Access the full text.
Sign up today, get DeepDyve free for 14 days.
Omer Shwartz, Amir Cohen, A. Shabtai, Yossef Oren (2018)
Shattered Trust: When Replacement Smartphone Components AttackArXiv, abs/1805.04850
Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, S. Mangard (2016)
Systematic Classification of Side-Channel Attacks: A Case Study for Mobile DevicesIEEE Communications Surveys & Tutorials, 20
Yan Michalevsky, Aaron Schulman, Gunaa Veerapandian, D. Boneh, Gabi Nakibly (2015)
PowerSpy: Location Tracking Using Mobile Device Power Analysis
R. Novak (2002)
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
Lukasz Olejnik, Gunes Acar, C. Castelluccia, Claudia Díaz (2015)
The Leaking Battery - A Privacy Analysis of the HTML5 Battery Status API
Bert Boer, Kerstin Lemke-Rust, Guntram Wicke (2002)
A DPA Attack against the Modular Reduction within a CRT Implementation of RSA
Qing Yang, Paolo Gasti, Gang Zhou, A. Farajidavar, K. Balagani (2017)
On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-ChannelIEEE Transactions on Information Forensics and Security, 12
Laurent Simon, W. Xu, Ross Anderson (2016)
Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android KeyboardsProceedings on Privacy Enhancing Technologies, 2016
A. Carroll, G. Heiser (2010)
An Analysis of Power Consumption in a Smartphone
D. Song, D. Wagner, Xuqing Tian (2001)
Timing Analysis of Keystrokes and Timing Attacks on SSH
Emmanuel Owusu, Jun Han, Sauvik Das, A. Perrig, J. Zhang (2012)
ACCessory: password inference using accelerometers on smartphones
Hui Ding, Goce Trajcevski, P. Scheuermann, Xiaoyue Wang, Eamonn Keogh (2008)
Querying and mining of time series data: experimental comparison of representations and distance measuresProc. VLDB Endow., 1
Lukasz Olejnik, Steven Englehardt, Arvind Narayanan (2017)
Battery Status Not Included: Assessing Privacy in Web Standards
Zhi Xu, Kun Bai, Sencun Zhu (2012)
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
(2005)
Atmel’s ATmega406 AVR Microcontroller Provides Full Smart Battery and Battery Protection Functionality for 2 - 4 Li-ion Cells in a Single Chip
(2002)
Computer Networks (4th ed.)
Denis Kune, Yongdae Kim (2010)
Timing attacks on PIN input devices
Shane Clark, H. Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, Wenyuan Xu (2013)
Current Events: Identifying Webpages by Tapping the Electrical Outlet
Shuo Gao, J. Lai, A. Nathan (2016)
Fast Readout and Low Power Consumption in Capacitive Touch Screen Panel by DownsamplingJournal of Display Technology, 12
K. Tiri, I. Verbauwhede (2005)
Design method for constant power consumption of differential logic circuitsDesign, Automation and Test in Europe
Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang (2016)
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis2016 IEEE Symposium on Security and Privacy (SP)
Qinglong Wang, Amir Yahyavi, Bettina Kemme, Wenbo He (2015)
I know what you did on your smartphone: Inferring app usage over encrypted data traffic2015 IEEE Conference on Communications and Network Security (CNS)
Jun Han, Emmanuel Owusu, Le Nguyen, A. Perrig, J. Zhang (2012)
ACComplice: Location inference using accelerometers on smartphones2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012)
D. Berndt, J. Clifford (1994)
Using Dynamic Time Warping to Find Patterns in Time Series
E. Miluzzo, A. Varshavsky, Suhrid Balakrishnan, Romit Choudhury (2012)
Tapprints: your finger taps have fingerprints
Yimin Chen, Xiaocong Jin, Jingchao Sun, Rui Zhang, Yanchao Zhang (2017)
POWERFUL: Mobile app fingerprinting via power analysisIEEE INFOCOM 2017 - IEEE Conference on Computer Communications
Zhuang Li, F. Zhou, J. Tygar (2009)
Keyboard acoustic emanations revisitedACM Trans. Inf. Syst. Secur., 13
Matthew Halpern, Yuhao Zhu, V. Reddi (2016)
Mobile CPU's rise to power: Quantifying the impact of generational mobile CPU design trends on performance, energy, and user satisfaction2016 IEEE International Symposium on High Performance Computer Architecture (HPCA)
Anirudh Badam, Ranveer Chandra, Jon Dutra, Anthony Ferrese, Steve Hodges, Pan Hu, J. Meinershagen, T. Moscibroda, B. Priyantha, E. Skiani (2015)
Software defined batteriesProceedings of the 25th Symposium on Operating Systems Principles
Kehuan Zhang, Xiaofeng Wang (2009)
Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems
J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, N. Suri (2015)
Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance - Volume 9481
Michael Schwarz, Moritz Lipp, D. Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, S. Mangard (2017)
KeyDrown: Eliminating Keystroke Timing Side-Channel AttacksArXiv, abs/1706.06381
Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, Y. Yarom (2016)
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side ChannelsProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Michael Schwarz, Moritz Lipp, D. Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, S. Mangard (2018)
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Riccardo Spolaor, Laila Abudahi, Veelasha Moonsamy, M. Conti, R. Poovendran (2016)
No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices
A. Krizhevsky, I. Sutskever, Geoffrey Hinton (2012)
ImageNet classification with deep convolutional neural networksCommunications of the ACM, 60
L. Du (2016)
An Overview of Mobile Capacitive Touch Technologies TrendsArXiv, abs/1612.08227
(2013)
Android Headlines: Samsung Reaching 80 Million Galaxy S4
AbstractMobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information.We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device.We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks.In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.
Proceedings on Privacy Enhancing Technologies – de Gruyter
Published: Oct 1, 2018
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.