Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 16) Show all publications
Stylianos, G., Giannetsos, T. & Papadimitratos, P. (2016). Android privacy C(R)ache: Reading your external storage and sensors for fun and profit. In: PAMCO 2016 - Proceedings of the 2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing: . Paper presented at 2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, PAMCO 2016, 5 July 2016 (pp. 1-10). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Android privacy C(R)ache: Reading your external storage and sensors for fun and profit
2016 (English)In: PAMCO 2016 - Proceedings of the 2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, Association for Computing Machinery (ACM), 2016, p. 1-10Conference paper, Published paper (Refereed)
Abstract [en]

Android's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ-EXTERNAL-STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a "curious" application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, "curious" applications.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2016
Keywords
Android permissions, External storage, Monitoring, Personal data leakage, Profiling, Android (operating system), Data mining, Digital storage, Mobile computing, Access permissions, Private information, Sensitive informations, Third party application (Apps), User data, Data privacy
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-197174 (URN)10.1145/2940343.2940346 (DOI)2-s2.0-84982851758 (Scopus ID)9781450343466 (ISBN)
Conference
2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, PAMCO 2016, 5 July 2016
Note

QC 20161213

Available from: 2016-12-13 Created: 2016-11-30 Last updated: 2016-12-13Bibliographically approved
Gisdakis, S. (2016). Secure and Privacy Preserving Urban Sensing Systems. (Doctoral dissertation). Stockholm: KTH Royal Institute of Technology
Open this publication in new window or tab >>Secure and Privacy Preserving Urban Sensing Systems
2016 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users, leveraging their sensing-capable devices, sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, potentially, from anywhere, about anything and at anytime. Urban sensing will facilitate the deployment of innovative applications aiming to address the ever-growing concerns for citizens' well-being by offering a better understanding of our activities and environment.

Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns both about the security of urban sensing applications and the privacy of the participating users. More specifically, users participating in urban sensing applications are expected to contribute sensed data tagged, in many cases, with spatio-temporal information. Misusing such information could reveal sensitive user-specific attributes including their whereabouts, health condition, and habits and lead to extensive and unsolicited user profiling. At the same time, the participation of large numbers of users possessing sensing- capable devices is a double-edged sword: devices can be compromised or faulty or users can be adversarial seeking to manipulate urban sensing systems by submitting intelligently crafted faulty information.

This thesis considers security, resilience and privacy for urban sensing notably in two application domains: intelligent transportation systems and generic smartphone based crowd-sourced sensing applications. For these domains, we design, implement and evaluate provably secure and privacy-preserving solutions capable of protecting the users from the system (i.e., ensuring their privacy in the presence of untrustworthy infrastructure) and the system from malicious users (i.e., holding them accountable for possible system-offending actions)

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2016. p. 48
Series
TRITA-EE, ISSN 1653-5146 ; 2016:014
National Category
Computer Systems
Research subject
Education and Communication in the Technological Sciences; Electrical Engineering
Identifiers
urn:nbn:se:kth:diva-181100 (URN)978-91-7595-860-6 (ISBN)
Public defence
2016-02-25, Horsal F3, Lindstedtsvägen 26, KTH, Stockholm, 13:00 (English)
Opponent
Supervisors
Note

QC 20160229

Available from: 2016-01-29 Created: 2016-01-28 Last updated: 2016-02-05Bibliographically approved
Gisdakis, S., Giannetsos, T. & Papadimitratos, P. (2015). Android Privacy C(R)ache: Reading your External Storageand Sensors for Fun and Profit. KTH Royal Institute of Technology
Open this publication in new window or tab >>Android Privacy C(R)ache: Reading your External Storageand Sensors for Fun and Profit
2015 (English)Report (Other (popular science, discussion, etc.))
Abstract [en]

Android's permission system empowers informed privacy decisions when installing third-party applications.  However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ_EXTERNAL_STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a ``curious'' application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, ``curious'' applications.

Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2015. p. 8
Keywords
Security, Privacy
National Category
Communication Systems
Research subject
Information and Communication Technology
Identifiers
urn:nbn:se:kth:diva-178961 (URN)
Note

QC 20160129

Available from: 2015-12-09 Created: 2015-12-09 Last updated: 2016-01-29Bibliographically approved
Gisdakis, S., Papadimitratos, P. & Giannetsos, A. (2015). Data Verification andPrivacy-respecting User Remuneration in Mobile Crowd Sensing.
Open this publication in new window or tab >>Data Verification andPrivacy-respecting User Remuneration in Mobile Crowd Sensing
2015 (English)Report (Other academic)
Abstract [en]

The broad capabilities of current mobile devices have paved the way forMobile Crowd Sensing (MCS) applications. The success of this emergingparadigm strongly depends on the quality of received data which, in turn, iscontingent to mass user participation; the broader the participation, the moreuseful these systems become. This can be achieved if users are gratified fortheir contributions while being provided with strong guarantees for the securityand the privacy of their sensitive information. But this very openness is adouble-edge sword: any of the participants can be adversarial and pollute thecollected data in an attempt to degrade the MCS system output and, overall,its usefulness. Filtering out faulty reports is challenging, with practically noprior knowledge on the participants trustworthiness, dynamically changingphenomena, and possibly large numbers of compromised devices. This workpresents a holistic framework that can assess user-submitted data and siftmalicious contributions while offering adequate incentives to motivate usersto submit better quality data. With a rigorous assessment of our systemâAZssecurity and privacy protection complemented by a detailed experimentalevaluation, we demonstrate its accuracy, practicality and scalability. Overall,our framework is a comprehensive solution that significantly extends thestate-of-the-art and can catalyze the deployment of MCS applications.

Publisher
p. 15
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-181098 (URN)
Note

QC 20160129

Available from: 2016-01-28 Created: 2016-01-28 Last updated: 2016-01-29Bibliographically approved
Gisdakis, S., Manolopoulos, V., Tao, S., Rusu, A. & Papadimitratos, P. (2015). Secure and Privacy-Preserving Smartphone based Traffic Information Systems. IEEE transactions on intelligent transportation systems (Print), 16(3)
Open this publication in new window or tab >>Secure and Privacy-Preserving Smartphone based Traffic Information Systems
Show others...
2015 (English)In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 16, no 3Article in journal (Refereed) Published
Abstract [en]

Increasing smartphone penetration, combined with the wide coverage of cellular infrastructures, renders smartphone-based traffic information systems (TISs) an attractive option. The main purpose of such systems is to alleviate traffic congestion that exists in every major city. Nevertheless, to reap the benefits of smartphone-based TISs, we need to ensure their security and privacy and their effectiveness (e.g., accuracy). This is the motivation of this paper: We leverage state-of-the-art cryptographic schemes and readily available telecommunication infrastructure. We present a comprehensive solution for smartphone-based traffic estimation that is proven to be secure and privacy preserving. We provide a full-blown implementation on actual smartphones, along with an extensive assessment of its accuracy and efficiency. Our results confirm that smartphone-based TISs can offer accurate traffic state estimation while being secure and privacy preserving.

Place, publisher, year, edition, pages
IEEE Press, 2015
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-152679 (URN)10.1109/TITS.2014.2369574 (DOI)000359252700030 ()2-s2.0-84930943117 (Scopus ID)
Note

Updated from manuscript to article.

