Sensor-Based Mobile Web Cross-Site Input Inference Attacks and Defenses

Rui Zhao, Chuan Yue, Qi Han

Research output: Contribution to journalArticlepeer-review

Abstract

In this paper, we investigate the accelerometer and gyroscope motion sensor-based cross-site input inference attacks that may compromise the security of many mobile Web users, and quantify the extent to which they can be effective. We formulate our attacks as a typical multi-class classification problem and build an inference framework that trains a classifier in the training phase and predicts the user's new inputs in the attacking phase. To make our attacks effective and realistic, we design unique techniques and address major data quality and data segmentation challenges. We intensively evaluate the effectiveness of our attacks using 98 691 keystrokes collected from 20 participants. Overall, our attacks are effective, for example, they are about 10.8 times more effective than the random guessing attacks regarding inferring letters. We also perform experiments to evaluate the effect of using the data perturbation defense techniques on decreasing the accuracy of our input inference attacks. Our results demonstrate that researchers, smartphone vendors, and app developers should pay serious attention to the motion sensor-based cross-site input inference attacks that can be pervasively performed, and start to design and deploy effective defense techniques.

Original languageEnglish (US)
Pages (from-to)75-89
Number of pages15
JournalIEEE Transactions on Information Forensics and Security
Volume14
Issue number1
DOIs
StatePublished - Jan 2019

Keywords

  • Mobile
  • Web
  • input inference
  • motion sensor

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Sensor-Based Mobile Web Cross-Site Input Inference Attacks and Defenses'. Together they form a unique fingerprint.

Cite this