TY - GEN
T1 - Defensive Charging
T2 - 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020
AU - Matovu, Richard
AU - Serwadda, Abdul
AU - Bilbao, Argenis V.
AU - Griswold-Steiner, Isaac
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/3/16
Y1 - 2020/3/16
N2 - Mobile devices are increasingly relied upon in user's daily lives. This dependence supports a growing network of mobile device charging hubs in public spaces such as airports. Unfortunately, the public nature of these hubs make them vulnerable to tampering. By embedding illicit power meters in the charging stations an attacker can launch power side-channel attacks aimed at inferring user activity on smartphones (e.g., web browsing or typing patterns). In this paper, we present three power side-channel attacks that can be launched by an adversary during the phone charging process. Such attacks use machine learning to identify unique patterns hidden in the measured current draw and infer information about a user's activity. To defend against these attacks, we design and rigorously evaluate two defense mechanisms, a hardware-based and software-based solution. The defenses randomly perturb the current drawn during charging thereby masking the unique patterns of the user's activities. Our experiments show that the two defenses force each one of the attacks to perform no better than random guessing. In practice, the user would only need to choose one of the defensive mechanisms to protect themselves against intrusions involving power draw analysis.
AB - Mobile devices are increasingly relied upon in user's daily lives. This dependence supports a growing network of mobile device charging hubs in public spaces such as airports. Unfortunately, the public nature of these hubs make them vulnerable to tampering. By embedding illicit power meters in the charging stations an attacker can launch power side-channel attacks aimed at inferring user activity on smartphones (e.g., web browsing or typing patterns). In this paper, we present three power side-channel attacks that can be launched by an adversary during the phone charging process. Such attacks use machine learning to identify unique patterns hidden in the measured current draw and infer information about a user's activity. To defend against these attacks, we design and rigorously evaluate two defense mechanisms, a hardware-based and software-based solution. The defenses randomly perturb the current drawn during charging thereby masking the unique patterns of the user's activities. Our experiments show that the two defenses force each one of the attacks to perform no better than random guessing. In practice, the user would only need to choose one of the defensive mechanisms to protect themselves against intrusions involving power draw analysis.
KW - defensive charging
KW - keystroke inference
KW - power side-channel attacks
KW - website inference
UR - http://www.scopus.com/inward/record.url?scp=85083359223&partnerID=8YFLogxK
U2 - 10.1145/3374664.3375732
DO - 10.1145/3374664.3375732
M3 - Conference contribution
AN - SCOPUS:85083359223
T3 - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
SP - 179
EP - 190
BT - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 16 March 2020 through 18 March 2020
ER -