Home > Research > Publications & Outputs > Find Me A Safe Zone

Electronic data

  • elsarticle-template-5-harv

    Rights statement: This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 80, 2019 DOI: 10.1016/j.cose.2018.09.017

    Accepted author manuscript, 1 MB, PDF-document

    Embargo ends: 13/10/19

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Links

Text available via DOI:

View graph of relations

Find Me A Safe Zone: A Countermeasure for Channel State Information Based Attacks

Research output: Contribution to journalJournal article

Published
Close
<mark>Journal publication date</mark>01/2019
<mark>Journal</mark>Computers and Security
Volume80
Number of pages18
Pages (from-to)273-290
Publication statusPublished
Early online date13/10/18
Original languageEnglish

Abstract

Recently, channel state information (CSI) is shown to be an effective side-channel to perform attacks in public environments. Prior work has demonstrated that by analyzing how the CSI measurements of the wireless signal are affected by the mobile user's finger movements or gestures, an attacker can recover the user's input with a high success rate. Furthermore, the setup of this new attack is trivial, where the adversary only needs to place one or two malicious wireless devices near the target user. It would be difficult for many users to identify the nearby malicious devices while they want to continue to use mobile applications in public places. This dilemma makes protection of CSI-based attacks an urgent need. This article presents the first countermeasure for CSI-based attacks. Our key insight is that the success of any CSI-based attack requires high-quality CSI measurements; and we can significantly reduce the risk of information leakage by directing the user to a nearby location where the CSI readings are inherently noisy. To this end, we develop a regression based method to assess the risk of CSI-based attacks and exploit a well-established localization technique to identify potential malicious wireless devices. We then use this information to guide the user to a safe zone. We evaluate our approach by applying it to protect pattern lock and keystrokes in various indoor and outdoor environments. Experimental results show that our approach can effectively protect mobile users against CSI-based attacks.

Bibliographic note

This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 80, 2019 DOI: 10.1016/j.cose.2018.09.017