SlideShare uma empresa Scribd logo

Usage patterns based security attacks for smart devices

S
Soumya Kanti Datta

Usage patterns based security attacks for smart devices

Celular
1 de 22
Baixar para ler offline
Usage Pattern Based Security Attacks for Smart Devices Soumya Kanti Datta Research Engineer, EURECOM, France Email: soumya-kanti.datta@eurecom.fr 4th International Conference on Consumer Electronics-Berlin (ICCE-Berlin 2014)
Roadmap • Introduction – Smart devices and security attacks – Malware distribution techniques • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
Introduction – Growing Malware Trend Sources: http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/ http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
Malware Distribution Techniques • Repackaging attacks – Popular apps are repackaged with malicious content. • Drive by downloads [1] [2] • Update attacks – Release malware as an updated version of an app. • Pay per install [3] [1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753 [2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx [3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
Novel Malware • Usage pattern based security attacks • Modifies behaviour based on actual usage pattern – Makes it stealthy • Has not been detected by popular Android anti-malware applications 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
Roadmap • Introduction • Power Monitor – Android application – Usage pattern & power saving profiles – Malicious “Power Monitor” • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
Power Monitor 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7 • S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014. • S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
Device Monitoring 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 8
Power Saving Profiles 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 9
Malicious “Power Monitor” • Malicious contents are embedded into power saving profiles sent by the server. • Server – Command and Control (C&C) server. • New way to communication between C&C server and mobile botnets (smart devices). • Stealthy and evades detection. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern – Attack on resources – Information leak – Impact • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
Attack on CPU and Battery • Malicious command to launch computationally complex operations. – Forces CPU to work on higher frequency. – Drives up battery consumption. • Attack performed when CPU load is maximum. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
Draining Network Data Limits • Increase the network usage manifold during the period when network usage is maximum. – Drain 3G network data limits. – Automatically use 3G when travelling abroad and device is not in use. – Results in financial and battery loss. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
Power Dissipation at Display • Keep brightness and device timeout at the maximum values. – Consumes high energy amount. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
Information Leak • By monitoring SMSs – Financial information – Passcodes 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
Impact • Serious threat to security and privacy of the Android device users. • Chances of financial losses too. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures – Dynamic analysis – Anomaly detection • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 17
Countermeasures • Dynamic Analysis – Behaviour based dynamic malware detection tool. • Anomaly Detection – Employ machine learning to learn app behaviour . – Classify the app as useful or malware. • Currently several such tools are being researched as a possible countermeasure. – Open research problem. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
Conclusions • Introduced a novel malware based on energy saving approach using a server. • Discussed different security and privacy threats. • Possible countermeasures 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 21
Q/A • Email: soumya.kanti-datta@eurecom.fr • Publication repository: http://www.eurecom.fr/en/people/datta- soumya-kanti/publications 09-Sept-14 Usage Pattern Based Security Attacks for Smart Devices 22

Recomendados

Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander EC-Council
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowNowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017Sustainable Resources Management
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking GAURAV. H .TANDON
 

Recomendados

Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander EC-Council
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowNowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017Sustainable Resources Management
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking GAURAV. H .TANDON
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
Ijseea
IjseeaIjseea
Ijseeaijfcst journal
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurityHays Recruitment North America
 
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Power System Operation
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingMinsait
 
Ijseea
IjseeaIjseea
Ijseeaijfcst journal
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
Ijseea
IjseeaIjseea
Ijseeaijfcst journal
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Securityhackersguru
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercisesisc2-hellenic
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...University of Calgary
 
New media technologies
New media technologiesNew media technologies
New media technologiesGeoffKane
 

Mais conteúdo relacionado

Mais procurados

Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Power System Operation
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingMinsait
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Securityhackersguru
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercisesisc2-hellenic
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 

Mais procurados (20)

Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and Security
 
Ijseea
IjseeaIjseea
Ijseea
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
 
Ijseea
IjseeaIjseea
Ijseea
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Ijseea
IjseeaIjseea
Ijseea
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Security
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 

Destaque

Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...University of Calgary
 
New media technologies
New media technologiesNew media technologies
New media technologiesGeoffKane
 
Wilson-Hurd: Company Overview
Wilson-Hurd: Company OverviewWilson-Hurd: Company Overview
Wilson-Hurd: Company OverviewWilsonHurd
 
data-leakage-detection
data-leakage-detectiondata-leakage-detection
data-leakage-detectionNagendra Kumar
 
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)John Homer Alim
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detectionMohit Pandey
 
Paper battery presentation by vikas
Paper battery presentation by vikasPaper battery presentation by vikas
Paper battery presentation by vikasVikas Gupta
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 
Presentation on Paper battery
Presentation on Paper battery Presentation on Paper battery
Presentation on Paper battery manish katara
 
Data leakage detection Complete Seminar
Data leakage detection Complete SeminarData leakage detection Complete Seminar
Data leakage detection Complete SeminarSumit Thakur
 

Destaque (19)

Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
 
New media technologies
New media technologiesNew media technologies
New media technologies
 
Pap per battery
Pap per batteryPap per battery
Pap per battery
 
Wilson-Hurd: Company Overview
Wilson-Hurd: Company OverviewWilson-Hurd: Company Overview
Wilson-Hurd: Company Overview
 
data-leakage-detection
data-leakage-detectiondata-leakage-detection
data-leakage-detection
 
