Skip to main content
SpringerLink
Log in

Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture

  • Conference paper
Book cover Cryptology and Network Security (CANS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8257))

Included in the following conference series:

Abstract

Mobile devices, such as smartphones and tablets, offer a wide variety of important services to everyday users. Many of these services (such as NFC payments) are highly sensitive and can be abused by malicious entities, without the knowledge of the device user, in the form of insider attacks (such as malware) and/or outsider attacks (such as unauthorized reading and relay attacks).

In this paper, we present a novel application permission granting approach that can be used to protect any sensitive mobile device service. It captures user’s intent to access the service via a lightweight hand waving gesture. This gesture is very simple, quick and intuitive for the user, but would be very hard for the attacker to exhibit without user’s knowledge. We present the design and implementation of a hand waving gesture recognition mechanism using an ambient light sensor, already available on most mobile devices. We integrate this gesture with the phone dialing service as a specific use case to address the problem of malware that makes premium rate phone calls. We also report on our experiments to analyze the performance of our approach both in benign and adversarial settings. Our results indicate the approach to be quite effective in preventing the misuse of sensitive resources while imposing only minimal user burden.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Juels, A.: RFID Security and Privacy: A Research Survey. In: Journal on Selected Areas in Communications (2006)

    Google Scholar 

  2. Augustinowicz, W.: Trojan horse electronic pickpocket demo by identity stronghold (June 2011), http://www.youtube.com/watch?v=eEcz0XszEic

  3. Ballano, M.: Android threats getting steamy (2011), http://www.symantec.com/connect/blogs/android-threats-getting-steamy

  4. Baudel, T., Michel, B.-L.: Charade: remote control of objects using free-hand gestures. Communication of ACM 36, 28–35 (1993)

    Article  Google Scholar 

  5. Bose, A., Hu, X., Shin, K., Park, T.: Behavioral detection of malware on mobile handsets. In: MobiSys 2008 (2008)

    Google Scholar 

  6. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection systems for Android. In: ACM CCSW Workshop (2011)

    Google Scholar 

  7. Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. In: Proc. of USENIX HotSec (2011)

    Google Scholar 

  8. Cao, X., Balakrishnan, R.: VisionWand: interaction techniques for large display using a passive wand tracked in 3D. In: ACM UIST 2003 (2003)

    Google Scholar 

  9. Cheng, J., Wong, S., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: 5th International Conference on Mobile Systems, Applications and Services, MobiSys 2007 (2007)

    Google Scholar 

  10. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: 12th Conference on USENIX Security Symposium (2003)

    Google Scholar 

  11. Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011 (2011)

    Google Scholar 

  12. Czeskis, A., Koscher, K., Smith, J.R., Kohno, T.: Rfids and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 479–490. ACM, New York (2008)

    Chapter  Google Scholar 

  13. Android Developers. Intent, http://developer.android.com/reference/android/content/Intent.html

  14. Ellis, D.R., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A behavioral approach to worm detection. In: ACM Workshop on Rapid malcode, WORM (2004)

    Google Scholar 

  15. F-Secure. Bluetooth-worm:symbos/cabir, http://www.f-secure.com/v-descs/cabir.shtml

  16. F-Secure. Trojan:symbos/viver.a, http://www.f-secure.com/v-descs/trojan_symbos_viver_a.shtml

  17. F-Secure. Worm:symbos/commwarrior, http://www.f-secure.com/v-descs/commwarrior.shtml

  18. Hancke, G.: Practical Attacks on Proximity Identification Systems. In: Symposium on Security and Privacy (2006)

    Google Scholar 

  19. Gafurov, D., Helkala, K., Søndrol, T.: Biometric gait authentication using accelerometer sensor. Journal of Computers 1(7), 51–59 (2006)

    Article  Google Scholar 

  20. Gupta, S., Morris, D., Patel, S., Tan, D.: Soundwave: using the doppler effect to sense gestures. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems, CHI 2012 (2012)

    Google Scholar 

  21. Halevi, T., Lin, S., Ma, D., Prasad, A., Saxena, N., Voris, J., Xiang, T.: Sensing-enabled defenses to rfid unauthorized reading and relay attacks without changing the usage model. In: PerCom 2012 (2012)

    Google Scholar 

  22. Han, J., Owusu, E., Nguyen, T.-L., Perrig, A., Zhang, J.: ACComplice: Location Inference using Accelerometers on Smartphones. In: Proc. of COMSNETS (January 2012)