QC 20150909

Available from: 2014-10-01 Created: 2014-10-01 Last updated: 2017-10-31Bibliographically approved
Gisdakis, S., Giannetsos, T. & Papadimitratos, P. (2015). Security, Privacy & Incentive Provision for Mobile Crowd Sensing Systems.
Open this publication in new window or tab >>Security, Privacy & Incentive Provision for Mobile Crowd Sensing Systems
2015 (English)Report (Other academic)
Abstract [en]

Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of Mobile Crowd Sensing (MCS). The openness of such systems and the richness of data MCS users are expected to contribute to them raise significant concerns for their security, privacy-preservation and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a holistic solution. That is, a secure and accountable MCS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a MCS architecture that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving and intelligent MCS entities (servers). In this work, we meet these challenges and propose a comprehensive security and privacy-preserving architecture. With a full blown implementation, on real mobile devices, and experimental evaluation we demonstrate our system's efficiency, practicality, and scalability. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system offers strong security and privacy-preservation guarantees, thus, facilitating the deployment of trustworthy MCS applications.

Publisher
p. 14
National Category
Telecommunications Communication Systems
Identifiers
urn:nbn:se:kth:diva-181099 (URN)
Note

QC 20160129

Available from: 2016-01-28 Created: 2016-01-28 Last updated: 2016-01-29Bibliographically approved
Gisdakis, S., Giannetsos, T. & Papadimitratos, P. (2015). SHIELD: a data verification framework for participatory sensing systems. In: WiSec '15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks: . Paper presented at WiSec '15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM Digital Library
Open this publication in new window or tab >>SHIELD: a data verification framework for participatory sensing systems
2015 (English)In: WiSec '15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, ACM Digital Library, 2015Conference paper, Published paper (Refereed)
Abstract [en]

The openness of PS systems renders them vulnerable to malicious users that can pollute the measurement collection process, in an attempt to degrade the PS system data and, overall, its usefulness. Mitigating such adversarial behavior is hard. Cryptographic protection, authentication, authorization, and access control can help but they do not fully address the problem. Reports from faulty insiders (participants with credentials) can target the process intelligently, forcing the PS system to deviate from the actual sensed phenomenon. Filtering out those faulty reports is challenging, with practically no prior knowledge on the participants' trustworthiness, dynamically changing phenomena, and possibly large numbers of compromised devices. This paper proposes SHIELD, a novel data verification framework for PS systems that can complement any security architecture. SHIELD handles available, contradicting evidence, classifies efficiently incoming reports, and effectively separates and rejects those that are faulty. As a result, the deemed correct data can accurately represent the sensed phenomena, even when 45% of the reports are faulty, intelligently selected by coordinated adversaries and targeted optimally across the system's coverage area.

Place, publisher, year, edition, pages
ACM Digital Library, 2015
Keywords
Participatory sensing, Privacy, Security
National Category
Engineering and Technology
Research subject
Civil and Architectural Engineering
Identifiers
urn:nbn:se:kth:diva-181066 (URN)10.1145/2766498.2766503 (DOI)2-s2.0-84962016500 (Scopus ID)978-1-4503-3623-9 (ISBN)
Conference
WiSec '15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks
Note

QC 20160223

Available from: 2016-01-27 Created: 2016-01-27 Last updated: 2017-06-02Bibliographically approved
Gisdakis, S. (2014). Secure and Privacy Preserving Urban Sensing Systems. (Licentiate dissertation). Stockholm: KTH Royal Institute of Technology
Open this publication in new window or tab >>Secure and Privacy Preserving Urban Sensing Systems
2014 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, practically, from anywhere. Urban sensing can facilitate the deployment of innovative applications that can address the ever-growing concerns for citizens’ well-being. Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns for both the security of urban sensing applications and the privacy of the participating users. In this thesis we consider different urban sensing application domains: vehicular communication networks, intelligent transportation systems and environmental monitoring applications. We begin with a detailed analysis of the security and privacy requirements of these applications domains. Our objective is to protect users from the system (by ensuring their anonymity and privacy) and urban sensing systems from malicious users (by holding malicious users accountable of their actions). This is not straight-forward; anonymity may tempt malicious user behavior, compromising the reliability of the entire urban sensing system.Towards that, we design and implement secure and privacy-preserving identity management systems that can accommodate these requirements. We demonstrate their efficiency, practicality, and scalability through extensive experimental evaluations. Furthermore, we formally evaluate formally their security and privacy preserving properties.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2014. p. iv, 26
Series
TRITA-EE, ISSN 1653-5146 ; 2014:035
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-152675 (URN)978-91-7595-248-2 (ISBN)
Presentation
2014-10-03, Q2, Osquldas väg 10, Stockholm, 15:00 (English)
Opponent
Supervisors
Note

