14-829: Mobile Security

14-829 / 18-638: Mobile Security - Fall 2017



Assignment #3 - Sensor Driven Analytics versus Personal Privacy

Due: October 19, 2017

Description: Building on the previous assignments that asked you to steal a user's data and learn about their activities, this assignment focuses on learning about their behaviors and other micro-activities, namely using collection of data from activity/context sensors embedded in their device. While mobile devices have been well-equipped with such sensors for well over a decade, developers are still trying to understand their value and researchers are still still trying to understand the associated risks. Your task is to help understand the trade-offs between risk and value of sensor data by studying a chosen sensing application and attack model.

Tasks:
  1. Develop a sensing application - Write an app that accesses and records (on or off the device) data from at least one embedded activity or context sensor (e.g., accelerometer, light) in the device, analyzes the sensor data, and provides some value back to the user. Your app should be interesting enough that people would use it, but it doesn't need to be novel (if you mimic an existing app or use an open-source app, be sure to provide proper attribution).
    Constraints and Hints:
    • You can use whatever permissions (either manifest or runtime) the application needs, as long as you justify the need for each of the permissions.
    • Recorded sensor data should be archived in a suitable way (e.g., using an sqlite database on device).
    • Your app must include a mechanism to allow the user to control the granularity of sensor data that is collected and archived, including parameters such as the sampling frequency, signal recording duration, and recording period (e.g., sample the accelerometer at 100 Hz for five seconds every two minutes). The reason for this part will become clear in the later tasks.
    • Minimal UI is sufficient (this is a security assignment, not a dev assignment), as long as the quality and value of the analysis can be evaluated by the user.
  2. Learn something nefarious! - As a malicious player with access to the sensor data archive, come up with an interesting attack in which you extract some privacy-sensitive information about the user from the sensor data (possibly in concert with other data sources from the app).
    Constraints and Hints:
    • The privacy-sensitive information that you learn should not be obvious, given the application and user context. For example, a fitness tracker should be able to know many physical details of the user, but it should not be able to learn the user's banking password. As another example, tracking a user is an obvious side-effect of an app with fine-grained location permission.
    • More sensitive -> better.
    • Be creative.
  3. Study trade-offs between value and security - Perform a parameter study (i.e., perform an experiment using many different values of a parameter) relating the granularity control parameters of the sensing app to the apparent value of the app and the success of the attack. Intuitively, when the app collects very fine-grained data, the value of the app and the success of the attack would both be high, but if the granularity of sensing data is greatly reduced, both the app's value and the attack success would degrade. This tasks requires you to come up with criteria for evaluating both the app's value to the user and the success of the attack. If your app and attack are not affected by sensing granularity, maybe make a more interesting app that is.
Deliverables: Each student will submit a written summary of their efforts for the above tasks. Your report should include:
  • Code snippets to highlight important features of the required tasks,
  • Examples of the type of sensor data being recorded, analytics being done, and impact of sensing granularity,
  • Examples detailing how the attack works and the type of sensitive information exposed,
  • Detailed step-by-step explanations of the relevant aspects of the app, analysis tools, and attack steps that demonstrate your understanding of what the code is doing and why it works the way it does.
The written summary should be formatted as a single-column document using font size 11 or greater, converted to a .pdf document for submission.

Submission Instructions: Each student should submit a .pdf version of their written summary via Canvas, using the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment is allowed and encouraged, but all design, analysis, and writing tasks must be done individually (i.e., talking is allowed, but not sharing anything written).

Grading: This assignment is worth 35 points: seven (7) points for a detailed description of the app and its sensor data analysis functionality, four (4) points for correct implementation of granularity controls and the sensor database, five (5) points for suitability of the sensitive information extracted in the attack, four (4) points for appropriateness of attack analytics methods, three (3) points for suitability of parameters varied in the Task 3 study, four (4) points for appropriateness of evaluation metrics used in the study, five (5) points for sufficient depth of evaluation of the trade-offs in Task 3, and three (3) points for including high-quality figures in the report. We reserve the right to take off points for presentation aspects, e.g., incorrect format, poor writing, etc.