment• Implement the scheme on Android platform with three
available localization technologies• Three map-matching adversary emulator for
reconstructor module• Collect real-life driving traces from two places• Distortion-based metric
38
![Page 39: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/39.jpg)
Performance against Reconstruction
39
![Page 40: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/40.jpg)
Performance in Personalized Privacy
Davis Trace Mountain View Trace
40
![Page 41: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/41.jpg)
Visual Comparison
41
![Page 42: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/42.jpg)
Summarizing Privacy Preserving Tracking
• Protecting privacy of location trace poses several new challengeso Contextual-aware map matching adversary exploiting correlation
in traceo User requirement about personalized privacy for trace
• We propose and design a scheme that meets these challengeso Neutralize the advance capability of map-matching adversaryo Achieve trade-off between privacy and QoS that satisfies
personal privacy requirement
42
![Page 43: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/43.jpg)
Organization
• Privacy in Publico Privacy leakageo Privacy Preserving Tracking
• Security without Barrierso Secret Message Sharing in Social Networkso Live Video Forensicso Sensor Assisted Authentication
• Concluding Remarks
43
![Page 44: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/44.jpg)
Background and Motivation Photo-sharing on online social networks (OSNs) has exploded. Steganography can be used to hide secret messages in images
uploaded – but not easy! Chipping away at censorship firewalls
Photo sharing sites often process uploaded images (e.g., resizing) Official specifications not available Interfere with the use of steganography
Need to exchange secret keys to encrypt hidden messages Steganography does not offer perfect secrecy The availability of out-of-band channel may be difficult
44
![Page 45: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/45.jpg)
Goal and Contributions
How can we provide an effective covert channel using images uploaded on online photo sharing sites ? With the goal of answering this question, we make
the following contributions: Understand how hidden data in images is affected due
to processing on online sites Propose a new simple way of embedding information in
photos to preserve the integrity of secret messages Propose an in-band approach for bootstrapping secret
conversations using uploaded images
45
![Page 46: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/46.jpg)
Feasibility of secret embedding in OSNs
In-depth measurement study of photos uploaded on popular sharing sites Google+, Facebook,Twitter, and Flickr Upload and then download of images, examine if the
message is preserved Steganography tools GhostHost
Embedding after the JPEG End-of-Image marker
StegHide Embedding done at the least significant bit (LSB) of pixel values
Outguess & F5 Embedding at LSBs of DCT coefficients JPEG images are represented with a set of coefficients after Discrete Cosine
Transform (DCT)
YASS Embedding at DCT coefficients but in conjunction with error correcting codes 46
![Page 47: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/47.jpg)
Evaluation of steganography tools onphoto sharing sites
Google+: the most generous and accommodates all the steganography tools. Twitter: the next best;
Facebook and Flickr: the least compatible with steganography YASS: image and redundancy dependent
Tool Facebook Twitter Flickr Google+GhostHost X X X √
StegHide X √ X √
OutGuess X √ X √
F5 X √ X √
YASS √* √ √* √
X = Failure; √ = Success; √* = Conditional Success
47
![Page 48: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/48.jpg)
Impact of processing on hidden messages
Google+ Image integrity is preserved Image size limit for no resizing: 2048 pixels by 2048 pixels
Twitter Metadata fields are cleaned up
Comment field, End-of-image marker
Image size limit: 1024 pixels by 768 pixels Facebook & Flickr Metadata removed Changes in pixel values Changes in DCT coefficients
48
![Page 49: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/49.jpg)
Changes in pixel values and DCT coefficients
Distribution of the differences in the pixel values in two colordimensions between original images and after they are uploaded on Facebook
Variations in DCT coefficients with Facebook and Flickr 49
![Page 50: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/50.jpg)
Surviving Facebook and Flickr
Common embedding approach Embedding in the LSBs of DCT coefficients or pixel values Subject to processing changes Error correction code (ECC) overhead is high Reduce secret capacity
Question: Are there locations within an image that remain relatively unaffected? Maximum change in the pixel values is about 30 Maximum change in the DCT coefficients is 1 Embedding at higher significant bits of a DCT coefficient?
