Markus Miettinen

From big smartphone data to worldwide research: The Mobile Data Challenge

This paper presents an overview of the Mobile Data Challenge (MDC), a large-scale research initiative aimed at generating innovations around smartphone-based research, as well as community-based evaluation of mobile data analysis methodologies. First, we review the Lausanne Data Collection Campaign (LDCC), an initiative to collect unique longitudinal smartphone dataset for the MDC. Then, we introduce the Open and Dedicated Tracks of the MDC, describe the specific datasets used in each of them, discuss the key design and implementation aspects introduced in order to generate privacy-preserving and scientifically relevant mobile data resources for wider use by the research community, and summarize the main research trends found among the 100+ challenge submissions. We finalize by discussing the main lessons learned from the participation of several hundred researchers worldwide in the MDC Tracks.

Host-Based Intrusion Detection for Advanced Mobile Devices

New security threats emerge against mobile devices as the devices computing power and storage capabilities evolve. We address in this paper the issue of augmenting current intrusion detection approaches with host-based intrusion detection models for mobile devices. We show that host-based approaches are required, since network-based monitoring alone is not sufficient to encounter the future threats. We outline some of the data types on mobile devices that could be used to construct intrusion detection models, and finally propose a framework for mobile device intrusion detection

Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling

Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all users. Modern smart phones are capable of sensing a variety of information about the surrounding environment like Bluetooth devices, WiFi access points, temperature, ambient light, sound and location coordinates. We conjecture that profiling this type of contextual information can be used to infer the familiarity and safety of a context and aid in access control decisions. We propose a context profiling framework and describe device locking as an example application where the locking timeout and unlocking method are dynamically decided based on the perceived safety of current context. We report on using datasets from a large scale smart phone data collection campaign to select parameters for the context profiling framework. We also describe a prototype implementation on a smart phone platform. More generally, we hope that our example design and implementation spurs further research on the notion of using context profiling towards automating security policy decisions and identify other applications.

A probabilistic kernel method for human mobility prediction with smartphones

Human mobility prediction is an important problem that has a large number of applications, especially in context-aware services. This paper presents a study on location prediction using smartphone data, in which we address modeling and application aspects. Building personalized location prediction models from smartphone data remains a technical challenge due to data sparsity, which comes from the complexity of human behavior and the typically limited amount of data available for individual users. To address this problem, we propose an approach based on kernel density estimation, a popular smoothing technique for sparse data. Our approach contributes to existing work in two ways. First, our proposed model can estimate the probability that a user will be at a given location at a specific time in the future, by using both spatial and temporal information via multiple kernel functions. Second, we also show how our probabilistic framework extends to a more practical task of location prediction for a time window in the future. Our approach is validated on an everyday life location dataset consisting of 133 smartphone users. Our method reaches an accuracy of 84% for the next hour, and an accuracy of 77% for the next three hours.

ConXsense: automated context classification for context-aware access control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.

Comprehensive Log Compression with Frequent Patterns

In this paper we present a comprehensive log compression (CLC) method that uses frequent patterns and their condensed representations to identify repetitive information from large log files generated by communications networks. We also show how the identified information can be used to separate and filter out frequently occurring events that hide other, unique or only a few times occurring events. The identification can be done without any prior knowledge about the domain or the events. For example, no pre-defined patterns or value combinations are needed. This separation makes it easier for a human observer to perceive and analyse large amounts of log data. The applicability of the CLC method is demonstrated with real-world examples from data communication networks.

IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IoT Sentinel, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IoT Sentinel is effective in identifying device types and has minimal performance overhead.

User-Centric Security and Dependability in the Clouds-of-Clouds

A promising vision of distributed cloud computing is a unified world of multiple clouds, with business benefits at hand. In practice, lack of interoperability among clouds and management complexity raise many security and dependability concerns. The authors propose secure Supercloud computing as a new paradigm for security and dependability management of distributed clouds. Supercloud follows a user-centric and self-managed approach to avoid technology and vendor lock-ins. In Supercloud, users define U-Clouds, which are isolated sets of computation, data, and networking services run over both private and public clouds operated by multiple providers, with customized security requirements as well as self-management for reducing administration complexity. The article presents the Supercloud architecture with a focus on its security infrastructure. The authors illustrate through several use cases the practical applicability of the Supercloud paradigm.

Fitness trackers: fit for health but unfit for security and privacy

Wearable devices for fitness tracking and health monitoring have gained considerable popularity and become one of the fastest growing smart devices market. More and more companies are offering integrated health and activity monitoring solutions for fitness trackers. Recently insurances are offering their customers better conditions for health and condition monitoring. However, the extensive sensitive information collected by tracking products and accessibility by third party service providers poses vital security and privacy challenges on the employed solutions. In this paper, we present our security analysis of a representative sample of current fitness tracking products on the market. In particular, we focus on malicious user setting that aims at injecting false data into the cloud-based services leading to erroneous data analytics. We show that none of these products can provide data integrity, authenticity and confidentiality.

PeerSense: Who is near you?

We present PeerSense, a system that provides meaningful co-presence information which serves as an enabler for various applications that require users current social proximity information, for example contextual photo-sharing. Unlike traditional approaches for inferring co-presence, PeerSense is both privacy-preserving and easy-to-use.