Atkinson, JS;
Rio, M;
Mitchell, JE;
Matich, G;
(2018)
Your WiFi is leaking: what do your mobile apps gossip about you?
Future Generation Computer Systems
, 80
pp. 546-557.
10.1016/j.future.2016.05.030.
Preview |
Text
Atkinson1-s2.0-S0167739X16301480-main.pdf Download (1MB) | Preview |
Abstract
This paper describes how mobile device apps can inadvertently broadcast personal information through their use of wireless networks despite the correct use of encryption. Using a selection of personas we illustrate how app usage can be tied to personal information. Users would likely assume the confidentiality of personal information (including age, religion, sexuality and gender) when using an encrypted network. However, we demonstrate how encrypted traffic pattern analysis can allow a remote observer to infer potentially sensitive data passively and undetectably without any network credentials. Without the ability to read encrypted WiFi traffic directly, we process the limited side-channel data available (timings and frame sizes) to enable remote app detection. These side-channel data measurements are represented as histograms and used to construct a Random Forest classifier capable of accurately identifying mobile apps from the encrypted traffic they cause. The Random Forest algorithm was able to correctly identify apps with a mean accuracy of ∼99% within the training set. The classifier was then adapted to form the core of a detection program that could monitor multiple devices in real-time. Tests in a closed-world scenario showed 84% accuracy and demonstrated the ability to overcome the data limitations imposed by WiFi encryption. Although accuracy suffers greatly (67%) when moving to an open-world scenario, a high recall rate of 86% demonstrates that apps can unwittingly broadcast personal information openly despite using encrypted WiFi. The open-world false positive rate (38% overall, or 72% for unseen activity alone) leaves much room for improvement but the experiment demonstrates a plausible threat nevertheless. Finally, avenues for improvement and the limitations of this approach are identified. We discuss potential applications, strategies to prevent these leaks, and consider the effort required for an observer to present a practical privacy threat to the everyday WiFi user. This paper presents and demonstrates a nuanced and difficult to solve privacy vulnerability that cannot not be mitigated without considerable changes to current- and next-generation wireless communication protocols.
| Type: | Article |
|---|---|
| Title: | Your WiFi is leaking: what do your mobile apps gossip about you? |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1016/j.future.2016.05.030 |
| Publisher version: | http://dx.doi.org/10.1016/j.future.2016.05.030 |
| Language: | English |
| Additional information: | Copyright © 2016 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/) |
| Keywords: | WiFi; Mobile apps; Privacy; Security; Data protection; Information inference |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Electronic and Electrical Eng |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1497081 |
Archive Staff Only
 |
View Item |