50
![Page 51: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/51.jpg)
Embedding in the second least significantbit (2-LSB) in the DCT coefficients
We modify the open source stego tool F5 F5 embeds the secret message bits in the LSBs of non-zero
DCT coefficients. We embed in the second LSB (2-LSB) of these coefficients
Image capacity In typical images (length and width of 1000 pixels):10,000
non-zero coefficients Using 10% of the capacity can hide 125 byte secret
Visual comparison of original image (left), stego-ed with LSB (middle) and with 2-LSB (right) (10% image capacity used).
51
![Page 52: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/52.jpg)
Enabling Private Communication
Threat model Censor can inspect all publicly available content on the OSN,
and can access privately shared content Censor does not manipulate uploaded content Censor has unlimited access to any steganalysis tool OSN users are who they claim to be
Covert channel to circumvent the censor Use cryptography in conjunction with our proposed 2-
LSB steganographic scheme
52
![Page 53: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/53.jpg)
In-band key exchange with images A user embeds her public key in her profile photo using
steganography Scenario: A and B are friends in Facebook, B wishes to initiate
the secret communication Bootstrapping steps (three-way handshaking): B fetches A’s profile photo and extracts A’s public key KA
pu
B encrypts a request with KApu and embeds in an uploaded
image A decrypts the request signal from B’s image with his private
key KApr and knows B’s intention to communicate
A then obtains B’s public key KBpu from B’s profile.
A sends an acknowledgement (ack) signal and a symmetric key KS to B; the content is encrypted with KB
pu
B sends another ack encrypted with KS
After the bootstrapping, all the secret messages exchanged between A and B is encrypted using KS 53
![Page 54: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/54.jpg)
Organization
• Privacy in Publico Privacy leakageo Privacy Preserving Tracking
• Security without Barrierso Secret Message Sharing in Social Networkso Live Video Forensicso Sensor Assisted Authentication
• Concluding Remarks
54
![Page 55: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/55.jpg)
Background• Video forensics
o Source identificationo Forgery detectiono Hidden information detection
• Source identificationo Video used as evidence in a court of lawo Track down piracy crimeso Regulate individual video sources
55
![Page 56: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/56.jpg)
Existing Work & Motivation• Existing method
o Watermarko Defective pixelso Sensor pattern noise
• Wireless cameras become very popularo Easy to deploy, especially for large buildings, big
companies, non-professional userso Security camera, surveillance camera
Performance degrades greatly for wireless videos
56
![Page 57: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/57.jpg)
Extract Sensor Pattern Noise
• What is sensor pattern noiseo Non-uniformity of each pixel’s sensitivity to lighto Signature of camera sensor
• Extraction stepso Extract all the noise from a frame
• Assume a frame is a mixture of a locally stationary i.i.d. signal with zero mean and a stationary white Gaussian noise
• Wiener filter o Averaging
57
![Page 58: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/58.jpg)
Extract Sensor Pattern Noise
Add the noises from many frames together:
58
![Page 59: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/59.jpg)
The Problem• Blurring and blocking
• Why blocking affects traditional technique?o No details in blocks, weaken the averaging resulto Introducing “grid artifacts”
59
![Page 60: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/60.jpg)
Blocking Detection• Existing blocking detection method
o Based on boundary detection and Fourier transformo Time consuming
• Our methodo Step 1: wavelet transform (already done in noise extraction)o Step 2: add results row by row (or column by column)
60
![Page 61: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/61.jpg)
Improved Pattern Noise Extraction
• Exclude the blocking areas• Add up clean frames and clean areas of
blocking frames to calculate sensor pattern noise
• Compare the pattern noise of a video (Nv) with the pattern noise of a camera (Nc)
( )( )( , ) v cv cv c
v cv c
corr − −=
− −
N N N NN NN N N N
61
![Page 62: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/62.jpg)
Wireless Camera Spoofing Attack
• An attacker compromises a legitimate wireless video camera, and sends fake video to the sink using the victim’s identity
• Expedite our methodo Parallelization
• Wavelet transform, local average estimation, etc.o Selective frame processing
