14-829 / 18-638: Mobile Security - Fall 2017
Assignment #3 - Sensor Driven Analytics versus Personal Privacy
- Due: October 19, 2017
- Description: Building on the previous assignments that asked you to steal a user's data and learn about
their activities, this assignment focuses on learning about their behaviors and other micro-activities, namely using
collection of data from activity/context sensors embedded in their device. While mobile devices have been well-equipped
with such sensors for well over a decade, developers are still trying to understand their value and researchers are still
still trying to understand the associated risks. Your task is to help understand the trade-offs between risk and value
of sensor data by studying a chosen sensing application and attack model.
- Tasks:
- Develop a sensing application - Write an app that accesses and records (on or off the device) data from at
least one embedded activity or context sensor (e.g., accelerometer, light) in the device, analyzes the sensor data, and provides
some value back to the user. Your app should be interesting enough that people would use it, but it doesn't need to be novel
(if you mimic an existing app or use an open-source app, be sure to provide proper attribution).
Constraints and Hints:
- You can use whatever permissions (either manifest or runtime) the application needs, as long as you justify the need for
each of the permissions.
- Recorded sensor data should be archived in a suitable way (e.g., using an sqlite database on device).
- Your app must include a mechanism to allow the user to control the granularity of sensor data that is collected and archived,
including parameters such as the sampling frequency, signal recording duration, and recording period (e.g., sample the
accelerometer at 100 Hz for five seconds every two minutes). The reason for this part will become clear in the later tasks.
- Minimal UI is sufficient (this is a security assignment, not a dev assignment), as long as the quality and value of
the analysis can be evaluated by the user.
- Learn something nefarious! - As a malicious player with access to the sensor data archive, come up with an
interesting attack in which you extract some privacy-sensitive information about the user from the sensor data (possibly
in concert with other data sources from the app).
Constraints and Hints:
- The privacy-sensitive information that you learn should not be obvious, given the application and user context. For
example, a fitness tracker should be able to know many physical details of the user, but it should not be able to learn
the user's banking password. As another example, tracking a user is an obvious side-effect of an app with fine-grained
location permission.
- More sensitive -> better.
- Be creative.
- Study trade-offs between value and security - Perform a parameter study (i.e., perform an experiment using many
different values of a parameter) relating the granularity control parameters of the sensing app to the apparent value of the
app and the success of the attack. Intuitively, when the app collects very fine-grained data, the value of the app and the
success of the attack would both be high, but if the granularity of sensing data is greatly reduced, both the app's value
and the attack success would degrade. This tasks requires you to come up with criteria for evaluating both the app's value
to the user and the success of the attack. If your app and attack are not affected by sensing granularity, maybe make a
more interesting app that is.
- Deliverables: Each student will submit a written summary of their efforts for the above tasks. Your report should
include:
- Code snippets to highlight important features of the required tasks,
- Examples of the type of sensor data being recorded, analytics being done, and impact of sensing granularity,
- Examples detailing how the attack works and the type of sensitive information exposed,
- Detailed step-by-step explanations of the relevant aspects of the app, analysis tools, and attack steps that demonstrate
your understanding of what the code is doing and why it works the way it does.
The written summary should be formatted as a single-column document using font size 11 or greater, converted to a .pdf
document for submission.
- Submission Instructions: Each student should submit a
.pdf
version of their written summary via Canvas,
using the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment
is allowed and encouraged, but all design, analysis, and writing tasks must be done individually (i.e., talking is allowed, but not
sharing anything written).
- Grading: This assignment is worth 35 points: seven (7) points for a detailed description of the app and its sensor
data analysis functionality, four (4) points for correct implementation of granularity controls and the sensor database, five (5)
points for suitability of the sensitive information extracted in the attack, four (4) points for appropriateness of attack analytics
methods, three (3) points for suitability of parameters varied in the Task 3 study, four (4) points for appropriateness of evaluation
metrics used in the study, five (5) points for sufficient depth of evaluation of the trade-offs in Task 3, and three (3) points for
including high-quality figures in the report. We reserve the right to take off points for presentation aspects, e.g., incorrect format,
poor writing, etc.