Anmol Sheth

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32p performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.

Tool release: gathering 802.11n traces with channel state information

We are pleased to announce the release of a tool that records detailed measurements of the wireless channel along with received 802.11 packet traces. It runs on a commodity 802.11n NIC, and records Channel State Information (CSI) based on the 802.11 standard. Unlike Receive Signal Strength Indicator (RSSI) values, which merely capture the total power received at the listener, the CSI contains information about the channel between sender and receiver at the level of individual data subcarriers, for each pair of transmit and receive antennas. Our toolkit uses the Intel WiFi Link 5300 wireless NIC with 3 antennas. It works on up-to-date Linux operating systems: in our testbed we use Ubuntu 10.04 LTS with the 2.6.36 kernel. The measurement setup comprises our customized versions of Intels close-source firmware and open-source iwlwifi wireless driver, userspace tools to enable these measurements, access point functionality for controlling both ends of the link, and Matlab (or Octave) scripts for data analysis. We are releasing the binary of the modified firmware, and the source code to all the other components.

Odessa: enabling interactive perception applications on mobile devices

Resource constrained mobile devices need to leverage computation on nearby servers to run responsive applications that recognize objects, people, or gestures from real-time video. The two key questions that impact performance are what computation to offload, and how to structure the parallelism across the mobile device and server. To answer these questions, we develop and evaluate three interactive perceptual applications. We find that offloading and parallelism choices should be dynamic, even for a given application, as performance depends on scene complexity as well as environmental factors such as the network and device capabilities. To this end we develop Odessa, a novel, lightweight, runtime that automatically and adaptively makes offloading and parallelism decisions for mobile interactive perception applications. Our evaluation shows that the incremental greedy strategy of Odessa converges to an operating point that is close to an ideal offline partitioning. It provides more than a 3x improvement in application performance over partitioning suggested by domain experts. Odessa works well across a variety of execution environments, and is agile to changes in the network, device and application inputs.

DIRC: increasing indoor wireless capacity using directional antennas

The demand for wireless bandwidth in indoor environments such as homes and offices continues to increase rapidly. Although wireless technologies such as MIMO can reach link throughputs of 100s of Mbps (802.11n) for a single link, the question of how we can deliver high throughput to a large number of densely-packed devices remains an open problem. Directional antennas have been shown to be an effective way to increase spatial reuse, but past work has focused largely on outdoor environments where the interactions between wireless links can usually be ignored. This assumption is not acceptable in dense indoor wireless networks since indoor deployments need to deal with rich scattering and multipath effects. In this paper we introduce DIRC, a wireless network design whose access points use phased array antennas to achieve high throughput in dense, indoor environments. The core of DIRC is an algorithm that increases spatial reuse and maximizes overall network capacity by optimizing the orientations of a network of directional antennas. We implemented DIRC and evaluated it on a nine node network in an enterprise setting. Our results show that DIRC improves overall network capacity in indoor environments, while being flexible enough to adapt to node mobility and changing traffic workloads.

Geo-fencing: Confining Wi-Fi Coverage to Physical Boundaries

We present a means of containing Wi-Fi coverage to physical boundaries that are meaningful to users. We call it geo-fencing . Our approach is based on directional antennas, and our motivation is to provide wireless access and privacy models that are a natural fit with user expectations. To evaluate geo-fencing, we use measurements from an indoor testbed of Wi-Fi nodes and APs with electronically-steerable directional antennas. We find that by combining directionality, power control and coding across multiple APs, we are able to successfully confine Wi-Fi coverage to clients located within target regions of varying shapes and sizes; we can select between nodes located as close as five feet from each other.

