[Cancelled] Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

14.02.2020 11:00-12:00

Speaker: Prof. Guevara Noubir, Northeastern University | Location: Rundeturmstraße 10 (S3|20), Room 111, Darmstadt

Organizer: Prof. Matthias Hollick

This talk explores mobile security threats and discusses the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over location and sensor (e.g., Accelerometers and Gyroscopes) accesses by mobile apps. It implements a PrivoScope service that audits all location and sensor accesses by apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. The services are designed to be extensible and easy for users, hiding all of the underlying complexity from them. MATRIX also implements a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users by incorporating traffic information using historical data from Google Maps Directions API, and accelerations using statistical information from user driving experiments. These mobility patterns are generated by modeling/solving user schedule using a randomized linear program and modeling/solving for user driving behavior using a quadratic program. MATRIX was extensively evaluated using user studies, popular location-driven apps and machine learning techniques, and demonstrate that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary.

Short bio
I received my PhD in Computer Science from the Swiss Federal Institute of Technology at Lausanne (EPFL 1996) and my engineering diploma (MS) from École Nationale Supérieure d'Informatique et de Mathématiques Appliquées at Grenoble (ENSIMAG 1991). Prior to joining Northeastern University, I was a senior research scientist at CSEM SA (Switzerland) where I led several research project and contributed to the definition of the third generation Universal Mobile Telecommunication System (UMTS) standardized as 3GPP WCDMA. I held visiting research positions at Eurecom, MIT, and UNL. I am a recipient of the NSF CAREER Award, and Google Faculty Research Award. I serve(d) on the editorial board of ACM Transactions of Privacy and Security, ACM Transactions of Information and Systems Security, IEEE Transactions on Mobile Computing, and the Elsevier Computer Networks Journal. I co-chaired the TPC of ACM WiSec‘2015, IEEE CNS‘2015, IEEE WoWMoM 2015, IEEE SECON’14, NETYS’14, ICCCN’12 and regularly serve on the TPC of wireless networking and security conferences such as IEEE Infocom, ACM WiSec, ACM Mobicom, ACM MobiHoc. I served as a judge in the Synthetic Biology iGEM competition 2012-2013.