Smartphone Security

User Authentication in IOT System

In recent years, we have witnessed an increasing development of mobile devices such as smartphones and tablets. Smartphones are now frequently used by end-users as the portals to cloud-based services. Smartphones are also becoming an important means for accessing various online services, such as online social networks, email and cloud computing. Many applications and websites allow users to store their information, passwords, etc. Users also save various contact information, photos, schedules and other personal information in their smartphones. No one wants personal and sensitive information to be leaked to others without their permission. However, smartphones are easily stolen or co-opted by an attacker. The attacker can have access to the personal information stored in the smartphone. Furthermore, the attacker can steal the victim’s identity and launch impersonation attacks in networks, which would threaten the victim’s personal and sensitive information like his bank account, as well as the security of the networks, especially online social networks. Therefore, providing reliable access control of the information stored on smartphones, or accessible through smartphones, is very important. Beyond the initial log- in mechanism, it is highly desirable to re-authenticate end- users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. But attackers who have gained access to a logged-in smartphone have no incentive to re-authenticate, so this must be done in an automatic, non-bypassable way. Hence, in this project, we proposes a novel authentication system for implicit, continuous authentication of the end-user based on his or her behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We design a system that gives accurate authentication using machine learning and sensor data from multiple mobile devices. Our system can achieve accurate authentication accuracy with negligible system overhead and low battery consumption.

De-anonymization

It is important to study the risks of publishing privacy-sensitive data. Even if sensitive identities (e.g., name, social security number) were removed and advanced data perturbation techniques were applied, several de-anonymization attacks have been proposed to re-identify individuals. However, these attacks have some limitations (e.g., they require prior seed information and have limited accuracy) and there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. We first propose a novel structure-based de-anonymization attack, which does not require the attacker to have prior information (e.g., seeds). Our attack is based on two key insights: using multi-hop neighborhood information, and optimizing the process of de-anonymization by exploiting enhanced machine learning techniques. We further theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful deanonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumption about the graph model, thus providing a general theoretical guide for developing practical de-anonymization/anonymization techniques. We evaluate our approach on multiple large-scale real-world datasets including the Gowalla mobility trace and the Google Play rating records. Our experimental results demonstrate that our method is robust to data perturbations and significantly outperforms the state-of-the-art de-anonymization techniques by up to 10x improvement. The effectiveness of our approach is further verified by comparing the experimental results with the theoretically achievable de-anonymization capability.

Time-series Segmentation

Internet of thing (IoT) is become popular. More and more IoT devices are developed in daily life. Change-point detection, which is the problem of detecting abrupt changes in time-series of IoT data, is attracting a lot of attention in the artificial intelligence and data mining communities. In this project, we present a novel unsupervised change-point detection algorithm based on deep-learning technique. Through experiments on multiple different categories of real-world datasets including human-activity sensing, speech, and abnormal detection in computer system, we demonstrate the usefulness of our proposed method. Furthermore, we show that our approaches can achieve better performance than the state-of-the-arts.

Publication

Malware Resource: Malware database: http://malware.lu
Malware database: http://virusshare.com
Mobile malware database: http://contagioninidump.blogspot.com
Android malware genone project: http://www.malgenome.project.org
ZC706 Instruction
tutorial: http://www.wiki.xilinx.com/