Defensive Charging: Mitigating Power Side-Channel Attacks on Charging Smartphones

Richard Matovu, Abdul Serwadda, Argenis V. Bilbao, Isaac Griswold-Steiner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Mobile devices are increasingly relied upon in user's daily lives. This dependence supports a growing network of mobile device charging hubs in public spaces such as airports. Unfortunately, the public nature of these hubs make them vulnerable to tampering. By embedding illicit power meters in the charging stations an attacker can launch power side-channel attacks aimed at inferring user activity on smartphones (e.g., web browsing or typing patterns). In this paper, we present three power side-channel attacks that can be launched by an adversary during the phone charging process. Such attacks use machine learning to identify unique patterns hidden in the measured current draw and infer information about a user's activity. To defend against these attacks, we design and rigorously evaluate two defense mechanisms, a hardware-based and software-based solution. The defenses randomly perturb the current drawn during charging thereby masking the unique patterns of the user's activities. Our experiments show that the two defenses force each one of the attacks to perform no better than random guessing. In practice, the user would only need to choose one of the defensive mechanisms to protect themselves against intrusions involving power draw analysis.

Original languageEnglish
Title of host publicationCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages179-190
Number of pages12
ISBN (Electronic)9781450371070
DOIs
StatePublished - Mar 16 2020
Event10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 - New Orleans, United States
Duration: Mar 16 2020Mar 18 2020

Publication series

NameCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

Conference

Conference10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020
CountryUnited States
CityNew Orleans
Period03/16/2003/18/20

Keywords

  • defensive charging
  • keystroke inference
  • power side-channel attacks
  • website inference

Fingerprint Dive into the research topics of 'Defensive Charging: Mitigating Power Side-Channel Attacks on Charging Smartphones'. Together they form a unique fingerprint.

Cite this