Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (4): 12-21.doi: 10.11959/j.issn.2096-109x.2018034
• Comprehensive Reviews • Previous Articles Next Articles
Futian SHI,Jian MAO,Jianwei LIU
Revised:
2018-03-20
Online:
2018-04-01
Published:
2018-05-30
Supported by:
CLC Number:
Futian SHI,Jian MAO,Jianwei LIU. Review of side-channel privacy inference of Android mobile devices[J]. Chinese Journal of Network and Information Security, 2018, 4(4): 12-21.
[1] | KOCHER P C , . Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]// Annual International Cryptology Conference. 1996: 104-113. |
[2] | KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// Annual International Cryptology Conference. 1999: 388-397. |
[3] | QUISQUATER J J , SAMYDE D . Electromagnetic analysis (ema):measures and counter-measures for smart cards[M]// Smart Card Programming and Security.Berlin:Springer. 2001: 200-210. |
[4] | MANGARD S , OSWALD E , POPP T . Power analysis attacks:revealing the secrets of smart cards[M]. Springer Science & Business Media, 2008. |
[5] | 国家计算机网络应急技术处理协调中心. 2017 年第四季度国内操作系统及浏览器占比情况分析[R]. 2018. |
CNCERT. Analysis of the occupation ratio of domestic operating system and browser in the fourth quarter of 2017[R]. 2018. | |
[6] | THURM S , KANE Y I . Your Apps are watching you[J]. The Wall Street Journal, 2010,17(1). |
[7] | 张玉清, 王凯, 杨欢 ,等. Android 安全综述[J]. 计算机研究与发展, 2014,51(7): 1385-1396. |
ZHANG Y Q , WANG K , YANG H ,et al. Survey of Android OS security[J]. Journal of Computer Research and Development, 2014,51(7): 1385-1396. | |
[8] | MAO J , CHEN Y , SHI F ,et al. Toward exposing timing-based probing attacks in Web applications[J]. Sensors, 2017,17(3): 464. |
[9] | JANA S , SHMATIKOV V . Memento:learning secrets from process footprints[C]// 2012 IEEE Symposium on Security and Privacy (SP). 2012: 143-157. |
[10] | CHEN Q A , QIAN Z , MAO Z M . Peeking into your App without actually seeing it:UI state inference and novel Android attacks[C]// USENIX Security Symposium. 2014: 1037-1052. |
[11] | YAN L , GUO Y , CHEN X ,et al. A study on power side channels on mobile devices[C]// The 7th Asia-Pacific Symposium on Internetware. 2015: 30-38. |
[12] | MICHALEVSKY Y , SCHULMAN A , VEERAPANDIAN G A ,et al. PowerSpy:location tracking using mobile device power analysis[C]// USENIX Security Symposium. 2015: 785-800. |
[13] | ZHOU X , DEMETRIOU S , HE D ,et al. Identity,location,disease and more:inferring your secrets from android public resources[C]// The 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013: 1017-1028. |
[14] | TAYLOR V F , SPOLAOR R , CONTI M ,et al. Robust smartphone app identification via encrypted network traffic analysis[J]. IEEE Transactions on Information Forensics and Security, 2018,13(1): 63-78. |
[15] | CHANDRA S , LIN Z , KUNDU A ,et al. Towards a systematic study of the covert channel attacks in smartphones[C]// International Conference on Security and Privacy in Communication Systems. 2014: 427-435. |
[16] | MARFORIO C , RITZDORF H , CAPKUN S . Analysis of the communication between colluding applications on modern smartphones[C]// Computer Security Applications Conference. 2012: 51-60. |
[17] | CAI L , CHEN H . TouchLogger:inferring keystrokes on touch screen from smartphone motion[C]// Usenix Conference on Hot Topics in Security. 2011: 9-9. |
[18] | OWUSU E , HAN J , DAS S ,et al. ACCessory:password inference using accelerometers on smartphones[C]// The Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 2012:9. |
[19] | 宋晨光, 刘建伟, 伍前红 ,等. 基于智能手表运动传感器的新型攻击及其防范[J]. 通信学报, 2015,36(Z1): 235-242. |
SONG C G , LIU J W , WU Q H ,et al. New attack based on smartwatch motion sensors and the protection method research[J]. Journal on Communications, 2015,36(Z1): 235-242. | |
[20] | PING D , SUN X , MAO B . Textlogger:inferring longer inputs on touch screen using motion sensors[C]// The 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. 2015:24. |
[21] | SPREITZER R , . Pin skimming:exploiting the ambient-light sensor in mobile devices[C]// The 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. 2014: 51-62. |
