-
Taming the Android AppStore: Lightweight Characterization of Android Applications
Authors:
Luigi Vigneri,
Jaideep Chandrashekar,
Ioannis Pefkianakis,
Olivier Heen
Abstract:
There are over 1.2 million applications on the Google Play store today with a large number of competing applications for any given use or function. This creates challenges for users in selecting the right application. Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent. In our work, we f…
▽ More
There are over 1.2 million applications on the Google Play store today with a large number of competing applications for any given use or function. This creates challenges for users in selecting the right application. Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent. In our work, we first develop a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and apply this to a large selection of applications from the Google App Store. We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity. Our results underscore the need for a tool to provide users more visibility into the communication of apps installed on their mobile devices. To this end, we develop an Android application to do just this; our application monitors outgoing traffic, associates it with particular applications, and then identifies destinations in particular categories that we believe suspicious or else important to reveal to the end-user.
△ Less
Submitted 27 April, 2015; v1 submitted 23 April, 2015;
originally announced April 2015.
-
An empirical study of passive 802.11 Device Fingerprinting
Authors:
Christoph Neumann,
Olivier Heen,
Stéphane Onno
Abstract:
802.11 device fingerprinting is the action of characterizing a target device through its wireless traffic. This results in a signature that may be used for identification, network monitoring or intrusion detection. The fingerprinting method can be active by sending traffic to the target device, or passive by just observing the traffic sent by the target device. Many passive fingerprinting methods…
▽ More
802.11 device fingerprinting is the action of characterizing a target device through its wireless traffic. This results in a signature that may be used for identification, network monitoring or intrusion detection. The fingerprinting method can be active by sending traffic to the target device, or passive by just observing the traffic sent by the target device. Many passive fingerprinting methods rely on the observation of one particular network feature, such as the rate switching behavior or the transmission pattern of probe requests. In this work, we evaluate a set of global wireless network parameters with respect to their ability to identify 802.11 devices. We restrict ourselves to parameters that can be observed passively using a standard wireless card. We evaluate these parameters for two different tests: i) the identification test that returns one single result being the closest match for the target device, and ii) the similarity test that returns a set of devices that are close to the target devices. We find that the network parameters transmission time and frame inter-arrival time perform best in comparison to the other network parameters considered. Finally, we focus on inter-arrival times, the most promising parameter for device identification, and show its dependency from several device characteristics such as the wireless card and driver but also running applications.
△ Less
Submitted 25 April, 2014;
originally announced April 2014.
-
DNStamp: Short-lived Trusted Timestam**
Authors:
Christoph Neumann,
Olivier Heen,
Stéphane Onno
Abstract:
Trusted timestam** consists in proving that certain data existed at a particular point in time. Existing timestam** methods require either a centralized and dedicated trusted service or the collaboration of other participants using the timestam** service. We propose a novel trusted timestam** scheme, called DNStamp, that does not require a dedicated service nor collaboration between partic…
▽ More
Trusted timestam** consists in proving that certain data existed at a particular point in time. Existing timestam** methods require either a centralized and dedicated trusted service or the collaboration of other participants using the timestam** service. We propose a novel trusted timestam** scheme, called DNStamp, that does not require a dedicated service nor collaboration between participants. DNStamp produces shortlived timestamps with a validity period of several days. The generation and verification involves a large number of Domain Name System cache resolvers, thus removing any single point of failure and any single point of trust. Any host with Internet access may request or verify a timestamp, with no need to register to any timestam** service. We provide a full description and analysis of DNStamp. We analyze the security against various adversaries and show resistance to forward-dating, back-dating and erasure attacks. Experiments with our implementation of DNStamp show that one can set and then reliably verify timestamps even under continuous attack conditions.
△ Less
Submitted 11 March, 2014; v1 submitted 22 July, 2013;
originally announced July 2013.
-
Pretty Private Group Management
Authors:
Olivier Heen,
Erwan Le Merrer,
Christoph Neumann,
Stéphane Onno
Abstract:
Group management is a fundamental building block of today's Internet applications. Mailing lists, chat systems, collaborative document edition but also online social networks such as Facebook and Twitter use group management systems. In many cases, group security is required in the sense that access to data is restricted to group members only. Some applications also require privacy by kee** grou…
▽ More
Group management is a fundamental building block of today's Internet applications. Mailing lists, chat systems, collaborative document edition but also online social networks such as Facebook and Twitter use group management systems. In many cases, group security is required in the sense that access to data is restricted to group members only. Some applications also require privacy by kee** group members anonymous and unlinkable. Group management systems routinely rely on a central authority that manages and controls the infrastructure and data of the system. Personal user data related to groups then becomes de facto accessible to the central authority. In this paper, we propose a completely distributed approach for group management based on distributed hash tables. As there is no enrollment to a central authority, the created groups can be leveraged by various applications. Following this paradigm we describe a protocol for such a system. We consider security and privacy issues inherently introduced by removing the central authority and provide a formal validation of security properties of the system using AVISPA. We demonstrate the feasibility of this protocol by implementing a prototype running on top of Vuze's DHT.
△ Less
Submitted 22 November, 2011;
originally announced November 2011.