• Give priority in extracting pattern noise from I-frames. o Combination of wireless fingerprints
• Packet loss ratio, jitter, average signal strength, signal strength variance, and ratio of blocking frames
62
![Page 63: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/63.jpg)
Experiment Settings• Device
o 7 wireless cameras• 4 × Linksys WVC80N• 1 × Dlink 942L• 1 × Axis M1011w• 1 × Lenovo X301 laptop webcam
o Cisco WRT160N v2 wireless router
• MPEG 4 and 802.11n
63
![Page 64: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/64.jpg)
Performance of Block Detection
![Page 65: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/65.jpg)
corr of Sensor Pattern Noise
![Page 66: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/66.jpg)
Source Identification Accuracy
![Page 67: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/67.jpg)
Summarizing this part …• We developed a fast yet reliable video
blocking detection method• We developed a source identification
method which works well for wirelessly streamed videos
• We largely improved the source identification speedo Fast enough for wireless camera spoofing attack detection
67
![Page 68: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/68.jpg)
Organization
• Privacy in Publico Privacy leakageo Privacy Preserving Tracking
• Security without Barrierso Secret Message Sharing in Social Networkso Live Video Forensicso Sensor Assisted Authentication
• Concluding Remarks
68
![Page 69: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/69.jpg)
Authentication in Smartphones• Authentication in smartphones
o device unlocko app logino forum/website login
• Authentication typeso Credential-based (User name / password)
• What the user knows• Identity theft• Memory burden
69
![Page 70: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/70.jpg)
Biometric Authentication Voice
• Inconvenient, vulnerable• Requires speaking, Background noise
Fingerprint• Convenient, vulnerable• Expensive hardware required• Limited market
Face (and Iris)• Convenient, vulnerable• Inexpensive – Use mobile camera
Compelling. Let’s explore further
70
![Page 71: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/71.jpg)
Facial Authentication• Face verification / face identification • Face recognition accuracy has been largely
improvedo Accuracy is very close to 100% o Even used for commercial payment systems
• Most smartphones have front-facing cameras; usually higher than 1M pixelso Convenient for face capturingo Quality is good enough for face recognition
71
![Page 72: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/72.jpg)
Facial Recognition• Initially designed to “recognize” not
“authorize” • Surveillance cameras vs. Mobile Device
cameras• Facial biometric software on mobile device
cameras can be spoofed
Type Method
2D photo attack Pictures of a picture, social engineering
2D video attack Video playback, Spoof “Blink” detection
Virtual CameraSoftware
-Advanced Editing Capabilities-Playback can spoof webcam
What if obstacles are removed?
72
![Page 73: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/73.jpg)
Current Status• Android: face unlock alternative since 4.0
o But not many users are using it
• App and website logino User name / password dominates other methods
• Why facial authentication is not widely used in smartphones?o Privacy concernso Security issues
• 2D media attacks• Virtual camera attacks
o usability
73
![Page 74: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/74.jpg)
2D Media Attack• Photo attack (print attack)
o Use user’s photo to cheat the authentication system
• Video attacko Starting from Android 4.1, eye-blink is requiredo use video to compromise the system
74
![Page 75: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/75.jpg)
2D Media Attack (cont.)• 3D facial recognition can defend against this
attacko 3D template matchingo e.g. Toshiba Face Recognition Utility
• Difficult to use • Turning heads towards different directions -> user’s burden
o A trial takes more than 20 seconds -> much longer than entering password
o Even a genuine user may need multiple trials to pass
75
![Page 76: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/76.jpg)
Virtual Camera Attack• Virtual camera software
o Add dynamic effects to webcams, make the video look more beautiful and live chat more interesting
o Now become very powerful: stream a pre-recorded video, make OS believe it is captured by a physical cam in real time
o Most of them are for desktop/tablet, but easy to migrate to smartphones
• Use virtual camera software to hack the facial authentication system
76
![Page 77: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/77.jpg)
Our Method• Achieve high security and usability simultaneously