QC 20141001

Available from: 2014-10-01 Created: 2014-10-01 Last updated: 2014-10-01Bibliographically approved
Gisdakis, S., Giannetsos, T. & Papadimitratos, P. (2014). SPPEAR: Security & privacy-preserving architecture for participatory-sensing applications. In: WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks: . Paper presented at 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2014, 23 July 2014 through 25 July 2014, Oxford (pp. 39-50).
Open this publication in new window or tab >>SPPEAR: Security & privacy-preserving architecture for participatory-sensing applications
2014 (English)In: WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2014, p. 39-50Conference paper, Published paper (Refereed)
Abstract [en]

Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of participatory sensing (PS). The openness of such systems and the richness of user data they entail raise significant concerns for their security, privacy and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a comprehensive solution. That is, a secure and accountable PS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a PS system that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving PS entities (servers). We address these seemingly contradicting requirements with our SPPEAR architecture. Our full blown implementation and experimental evaluation demonstrate that SPPEAR is efficient, practical, and scalable. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system is a comprehensive solution that significantly extends the state-of-the-art and can catalyze the deployment of PS applications.

Keywords
anonymity, participatory sensing, privacy, security, Data privacy, Wireless networks, Experimental evaluation, Privacy protection, Privacy-preserving architectures, Security and privacy, User privacy, Network architecture
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-167584 (URN)10.1145/2627393.2627402 (DOI)2-s2.0-84907400964 (Scopus ID)9781450329729 (ISBN)
Conference
7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2014, 23 July 2014 through 25 July 2014, Oxford
Note

QC 20150601

Available from: 2015-06-01 Created: 2015-05-22 Last updated: 2016-01-29Bibliographically approved
Giannetsos, T., Gisdakis, S. & Papadimitratos, P. (2014). Trustworthy People-Centric Sensing: Privacy, Security and User Incentives Road-Map. In: 2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014: . Paper presented at 2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014, Piran, Slovenia, 2 June 2014 through 4 June 2014 (pp. 39-46). IEEE Computer Society
Open this publication in new window or tab >>Trustworthy People-Centric Sensing: Privacy, Security and User Incentives Road-Map
2014 (English)In: 2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014, IEEE Computer Society, 2014, p. 39-46Conference paper, Published paper (Refereed)
Abstract [en]

The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. However, ensuring user privacy, e.g., by anonymizing data they contribute, may cloak faulty (possibly malicious) actions. Thus, PCS systems must not only be privacy-preserving but also accountable and reliable. As an increasing number of applications (e.g., assistive healthcare and public safety systems) can significantly benefit from people-centric sensing, it becomes imperative to meet these seemingly contradicting requirements. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this multifaceted problem. We critically survey the security and privacy properties of state-of-the-art research efforts in the area. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the deployment of PCS systems.

Place, publisher, year, edition, pages
IEEE Computer Society, 2014
Keywords
Challenges, Networks
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-158458 (URN)10.1109/MedHocNet.2014.6849103 (DOI)000346133300006 ()2-s2.0-84904553884 (Scopus ID)978-1-4799-5258-8 (ISBN)
Conference
2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014, Piran, Slovenia, 2 June 2014 through 4 June 2014
Note

QC 20150108

Available from: 2015-01-08 Created: 2015-01-08 Last updated: 2016-01-29Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2624-7522

Search in DiVA

Show all publications