Security and Privacy in Mobile Devices
The quick rise in mobile device use has lead to the emergence of a wide variety of security and privacy issues that are close at hand to a large portion of the world's population. Modern mobile devices, however, are more than just telephones, more than computers, more than sensor-rich devices, and more than any other electronic device that has been on the market to date. They rely on a telecommunications infrastructure that was not designed with the diversity of rich applications and services that have emerged, so there is a fundamental mismatch between security models used in their design and the reality of the mobile space. Instead of treating mobile devices as "a telephone that runs apps" or "a computer that makes phone calls", we treat them as a system-of-systems with deep interactions and dependencies among component systems. Along these lines, we have been investigating various issues of security and privacy in telecommunications, personal area networking, near-field communications (NFC), mobile operating systems, mobile applications and permission models, and so on.
Security & Privacy in Mobile Apps and Services
Smartphones have forever changed the mobile telecommunication and computing landscape. Mobile operating systems now support a diverse set of applications and services provided by major software providers as well as third-party developers around the globe. However, the unique system-of-systems nature of smartphones and tablets, comprising communication, networking, sensing, actuation, storage, navigation, and various other features, break the typical computer security, communication security, and network security definitions and force a drastic re-imagining of mobile security and privacy. Our work focuses on these aspects of mobile security that do not align with the existing definitions and models.
Related Publications
- Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, Patrick Tague, and Lorrie Faith Cranor, "Supporting Privacy-Conscious App Update Decisions with User Reviews", 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Oct 2015. [pdf,bib]
- Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur-Lih Tan, Nicolas Christin, and Patrick Tague, "A5: Automated Analysis of Adversarial Android Applications", ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Nov 2014. [pdf,bib]
- Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague, "OAuth Demystified for Mobile Application Developers", ACM Conference on Computer and Communications Security (CCS), Nov 2014. [pdf,bib]
- Su Mon Kywe, Christopher Landis, Yutong Pei, Justin Satterfield, Yuan Tian, and Patrick Tague, "PrivateDroid: Private Browsing Mode for Android", IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Sep 2014. [pdf,bib]
- Le T. Nguyen, Yu Seung Kim, Patrick Tague, and Joy Zhang, "IdentityLink: User-Device Linking through Visual and RF-Signal Cues", ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp), Sep 2014. [pdf,bib]
- Le T. Nguyen, Yuan Tian, Sungho Cho, Wookjong Kwak, Sanjay Parab, Yu Seung Kim, Patrick Tague, and Joy Zhang, "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught", International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS), Jun 2013. [pdf,bib]
- Ryan Caney, Christopher Dorros, Stuart Kennedy, Gregory Owens, and Patrick Tague, "Mobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile Devices", Carnegie Mellon University, CyLab, Technical Report CMU-CyLab-13-015, 2013. [pdf,bib]
- Jason Wu, Lin Qi, Nishant Kumar, Ram Shankar Siva Kumar, and Patrick Tague, "S-SPAN: Secure Smart Posters in Android using NFC", 13th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), Jun 2012. (demo) [pdf,bib]
Telecommunication System Security
Telecommunication systems have evolved significantly and rapidly in recent years. Since much of the evolution has been pushed by customer demand for higher quality and faster data rates, service providers have often overlooked threats and vulnerabilities in their system designs in favor of faster response to customer needs. In an effort to push for more reliable and resilient telecommunications, we have studied a number of such threats and vulnerabilities that can be addressed using practical techniques that do not incur significant overhead or modification to production systems. At a more fundamental level, we are also investigating deeper redesign of the telecommunication infrastructure to study alternatives that could drastically improve service quality to users, costs to service providers, and capabilities for all parties.
Related Publications
- Brian Ricks and Patrick Tague, "Isolation of Multiple Anonymous Attackers in Mobile Networks", 9th International Conference on Network and System Security, Nov 2015. [pdf,bib]
- Bob Iannucci, Patrick Tague, Ole Mengshoel, and Jason Lohn, "CROSSMobile: A Cross-Layer Architecture for Next-Generation Wireless Systems", Carnegie Mellon University Silicon Valley, Technical Report CMU-SV-14-001, 2014. [pdf,bib]
- Shrikant Adhikarla, Min Suk Kang, and Patrick Tague, "Selfish Manipulation of Cooperative Cellular Communications via Channel Fabrication", 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Apr 2013. [pdf,bib]
- Patrick Tague, Mingyan Li, and Radha Poovendran, "Mitigation of Control Channel Jamming under Node Capture Attacks", IEEE Transactions on Mobile Computing, vol. 8, no. 9, Sep 2009. [pdf,bib]
- Patrick Tague, Mingyan Li, and Radha Poovendran, "Probabilistic Mitigation of Control Channel Jamming via Random Key Distribution", 18th Annual IEEE International Symposium on Personal, Indoor, and Mobile Radio Communication (PIMRC), Sep 2007. (best paper award) [pdf,bib]