Secure Interaction Design for Mobile Systems

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "Secure Interaction Design for Mobile Systems"

By

Mr. Lin YANG


Abstract

With the ability to interact with the user, connect to the other peers, 
and sense the environment, smart devices, including mobile devices, 
wearables, and Internet-of-Thing devices, have enabled a plethora of 
promising applications and penetrated into every part of our life. Along 
with the great convenience it brought, it also comes an increasing concern 
on smart device's security issues, as the data involved is often extremely 
valuable and highly sensitive. Also, the limited computing resource, 
growing data transmission capability and expanding device-device 
connectivity have aggravated the security threats.

In this thesis, we focus on the security issues in the interactions of 
smart device. Three major types of interactions exist in the ecosystem of 
the smart device:

(1) User-device interaction defines how the user accesses the device. From 
the perspective of security design, we put our focus on determining what 
information can be accessed by the current user. To this end, a 
fundamental problem is to recognize who is using the smart device, i.e, 
user identification. In this thesis, we leverage the bio-vibrometry to 
enable a novel user identification system, VibID, for smart devices. By 
examining the vibration response patterns of the human arm at different 
frequencies, our system can ensure an identification accuracy above 91% in 
small-scale scenarios with 8 users and is robust to various confounding 
factors.

(2) Device-device connection creates direct communication links among 
smart devices. Fueled by the wide adoption of smart devices, the 
device-device connection is prevalent and forming secure pairing between 
devices lays the foundations of the security protection and data privacy 
preservation. In this thesis, we propose two solutions for this problem. 
Touch-And-Guard (TAG) is a system that uses hand touch as an intuitive 
manner to establish a secure connection between a wristband wearable and 
the touched device. It generates secret bits from hand resonant properties 
and uses it to authenticate each other and then communicate 
confidentially. We demonstrate the feasibility of our system using an 
experimental prototype and conduct experiments on 12 users. The results 
indicate that our system can generate secret bits at a rate of 7.84 bit/s, 
which is 58% faster than conventional text input PIN authentication.

Apart from this, we further leverage the Electromyogram signal (EMG) 
caused by human muscle contraction to generate a secret key. Extensive 
evaluation on 10 volunteers under different scenarios demonstrates that 
our system, EMG-KEY, can achieve a competitive bit generation rate of 5.51 
bit/s while maintaining a matching probability of 88.84%. Also, the 
evaluation results with the presence of adversaries demonstrate our system 
is very secure to strong attackers who can eavesdrop on proximate wireless 
communication, capture and imitate legitimate pairing process with the 
help of a camera.

(3) In the context of device-environment sensing, we investigate two 
issues. The first one is how to prevent piracy photo taking, which is one 
of the most disturbing issues resulted from the smart device's 
unrestricted sensing ability. To prevent piracy photo taking on the 
physical intelligence properties, such as painting, sculpture, we propose 
a new lighting system, Rolling-Light, to pollute the piracy photos on the 
mobile camera, but retain a good visual quality for the human observer. By 
carefully modulating the chromatic change and luminance flicker into the 
light system, we can introduce non-uniform variation into the reflected 
light energy from physical objects, thus maximize the distortion caused by 
the camera's banding effect. Meanwhile, due to the color fusion ability 
and low-bandpass characteristics of human vision, the visual quality for 
the human observer is not affected. Extensive objective evaluations under 
different scenarios indicate that our system is robust with different 
confounding factors and can significantly pollute the piracy photos on 
various devices.

After that, we investigate how to unobtrusively track users in the indoor 
scenario. To this end, we explore the nonlinearity characteristics of the 
ambient light sensor to sense the high-frequency modulated location 
information with a low sampling rate. In particular, due to the nonlinear 
characteristics of electronic components inside the circuit, the amplifier 
in ALS exhibits some levels of nonlinearity. When two high-frequency 
signals are perceived by the ALS simultaneously, such nonlinearity renders 
the output signal of amplifier violate the linear superposition rule and 
generate a low-frequency shadow signal. In light of this idea, we build a 
low-power and unobtrusive indoor localization system, NALoc. Our 
experiments on ALS sensors from Apple and Samsung devices confirm the 
feasibility of our system and extensive experiment demonstrates that it is 
possible to derive the fine-grained location information unobtrusively 
from the ALS readings, which exposes a brand-new security threat.


Date:			Friday, 11 August 2017

Time:			1:00pm - 3:00pm

Venue:			Room 2611
 			Lifts 31/32

Chairman:		Prof. Ricky Lee (MAE)

Committee Members:	Prof. Qian Zhang (Supervisor)
 			Prof. Kai Chen
 			Prof. Xiaojuan Ma
 			Prof. Yu-Hsing Wang (CIVL)
 			Prof. Dan Wang (Computing, PolyU)


**** ALL are Welcome ****