Bingfei Ren

Personal Privacy Protection Framework Based on Hidden Technology for Smartphones

Smartphones are increasingly used for storing a large amount of sensitive used data. Users can protect their sensitive data through encryption and locking screen. A pattern lock is one of the ways to lock a screen. This method is used by most users because of its ease of use and memorization. However, a pattern lock with low security level is inadequate to protect the sensitive data of the user when it encounters a brute force or other physical attack (e.g., smudge attack). Furthermore, it bypasses all of the protection measures of mobile device when users are coerced into disclosing their passwords. Steganographic techniques and deniable encryption are designed to protect the sensitive data of the user as well as secure communications and can hide sensitive data on a disk or during communication with other devices. To overcome these deficiencies that mobile devices present, we present a novel, practical safe framework called MobiMimosa that is based on plausible deniable encryption. MobiMimosa enables multiple hidden encryption volumes and dynamic mounting of hidden volumes, which facilitates the transfer of sensitive data from a normal volume to a hidden volume. Simultaneously, to meet the personalized needs of the security of the mobile device, MobiMimosa enables a strategy to be set that can trigger the uninstalling of a sensitive app and the destruction of sensitive data. MobiMimosa also greatly alleviates corruption of the cross-volume boundary that is present in previous smartphone PDE schemes. We implemented a prototype system on the android device.

MobiGemini: sensitive-based data and resource protection framework for mobile device

With the popularity of smartphones and the rapid development of mobile internet, smartphone becomes an important tool that store sensitive data of owner. Encryption naturally becomes a necessary means of protection. In certain situations, this is inadequate, as user may be coerced to hand over decryption keys or passwords of sensitive APP (AliPay) on mobile device. Therefore, only encryption cannot protect sensitive APP and privacy data stored on user’s smartphone. To address these obstacles, we design a protection system called MobiGemini. It enables automatic uninstalling service that can immediately uninstall multiple APP at same time, and also enabling plausibly deniable encryption (PDE) on mobile devices by hiding encrypted volume within random data in free space of cache partition. We improve the key store way of previous PDE schemes on mobile device. The evaluation results show that the scheme introduces a few overhead compared with original android system enabling full disk encryption.

Research, implementation, and improvement of MPTCP on mobile smart devices

ABSTRACT As more and more mobile smart devices (MSDs) are equipped with multiple wireless network interfaces (e.g. WiFi, cellular, etc.), MultiPath TCP (MPTCP) can enable MSDs to send data over several interfaces or paths and can achieve better throughput and robust data transfers. MPTCP thus attracts an increasing interest from both academia and industry. This paper systematically studies MPTCP and clearly describes the relationship between each portions of MPTCP. Up to now, MPTCP has not been widely used in the mobile Internet, one of the reasons is that it is a challenge to research, implement and test MPTCP on the actual MSDs. To overcome the shortcoming of the existing researches on MPTCP being mainly limited to network simulators, a novel approach to port MPTCP to MSDs is proposed, which includes three main steps: first, run real mobile operating system (MOS) on VirtualBox; second, port MPTCP to MOS on VirtualBox and test; third, directly copy modified files in the second step to real MOS on MSD and test. By using this method, MPTCP V0.90 is successfully ported to a real smartphone running Android-7.1.1 for the first time. The validity of the method is proved by experiments. In addition, this paper improves the subpath establishment algorithm of MPTCP and applies the improved MPTCP to Mobile Ad Hoc Network (MANET) constructed by MSDs, the test result shows that our algorithm has better performance than the original MPTCP in achieving higher data throughput.

Performance enhancement of multipath TCP in mobile Ad Hoc networks

In some special circumstances, e.g. tsunamis, floods, battlefields, earthquakes, etc., communication infrastructures are damaged or non-existent, as well as unmanned aerial vehicle (UAV) cluster. For the communication between people or UAVs, UAVs or mobile smart devices (MSDs) can be used to construct Mobile Ad Hoc Networks (MANETs), and Multipath TCP (MPTCP) can be used to simultaneously transmit in one TCP connection via multiple interfaces of MSDs. However the original MPTCP subpaths creating algorithm can establish multiple subpaths between two adjacent nodes, thus cannot achieve true concurrent data transmission. To solve this issue, we research and improve both the algorithm of adding routing table entries and the algorithm of establishing subpaths to offer more efficient use of multiple subpaths and better network traffic load balancing. The main works are as follows: (1) improve multi-hop routing protocol; (2) run MPTCP on UAVs or MSDs; (3) improve MPTCP subpaths establishment algorithm. The results show that our algorithms have better performance than the original MPTCP in achieving higher data throughput.

Poster: Sdguard: An Android Application Implementing Privacy Protection and Ransomware Detection

Currently, the smartphone has become an essential communication and amusement tool, which has strong computing power and a variety of functions. Especially, the market share of smartphone with android system account for 84% in 2016[1]. Under android system, a large of privacy data (e.g. photos or videos) are stored in external storage (emulated Sdcard storage), which can be accessed by installed apps. This not only results in privacy leakage but also incurs ransomware attack[2] (e.g. simplocker). Therefore, we present Sdguard, an app, can implement fine-grain permission control based on Linux DAC mechanism and detect ransomware which encrypts content of file stored in external storage or lock user screen. To install Sdguard app, we need to ensure that the smartphone has been rooted and use FUSE filesystem on external storage. During installing, sdcard daemon of android (i.e. FUSE daemon) is replaced by our customized sdcard daemon. After rebooting system, the customized daemon is loaded, and each component of Sdguard is running.

Poster: EasyDefense: Towards Easy and Effective Protection Against Malware for Smartphones

As the dominant mobile operating system in the markets of smartphones, Android platform is increasingly targeted by attackers. Besides, attackers often produce novel malware to bypass the conventional detection approaches, which are largely reliant on expert analysis to design the discriminative features manually. Therefore, more effective and easy-to-use approaches for detection of Android malware are in demand. In this paper, we design and implement EasyDefense, a lightweight defense system that is integrated with Android OS for easy and effective detection of Android malware utilizing machine learning methods and the ensemble of them. Besides universal static features such as permissions and API calls, EasyDefense also employs the N-gram features of operation codes (opcodes). These N-gram features are extracted and learnt automatically from raw data of applications. Experimental results on 204,650 applications show that users can easily and effectively protect the privacy and security on their smartphones through this system.

EasyGuard: enhanced context-aware adaptive access control system for android platform: poster

Applications in Android often have the ability of accessing sensitive resources on mobile devices. These resources have different levels of security and usage constraint in scenarios which have different requirements for privacy. Therefore, it is in demand for users to have fine-grained privacy protection and resources usage constraint that taking the context information into account, which is not supported by inherent access control mechanism of Android. To address these issues, we designed and implemented an enhanced context-aware adaptive access control system (EasyGuard) in Android to provide adaptive access control automatically when the specific context is detected according to the pre-configured policies. In addition, we developed an application to facilitate users that have little domain knowledge in android to configure policies reasonably. Experimental results show that users can easily protect their privacy, security and save energy of mobile devices through this system.