Passive cyber-security attacks do not require any modification of the data stream generated by the victim, nor the creation of a false statement; in particular, those attacks based on statistical analysis aim at acquiring sensible information by just analyzing traffic patterns. Our work sits on the conjecture that the PDCCH, which is transmitted in clear text, may be effectively used to statistically characterize the traffic generated by a smartphone in standby mode. Through this statistical signature, the attacker may then infer whether an unknown traffic pattern is generated by the victim user's terminal, guessing if the victim is in a certain geographical area, and in turn gaining the ability to track the victim's movements and/or to profile their habits. In this work, we propose a data collection and processing framework that successfully obtains such signatures. User data patterns (transport block sizes and communications direction) are retrieved by analyzing the mobile network scheduling. Hence, a sequence-to-sequence learning framework to extract smartphone signatures from passive traffic is put forward, and is experimentally validated using a dataset of 40 user traces, successfully identifying up to 90 percent of the users.
Smartphone Identification via Passive Traffic Fingerprinting: A Sequence-to-Sequence Learning Approach
Meneghello F.;Rossi M.;
2020
Abstract
Passive cyber-security attacks do not require any modification of the data stream generated by the victim, nor the creation of a false statement; in particular, those attacks based on statistical analysis aim at acquiring sensible information by just analyzing traffic patterns. Our work sits on the conjecture that the PDCCH, which is transmitted in clear text, may be effectively used to statistically characterize the traffic generated by a smartphone in standby mode. Through this statistical signature, the attacker may then infer whether an unknown traffic pattern is generated by the victim user's terminal, guessing if the victim is in a certain geographical area, and in turn gaining the ability to track the victim's movements and/or to profile their habits. In this work, we propose a data collection and processing framework that successfully obtains such signatures. User data patterns (transport block sizes and communications direction) are retrieved by analyzing the mobile network scheduling. Hence, a sequence-to-sequence learning framework to extract smartphone signatures from passive traffic is put forward, and is experimentally validated using a dataset of 40 user traces, successfully identifying up to 90 percent of the users.File | Dimensione | Formato | |
---|---|---|---|
09003304.pdf
non disponibili
Descrizione: Versione pubblicata articolo scientifico
Tipologia:
Published (publisher's version)
Licenza:
Accesso privato - non pubblico
Dimensione
480.3 kB
Formato
Adobe PDF
|
480.3 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.