[22] | HEMMINKI S , NURMI P , TARKOMA S . Accelerometer-based transportation mode detection on smartphones[C]// The 11th ACM Conference on Embedded Networked Sensor Systems. 2013:13. |
[23] | HO B J , MARTIN P , SWAMINATHAN P ,et al. From pressure to path:barometer-based vehicle tracking[C]// The 2nd ACM International Conference on Embedded Systems for Energy-Efficient Built Environments. 2015: 65-74. |
[24] | NARAIN S , VOHUU T D , BLOCK K ,et al. Inferring user routes and locations using zero-permission mobile sensors[C]// Security and Privacy. 2016: 397-413. |
[25] | HAMERS L . Similarity measures in scientometric research:the Jaccard index versus Salton's cosine formula[J]. Information Processing and Management, 1989,25(3): 315-18. |
[26] | MüLLER M . Dynamic time warping[J]. Information Retrieval For Music and Motion, 2007: 69-84. |
[27] | LIAW A , WIENER M . Classification and regression by randomForest[J]. Rnews, 2002,2(3): 18-22. |
[28] | SUYKENS J A K , VANDEWALLE J . Least squares support vector machine classifiers[J]. Neural Processing Letters, 1999,9(3): 293-300. |
[29] | EDDY S R . Hidden markov models[J]. Current Opinion in Structural Biology, 1996,6(3): 361-365. |
[30] | DIAO W , LIU X , LI Z ,et al. No pardon for the interruption:new inference attacks on android through interrupt timing analysis[C]// Security and Privacy. IEEE, 2016: 414-432. |
[31] | MIKOLOV T , KARAFIáT M , BURGET L ,et al. Recurrent neural network based language model[C]// The 11th Annual Conference of the International Speech Communication Association. 2010. |
[32] | SIMON L , XU W , ANDERSON R . Don’t interrupt me while i type:inferring text entered through gesture typing on Android keyboards[J]. Proceedings on Privacy Enhancing Technologies, 2016(3): 136-154. |
[33] | 卿斯汉 . Android安全研究进展[J]. 软件学报, 2016,27(1): 45-71. |
QING S H . Research progress on Android Security[J]. Journal of Software, 2016,27(1): 45-71. | |
[34] | ARZT S , RASTHOFER S , FRITZ C ,et al. FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[C]// ACM Sigplan Conference on Programming Language Design and Implementation. 2014: 259-269. |
[35] | ENCK W , GILBERT P , CHUN B G ,et al. TaintDroid:an information flow tracking system for real-time privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2010,32(2): 1-29. |
[36] | AAFER Y , DU W , YIN H . DroidAPIMiner:mining API-level features for robust malware detection in Android[C]// International Conference on Security and Privacy in Communication Systems. 2013: 86-103. |
[37] | MARICONTI E , ONWUZURIKE L , ANDRIOTIS P ,et al. MamaDroid:detecting android malware by building Markov chains of behavioral models[C]// Network and Distributed Systems Security Symposium(NDSS'17). 2017. |
[38] | BABIL G S , MEHANI O , BORELI R ,et al. On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices[C]// IEEE International Conference on Security and Cryptography. 2015: 1-8. |
[39] | GRAA M , CUPPENS-BOULAHIA N , CUPPENS F ,et al. Detection of side channel attacks based on data tainting in Android systems[C]// IFIP International Conference on ICT Systems Security and Privacy Protection. 2017: 205-218. |
[40] | 吴敬征, 武延军, 罗天悦 ,等. 一种基于权限控制机制的 Android 系统隐蔽信道限制方法[J]. 中国科学院大学学报, 2015,32(5): 667-675. |
WU J Z , WU Y J , LUO T Y ,et al. A new mitigation approach for covert channel of Android operating system based on permission mechanism[J]. Journal of University of Chinese Academy of Sciences, 2015,32(5): 667-675. | |
[41] | SHRESTHA P , MOHAMED M , SAXENA N . Slogger:smashing motion-based touchstroke logging with transparent system noise[C]// ACM Conference on Security & Privacy in Wireless and Mobile Networks. 2016: 67-77. |
[42] | SCHWARZ M , LIPP M , GRUSS D ,et al. KeyDrown:eliminating software-based keystroke timing side-channel attacks[C]// Network and Distributed System Security Symposium. 2018. |
[43] | PETRACCA G , SUN Y , JAEGER T ,et al. Android:preventing attacks on audio channels in mobile devices[C]// Computer Security Applications Conference. 2015: 181-190. |