o Safe for 2D media attackso Safe for virtual camera attackso Much faster than 3D face authentication method (speed is comparable
to credential-based method):~2 sec
• How?o Only need to move the phone in front of face for a short distanceo Utilizing motion sensors in smartphoneso No need to move head and sync with directions
donemovehold 77
![Page 78: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/78.jpg)
Counter 2D Media Attack• Idea
o Nose orientation changes when moving phone horizontally if a real 3D face
78
![Page 79: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/79.jpg)
Nose Angle Detection• Detect nose outline
o Video frame preprocessingo Nose detection (can employ existing method)o Nose outline fitting
• Compare nose outline from two sideso Motion sensors: judge the relative position between face and
smartphone, picking correct frame intelligentlyo Light sensor: auto boost screen brightness if dark, to enhance
luminance (improve nose outline detection) 79
![Page 80: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/80.jpg)
Counter Virtual Camera Attack
• Idea !o If real-time video captured by physical cam, small shakes in
video should be consistent with smartphone’s motion sensor readings
o Pre-recorded videos can be detectedo Assume motion sensor readings are not compromised
80
![Page 81: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/81.jpg)
Motion Vector Correlation• Small motions extracted from the video
• Compare with small shakes extracted from motion sensors
81
![Page 82: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/82.jpg)
Evaluations• Samsung Galaxy Nexus with 1.3M pixel front-facing
camera• Android 4.2.2• Video is 480*720@24fps, chopped to 480*640• Use Haar Cascades in OpenCV to detect face and
nose• Face recognition algorithms are orthogonal to our
method, but for completeness, we do include a PCA (principal component analysis) based facial identification module (also implemented using OpenCV)
82
![Page 83: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/83.jpg)
Accuracy of 2D Media Attack Detection
• 9 volunteers, 180 genuine trials• Take 2 photos and 1 video for each: 180 photo
attacks and 90 video attacks
Accuracy using different edge detectors. Choose prewitt hereinafter
Accuracy under different settings
83
![Page 84: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/84.jpg)
Accuracy of 2D Media Attack Detection (cont.)
Accuracy compared with other state-of-art approaches Accuracy under different illuminance
84
![Page 85: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/85.jpg)
Accuracy of Virtual Camera Attack Detection
Gap between genuine trials and attacks (y axis is correlation between small motions extracted from video and motion sensor readings)
Accuracy of virtual camera attack detection
85
![Page 86: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/86.jpg)
Authentication Time
86
![Page 87: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/87.jpg)
Advantages• Dynamic-to-Static credential matching
o Cannot be intercepted, generated or reverse engineeredo Defends against sending OTP to same device o Defends against device cloning
• Ubiquitous o Any mobile device with a camerao Authenticate to Desktop and Mobile
• Simple (as a selfie)o no additional keystrokes
• Quicko Authenticate within 2 seconds
Device Algorithm
Face
Accelerometer
Video
87
![Page 88: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/88.jpg)
Use Cases• Network and/or App Authentication
o BYOD - Corporations, Healthcare, Utilities, MNOs
• Device Access o Controlled/Issued devices – Government
• Financial Institutionso “High-risk” transactions, dual approval
88
![Page 89: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/89.jpg)
Desktop Access to Enterprise
1
2
34
1. End User enters credentials, What You Know (or just enters Username…i.e. dummy terminal)2. SMS/Push Notification is sent to mobile confirming What You Have and maybe Where You Are3. In response, End User take picture proving Who You Are
a. Picture is confirmed on 4Auth server4. Successful Authentication
4Auth3a
89
![Page 90: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/90.jpg)
For more information …
• Privacy in Publico Privacy leakage (INFOCOM 2013)o Privacy Preserving Tracking (SECON 2013)
• Security without Barrierso Secret Message Sharing in Social Networks (CNS 2014)o Live Video Forensics (INFOCOM 2014)o Sensor Assisted Authentication (MOBISYS 2014)
• Concluding Remarks
90
![Page 91: Privacy in Public, and Security without Barriers · PDF fileQueries. GINGERs-iPhone.local: ... • We characterize the leakage of travelers privacy based on real world airport datasets](https://reader030.fdocuments.us/reader030/viewer/2022013014/5aaf36a57f8b9a190d8d0d59/html5/thumbnails/91.jpg)
Thank you!
91