Umut Topkara

Secure Management of Low Power Fitness Trackers

The increasing popular interest in personal telemetry, also called the Quantified Self or “lifelogging”, has induced a popularity surge for wearable personal fitness trackers. Fitness trackers automatically collect sensor data about the user throughout the day, and integrate it into social network accounts. Solution providers have to strike a balance between many constraints, leading to a design process that often puts security in the back seat. Case in point, we reverse engineered and identified security vulnerabilities in Fitbit Ultra and Gammon Forerunner 610, two popular and representative fitness tracker products. We introduce FitBite and GarMax, tools to launch efficient attacks against Fitbit and Garmin. We devise SensCrypt, a protocol for secure data storage and communication, for use by makers of affordable and lightweight personal trackers. SensCrypt thwarts not only the attacks we introduced, but also defends against powerful JTAG Read attacks. We have built Sens.io, an Arduino Uno based tracker platform, of similar capabilities but at a fraction of the cost of current solutions. On Sens.io, SensCrypt imposes a negligible write overhead and significantly reduces the end-to-end sync overhead of Fitbit and Garmin.

SensCrypt: A Secure Protocol for Managing Low Power Fitness Trackers

The increasing interest in personal telemetry has induced a popularity surge for wearable personal fitness trackers. Such trackers automatically collect sensor data about the user throughout the day, and integrate it into social network accounts. Solution providers have to strike a balance between many constraints, leading to a design process that often puts security in the back seat. Case in point, we reverse engineered and identified security vulnerabilities in Fit bit Ultra and Gammon Forerunner 610, two popular and representative fitness tracker products. We introduce Fit Bite and GarMax, tools to launch efficient attacks against Fit bit and Garmin. We devise SensCrypt, a protocol for secure data storage and communication, for use by makers of affordable and lightweight personal trackers. SensCrypt thwarts not only the attacks we introduced, but also defends against powerful JTAG Read attacks. We have built Sens.io, an Arduino Uno based tracker platform, of similar capabilities but at a fraction of the cost of current solutions. On Sens.io, SensCrypt imposes a negligible write overhead and significantly reduces the end-to-end sync overhead of Fit bit and Garmin.

Seeing is not believing: visual verifications through liveness analysis using mobile devices

The visual information captured with camera-equipped mobile devices has greatly appreciated in value and importance as a result of their ubiquitous and connected nature. Today, banking customers expect to be able to deposit checks using mobile devices, and broadcasting videos from camera phones uploaded by unknown users is admissible on news networks. We present Movee, a system that addresses the fundamental question of whether the visual stream coming into a mobile app from the camera of the device can be trusted to be un-tampered with, live data, before it can be used for a variety of purposes. Movee is a novel approach to video liveness analysis for mobile devices. It is based on measuring the consistency between the data from the accelerometer sensor and the inferred motion from the captured video. Contrary to existing algorithms, Movee has the unique strength of not depending on the audio track. Our experiments on real user data have shown that Movee achieves 8% Equal Error Rate.

Movee: Video Liveness Verification for Mobile Devices Using Built-In Motion Sensors

The ubiquitous and connected nature of camera-equipped mobile devices has greatly increased the value and importance of visual information they capture. Today, broadcasting videos from camera phones uploaded by unknown users is admissible on news networks, and banking customers expect to be able to deposit checks using mobile devices. In this paper, we introduce Movee, a system that addresses the fundamental question of whether the visual stream uploaded by a user has been captured live on a mobile device, and has not been tampered with by an adversary. Movee leverages the mobile device motion sensors and the intrinsic user movements during the shooting of the video. Movee exploits the observation that the movement of the scene recorded on the video stream should be related to the movement of the device simultaneously captured by the accelerometer. Contrary to existing algorithms, Movee has the unique strength of not depending on the audio track. We introduce novel attacks that focus on Movees defenses, to fabricate acceleration data that mimics the motion observed in targeted videos. We use smartphones and wearable smart glasses to collect both genuine and attack data from 13 users. Our experiments show that Movee is able to efficiently detect human and automatically generated plagiarized videos: Movees accuracy ranges between 68-93 percent on a smartphone, and between 76-91 percent on a Google Glass device.