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
Paper battery presentation by vikas
Paper battery presentation by vikasPaper battery presentation by vikas
Paper battery presentation by vikas
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
 
spyware
spywarespyware
spyware
 
Paper battery
Paper batteryPaper battery
Paper battery
 
Paper Battery PPT
Paper Battery PPTPaper Battery PPT
Paper Battery PPT
 
GIFI
GIFI GIFI
GIFI
 
Presentation on Paper battery
Presentation on Paper battery Presentation on Paper battery
Presentation on Paper battery
 
Data leakage detection Complete Seminar
Data leakage detection Complete SeminarData leakage detection Complete Seminar
Data leakage detection Complete Seminar
 
Paper battery
Paper batteryPaper battery
Paper battery
 

Semelhante a Usage patterns based security attacks for smart devices

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...IBM Security
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersCrawsec
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of EngagementJohn Palfreyman
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 

Semelhante a Usage patterns based security attacks for smart devices (20)

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
20120130406025
2012013040602520120130406025
20120130406025
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
CloudSecurity
CloudSecurityCloudSecurity
CloudSecurity
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 

Mais de Soumya Kanti Datta

Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...Soumya Kanti Datta
 
Minimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devicesMinimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devicesSoumya Kanti Datta
 
Android power management, current and future trends
Android power management, current and future trendsAndroid power management, current and future trends
Android power management, current and future trendsSoumya Kanti Datta
 
Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...Soumya Kanti Datta
 
An IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m servicesAn IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m servicesSoumya Kanti Datta
 
Self adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application developmentSelf adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application developmentSoumya Kanti Datta
 
Smart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint managementSmart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint managementSoumya Kanti Datta
 
M2M communications and internet of things for smart cities
M2M communications and internet of things for smart citiesM2M communications and internet of things for smart cities
M2M communications and internet of things for smart citiesSoumya Kanti Datta
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...Soumya Kanti Datta
 

Mais de Soumya Kanti Datta (11)

WoT framework and use cases
WoT framework and use casesWoT framework and use cases
WoT framework and use cases
 
Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...
 
Minimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devicesMinimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devices
 
Android power management, current and future trends
Android power management, current and future trendsAndroid power management, current and future trends
Android power management, current and future trends
 
Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...
 
An IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m servicesAn IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m services
 
Self adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application developmentSelf adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application development
 
Connect and control things
Connect and control thingsConnect and control things
Connect and control things
 
Smart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint managementSmart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint management
 
M2M communications and internet of things for smart cities
M2M communications and internet of things for smart citiesM2M communications and internet of things for smart cities
M2M communications and internet of things for smart cities
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...
 

Último

9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Último (7)

9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 

Usage patterns based security attacks for smart devices

  • 1. Usage Pattern Based Security Attacks for Smart Devices Soumya Kanti Datta Research Engineer, EURECOM, France Email: soumya-kanti.datta@eurecom.fr 4th International Conference on Consumer Electronics-Berlin (ICCE-Berlin 2014)
  • 2. Roadmap • Introduction – Smart devices and security attacks – Malware distribution techniques • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
  • 3. Introduction – Growing Malware Trend Sources: http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/ http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
  • 4. Malware Distribution Techniques • Repackaging attacks – Popular apps are repackaged with malicious content. • Drive by downloads [1] [2] • Update attacks – Release malware as an updated version of an app. • Pay per install [3] [1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753 [2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx [3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
  • 5. Novel Malware • Usage pattern based security attacks • Modifies behaviour based on actual usage pattern – Makes it stealthy • Has not been detected by popular Android anti-malware applications 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
  • 6. Roadmap • Introduction • Power Monitor – Android application – Usage pattern & power saving profiles – Malicious “Power Monitor” • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
  • 7. Power Monitor 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7 • S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014. • S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
  • 8. Device Monitoring 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 8
  • 9. Power Saving Profiles 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 9
  • 10. Malicious “Power Monitor” • Malicious contents are embedded into power saving profiles sent by the server. • Server – Command and Control (C&C) server. • New way to communication between C&C server and mobile botnets (smart devices). • Stealthy and evades detection. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
  • 11. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern – Attack on resources – Information leak – Impact • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
  • 12. Attack on CPU and Battery • Malicious command to launch computationally complex operations. – Forces CPU to work on higher frequency. – Drives up battery consumption. • Attack performed when CPU load is maximum. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
  • 13. Draining Network Data Limits • Increase the network usage manifold during the period when network usage is maximum. – Drain 3G network data limits. – Automatically use 3G when travelling abroad and device is not in use. – Results in financial and battery loss. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
  • 14. Power Dissipation at Display • Keep brightness and device timeout at the maximum values. – Consumes high energy amount. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
  • 15. Information Leak • By monitoring SMSs – Financial information – Passcodes 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
  • 16. Impact • Serious threat to security and privacy of the Android device users. • Chances of financial losses too. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
  • 17. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures – Dynamic analysis – Anomaly detection • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 17
  • 18. Countermeasures • Dynamic Analysis – Behaviour based dynamic malware detection tool. • Anomaly Detection – Employ machine learning to learn app behaviour . – Classify the app as useful or malware. • Currently several such tools are being researched as a possible countermeasure. – Open research problem. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
  • 19. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
  • 20. Conclusions • Introduced a novel malware based on energy saving approach using a server. • Discussed different security and privacy threats. • Possible countermeasures 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20
  • 21. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 21
  • 22. Q/A • Email: soumya.kanti-datta@eurecom.fr • Publication repository: http://www.eurecom.fr/en/people/datta- soumya-kanti/publications 09-Sept-14 Usage Pattern Based Security Attacks for Smart Devices 22