[44] | ZHANG N , YUAN K , NAVEED M ,et al. Leave me alone:app-level protection against runtime information gathering on Android[C]// IEEE Symposium on Security and Privacy. 2015: 915-930. |
[45] | FELT A P , HA E , EGELMAN S ,et al. Android permissions:user attention,comprehension,and behavior[C]// The Eighth Symposium on Usable Privacy and Security. 2012:3. |
[46] | LIPP M , GRUSS D , SPREITZER R ,et al. ARMageddon:cache attacks on mobile devices[C]// USENIX Security Symposium. 2016: 549-564. |
[47] | SPREITZER R , GRIESMAYR S , KORAK T ,et al. Exploiting data-usage statistics for website fingerprinting attacks on Android[C]// The 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. 2016: 49-60. |
[48] | APTHORPE N , REISMAN D , FEAMSTER N . A smart home is no castle:privacy vulnerabilities of encrypted IoT traffic[C]// Workshop on Data and Algorithmic Transparency. 2016. |
[1] | Zhanhui YUAN, Zhi YANG, Hongqi ZHANG, Shuyuan JIN, Xuehui DU. Android complex information flow analysis method based on communicating sequential process [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 156-168. |
[2] | Fan CHAO, Zhi YANG, Xuehui DU, Bing HAN. Classified risk assessment method of Android application based on multi-factor clustering selection [J]. Chinese Journal of Network and Information Security, 2021, 7(2): 161-173. |
[3] | Xin ZHANG,Weizhong QIANG,Yueming WU,Deqing ZOU,Hai JIN. Mining behavior pattern of mobile malware with convolutional neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 35-44. |
[4] | Fan CHAO,Zhi YANG,Xuehui DU,Yan SUN. Android malware detection method based on deep neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 67-79. |
[5] | Ning FANG,Weibing CAO,Donghe NI,Guandong DI. Accelerating cryptographic computation with parallel computing mechanisms in Android platform [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 50-55. |
[6] | Xiaoyan ZHU,Hui ZHANG,Jianfeng MA. Privacy protection system based on Hook for Android [J]. Chinese Journal of Network and Information Security, 2018, 4(4): 38-47. |
[7] | Jieming GU,Bowen SUN,Peng WU,Qi LI,Yanhui GUO. Anti-obfuscation Android application similarity detection method based on API call [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 63-68. |
[8] | Shuo ZHAO,Xin-sheng JI,Guo-zhen CHENG,Yu-xing MAO. Research on dynamic migration of critical virtual machines for multi-tenancy [J]. Chinese Journal of Network and Information Security, 2017, 3(8): 8-17. |
[9] | Hui-ying YAN,Zhen-ji ZHOU,Li-fa WU,Zheng HONG,He SUN. Symbolic execution based control flow graph extraction method for Android native codes [J]. Chinese Journal of Network and Information Security, 2017, 3(7): 33-46. |
[10] | Yi-lin YE,Zhen-ji ZHOU,Zheng HONG,Hui-ying YAN,Li-fa WU. Static-analysis-based event input generation approach for Android application [J]. Chinese Journal of Network and Information Security, 2017, 3(6): 21-32. |
[11] | Ya-wei WANG,Chang-gen PENG,Hong-fa DING,Kai ZHOU. Identity authentication scheme of Android client based on identifiers [J]. Chinese Journal of Network and Information Security, 2017, 3(4): 32-38. |
[12] | Xiao-min ZHANG,Jing LUI,Jun-xi ZHUANG,Ying-xu LAI. Research on Android malware detection based on permission and behavior [J]. Chinese Journal of Network and Information Security, 2017, 3(3): 51-57. |
[13] | Yi-min YANG,Tie-ming CHEN. Android malware family classification method based on the image of bytecodeConstruction of MDS matrices [J]. Chinese Journal of Network and Information Security, 2016, 2(6): 38-43. |
[14] | Jia CHEN,Shan-qing1 GUO. Toward discovering and exploiting private server-side Web API [J]. Chinese Journal of Network and Information Security, 2016, 2(12): 27-38. |
[15] | Jing-qiang LIU,Bin LI,Li-zhang CHEN,Bin CHEN. Research based on the method of Android system active defense without Root permission [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 65-73. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|