Skip navigation
Please use this identifier to cite or link to this item:
Title: User Authentication and Security Vulnerabilities Using Smartphone Sensors and Machine Learning
Authors: Lee, Wei-Han
Advisors: Lee, Ruby
Contributors: Electrical Engineering Department
Subjects: Computer science
Issue Date: 2019
Publisher: Princeton, NJ : Princeton University
Abstract: The ubiquity of mobile devices such as smartphones and wearable devices together with their ever-growing computing, networking, and sensing powers have been increasingly changing the landscape of our daily lives. These devices are often equipped with various embedded sensors including GPS, camera, microphone, environmental sensors (e.g., ambient light sensor and barometer), and motion sensors (e.g., accelerometer, gyroscope, and rotation sensor). There have been countless advances in effectively utilizing these sensors to improve the convenience of smartphone users. With the increasing development of embedded sensors in smartphones, the risks of leaking users' sensitive information through exploring these sensors have raised privacy and security concerns. Furthermore, an increasing amount of private and sensitive information is stored in our smartphones. For instance, 92:8% of Android smartphone users store private information in their smartphones. At the same time, smartphones have also become personal computing platforms for users to access private cloud services, e.g., e-banking and online social networks. This makes smartphones very attractive targets for attackers to get access to personal and valuable information. In this thesis, we aim to 1) improve mobile security by developing advanced user authentication systems through utilizing mobile sensors; 2) discover new vulnerabilities of the innocuous motion sensors embedded in mobile devices. User authentication is essential to thwart the privacy, confidentiality and integrity breaches possible through attacks on smartphones. Current login mechanisms use explicit authentication, which requires users' participation, e.g., passwords and fingerprints. However, repeated explicit authentications are not convenient for users and the system does not automatically authenticate the user again after the user passes the initial authentication. This creates significant risks for adversaries to take control of the users' smartphones, after the legitimate users' initial login. To protect smartphones from adversaries who masquerade as legitimate users, we propose secure re-authentication systems that exploit the embedded sensors of smartphones to achieve accurate authentication performance implicitly, efficiently, and continuously. Within the built-in sensors of mobile devices, some require users' permissions to obtain access because these sensors are explicitly utilized for collecting the users' sensitive information. However, motion sensors, such as the accelerometer, gyroscope and rotation sensor, do not require users' permissions, probably due to the assumption that data collected by these sensors are not sensitive. However, even motion sensors that do not require explicit permissions are still vulnerable to privacy attacks since their measurements are closely correlated with users' sensitive behavior patterns. We propose an attack to explore the feasibility of inferring users' inputs on the smartphone touchscreen using sensor data collected from motion sensors based on the observed correlations between the user inputs and the motions of the smartphone. Overall, this work analyzes various aspects of authentication and security vulnerabilities of smartphone sensors, in order to discover new opportunities and challenges for smartphone security.
Alternate format: The Mudd Manuscript Library retains one bound copy of each dissertation. Search for these copies in the library's main catalog:
Type of Material: Academic dissertations (Ph.D.)
Language: en
Appears in Collections:Electrical Engineering

Files in This Item:
File Description SizeFormat 
Lee_princeton_0181D_12821.pdf2.28 MBAdobe PDFView/Download

Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.