CoCoST: A Computational Cost Efficient Classifier

Computational cost of classification is as important as accuracy in on-line classification systems. The computational cost is usually dominated by the cost of computing implicit features of the raw input data. Very few efforts have been made to design classifiers which perform effectively with limited computational power; instead, feature selection is usually employed as a pre-processing step to reduce the cost of running traditional classifiers. We present CoCoST, a novel and effective approach for building classifiers which achieve state-of-the-art classification accuracy, while keeping the expected computational cost of classification low, even without feature selection. CoCost employs a wide range of novel cost-aware decision trees, each of which is tuned to specialize in classifying instances from a subset of the input space, and judiciously consults them depending on the input instance in accordance with a cost-aware meta-classifier. Experimental results on a network flow detection application show that, our approach can achieve better accuracy than classifiers such as SVM and random forests, while achieving 75%-90% reduction in the computational costs.

Camera Based Two Factor Authentication Through Mobile and Wearable Devices

We introduce Pixie, a novel, camera based two factor authentication solution for mobile and wearable devices. A quick and familiar user action of snapping a photo is sufficient for Pixie to simultaneously perform a graphical password authentication and a physical token based authentication, yet it does not require any expensive, uncommon hardware. Pixie establishes trust based on both the knowledge and possession of an arbitrary physical object readily accessible to the user, called trinket. Users choose their trinkets similar to setting a password, and authenticate by presenting the same trinket to the camera. The fact that the object is the trinket, is secret to the user. Pixie extracts robust, novel features from trinket images, and leverages a supervised learning classifier to effectively address inconsistencies between images of the same trinket captured in different circumstances. Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts, generated with 40,000 trinket images that we captured and collected from public datasets. We identify master images, that match multiple trinkets, and study techniques to reduce their impact. In a user study with 42 participants over 8 days in 3 sessions we found that Pixie outperforms text based passwords on memorability, speed, and user preference. Furthermore, Pixie was easily discoverable by new users and accurate under field use. Users were able to remember their trinkets 2 and 7 days after registering them, without any practice between the 3 test dates.

Video Liveness for Citizen Journalism: Attacks and Defenses

The impact of citizen journalism raises important video integrity and credibility issues. In this article, we introduce Vamos, the first user transparent video “liveness” verification solution based on video motion, that accommodates the full range of camera movements, and supports videos of arbitrary length. Vamos uses the agreement between video motion and camera movement to corroborate the video authenticity. Vamos can be integrated into any mobile video capture application without requiring special user training. We develop novel attacks that target liveness verification solutions. The attacks leverage both fully automated algorithms and trained human experts. We introduce the concept of video motion categories to annotate the camera and user motion characteristics of arbitrary videos. We show that the performance of Vamos depends on the video motion category. Even though Vamos uses motion as a basis for verification, we observe a surprising and seemingly counter-intuitive resilience against attacks performed on relatively “stationary” video chunks, which turn out to contain hard-to-imitate involuntary movements. We show that overall the accuracy of Vamos on the task of verifying whole length videos exceeds 93 percent against the new attacks.

Runtime adaptive multi-factor authentication for mobile devices

The Runtime Adaptive Multi-factor authentication ENvironment (RAMEN) is a client and server-side framework that provides multi-factor authentication policy enforcement for mobile devices running iOS® and Android®. On the client side, RAMEN uses a security manager that can intercept network calls and forward them for secure authentication to a server-side proxy. The server-side proxy contains a dynamic policy engine that can be configured to choose between different authentication methods depending on the mobile context. RAMEN is an extensible framework that has interfaces to plug in different authentication methods. We describe the policy model and implementation of RAMEN. We show the value of RAMEN to developers through an implementation of location-aware security policies that can be set up to enforce security zones that relax or enhance security requirements for different applications.

ACE-Cost: acquisition cost efficient classifier by hybrid decision tree with local SVM leaves

The standard prediction process of SVM requires acquisition of all the feature values for every instance. In practice, however, a cost is associated with the mere act of acquisition of a feature, e.g. CPU time needed to compute the feature out of raw data, the dollar amount spent for gleaning more information, or the patient wellness sacrificed by an invasive medical test, etc. In such applications, a budget constrains the classification process from using all of the features. We present, Ace-Cost, a novel classification method that reduces the expected test cost of SVM without compromising from the classification accuracy. Our algorithm uses a cost efficient decision tree to partition the feature space for obtaining coarse decision boundaries, and local SVM classifiers at the leaves of the tree to refine them. The resulting classifiers are also effective in scenarios where several features share overlapping acquisition procedures, hence the cost of acquiring them as a group is less than the sum of the individual acquisition costs. Our experiments on the standard UCI datasets, a network flow detection application, as well as on synthetic datasets show that, the proposed approach achieves classification accuracy of SVM while reducing the test cost by 40%-80%.