Privacy oracle: a system for finding application leaks with black box differential testing

We describe the design and implementation of Privacy Oracle, a system that reports on application leaks of user information via the network traffic that they send. Privacy Oracle treats each application as a black box, without access to either its internal structure or communication protocols. This means that it can be used over a broad range of applications and information leaks (i.e., not only Web traffic or credit card numbers). To accomplish this, we develop a differential testing technique in which perturbations in the application inputs are mapped to perturbations in the application outputs to discover likely leaks; we leverage alignment algorithms from computational biology to find high quality mappings between different byte-sequences efficiently. Privacy Oracle includes this technique and a virtual machine-based testing system. To evaluate it, we tested 26 popular applications, including system and file utilities, media players, and IM clients. We found that Privacy Oracle discovered many small and previously undisclosed information leaks. In several cases, these are leaks of directly identifying information that are regularly sent in the clear (without end-to-end encryption) and which could make users vulnerable to tracking by third parties or providers.

YouProve: authenticity and fidelity in mobile sensing

As more services have come to rely on sensor data such as audio and photos collected by mobile phone users, verifying the authenticity of this data has become critical for service correctness. At the same time, clients require the flexibility to tradeoff the fidelity of the data they contribute for resource efficiency or privacy. This paper describes YouProve, a partnership between a mobile devices trusted hardware and software that allows untrusted client applications to directly control the fidelity of data they upload and services to verify that the meaning of source data is preserved. The key to our approach is trusted analysis of derived data, which generates statements comparing the content of a derived data item to its source. Experiments with a prototype implementation for Android demonstrate that YouProve is feasible. Our photo analyzer is over 99% accurate at identifying regions changed only through meaning-preserving modifications such as cropping, compression, and scaling. Our audio analyzer is similarly accurate at detecting which sub-clips of a source audio clip are present in a derived version, even in the face of compression, normalization, splicing, and other modifications. Finally, performance and power costs are reasonable, with analyzers having little noticeable effect on interactive applications and CPU-intensive analysis completing asynchronously in under 70 seconds for 5-minute audio clips and under 30 seconds for 5-megapixel photos.

Ensemble: cooperative proximity-based authentication

Ensemble is a system that uses a collection of trusted personal devices to provide proximity-based authentication in pervasive environments. Users are able to securely pair their personal devices with previously unknown devices by simply placing them close to each other (e.g., users can pair their phones by just bringing them into proximity). Ensemble leverages a users growing collection of trusted devices, such as phones, music players, computers and personal sensors to observe transmissions made by pairing devices. These devices analyze variations in received signal strength (RSS) in order to determine whether the pairing devices are in physical proximity to each other. We show that, while individual trusted devices can not properly distinguish proximity in all cases, a collection of trusted devices can do so reliably. Our Ensemble prototype extends Diffie-Hellman key exchange with proximity-based authentication. Our experiments show that an Ensemble-enabled collection of Nokia N800 Internet Tablets can detect devices in close proximity and can reliably detect attackers as close as two meters away.

Pushing the envelope of indoor wireless spatial reuse using directional access points and clients

Recent work demonstrates that directional antennas have significant potential to improve wireless network capacity in indoor environments. This paper provides a broader exploration of the design space of indoor directional antenna systems along two main dimensions: antenna configuration and antenna control. Studying a number of alternative configurations, we find that directionality on APs and clients can significantly improve performance, even over other configurations with stronger directionality. Moreover, it is sufficient to have a small number of narrow beam antennas to achieve such gains, thus making such a solution practical for actual deployment. Designing systems with directional APs and clients for increased spatial reuse comes, however, with a number of challenges in the way the directional antennas are controlled. Antenna control needs to encompass antenna orientation algorithms, an appropriate MAC layer protocol, and novel client-AP association solutions. To overcome these challenges, we propose Speed, a distributed directional antenna control system that is easy to deploy and significantly improves network capacity over existing solutions.

802.11 with multiple antennas for dummies

The use of multiple antennas and MIMO techniques based on them is the key feature of 802.11n equipment that sets it apart from earlier 802.11a/g equipment. It is responsible for superior performance, reliability and range. In this tutorial, we provide a brief introduction to multiple antenna techniques. We describe the two main classes of those techniques, spatial diversity and spatial multiplexing. To ground our discussion, we explain how they work in 802.11n NICs in practice.