    Google Scholar 

  23. Kolesnikov-Jessop, S.: Hackers go after the smartphone (2011), http://www.nytimes.com/2011/02/14/technology/14iht-srprivacy14.html

  24. Li, H., Ma, D., Saxena, N., Shrestha, B., Zhu, Y.: Tap-wave-rub: Lightweight malware prevention for smartphones using intuitive human gestures. CoRR, abs/1302.4010 (2013)

    Google Scholar 

  25. Liu, J., Wang, Z., Zhong, L., Wickramasuriya, J., Vasudevan, V.: uWave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing 5(6), 657–675 (2009)

    Article  Google Scholar 

  26. Liu, J., Zhong, L., Wickramasuriya, J., Vasudevan, V.: User evaluation of lightweight user authentication with a single tri-axis accelerometer. In: MobileHCI (2009)

    Google Scholar 

  27. Ma, D., Saxena, N., Shrestha, B., Xiang, T., Zhu, Y.: Tap-wave-rub: Lightweight malware prevention for smartphones using intuitive human gestures (short paper). In: ACM Conference on Wireless Network Security, WiSec (2013)

    Google Scholar 

  28. Marquardt, P., Verma, A., Carter, H., Traynor, P. (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proc. of ACM CCS (2011)

    Google Scholar 

  29. Microsoft. What is user account control? (2011), http://windows.microsoft.com/en-US/windows-vista/What-is-User-Account-Control

  30. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: Keystroke Inference using Accelerometers on Smartphones. In: Proc. of HotMobile (February 2012)

    Google Scholar 

  31. Petroni Jr., N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 103–115. ACM, New York (2007)

    Chapter  Google Scholar 

  32. Roesner, F., Kohno, T., Moshchuk, A., Parno, B., Wang, H.J., Cowan, C.: User-driven access control: Rethinking permission granting in modern operating systems. In: IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  33. Schlegel, R., Zhang, K., Yong Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: Proc. of NDSS (2011)

    Google Scholar 

  34. Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yksel, K., Camtepe, S., Sahin, A.: Static analysis of executables for collaborative malware detection on Android. In: ICC 2009 Communication and Information Systems Security Symposium (2009)

    Google Scholar 

  35. Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In: Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 335–350. ACM, New York (2007)

    Chapter  Google Scholar 

  36. Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Inf. Secur. Tech. 14, 16–29 (2009)

    Article  Google Scholar 

  37. Shamili, A.S., Bauckhage, C., Alpcan, T.: Malware detection on mobile devices using distributed machine learning. In: 20th International Conference on Pattern Recognition, ICPR 2010 (2010)

    Google Scholar 

  38. Venugopal, D.: An efficient signature representation and matching method for mobile devices. In: WICON 2006 (2006)

    Google Scholar 

  39. Venugopal, D., Hu, G., Roman, N.: Intelligent virus detection on mobile devices. In: PST 2006 (2006)

    Google Scholar 

  40. Ward, M.: Smartphone security put on test (2010), http://www.bbc.com/news/technology-10912376

  41. Liang, X., Zhang, X., Seifert, J.-P., Zhu, S.: pBMDS: A behavior-based malware detection system for cellphone devices. In: WiSec 2010 (2010)

    Google Scholar 

  42. Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard. In: Security and Privacy for Emerging Areas in Communications Networks (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer and Information Sciences, University of Alabama at Birmingham, USA

    Babins Shrestha, Nitesh Saxena & Justin Harrison

Authors
  1. Babins Shrestha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nitesh Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Justin Harrison
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Normale Supérieure and CNRS,, 45 rue d’Ulm, 75005, Paris, France

    Michel Abdalla

  2. Department of Computer Science, Purdue University, LWSN 2142J, 305 N. University Street,, 47907, West Lafayette, IN, USA

    Cristina Nita-Rotaru

  3. Institute of Computing, University of Campinas, Avenida Albert Einstein 1251, 13083-852, Campinas, SP, Brazil

    Ricardo Dahab

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Shrestha, B., Saxena, N., Harrison, J. (2013). Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds) Cryptology and Network Security. CANS 2013. Lecture Notes in Computer Science, vol 8257. Springer, Cham. https://doi.org/10.1007/978-3-319-02937-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-02937-5_11

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-02936-8

  • Online ISBN: 978-3-319-02937-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation