With the ability to interact with the user, connect to other peers, and sense the environment, smart devices, including mobile devices, wearables, and Internet-of-Thing devices, have enabled a plethora of promising applications and penetrated into every part of our life. Along with the convenience it brought, it also comes an increasing concern on smart device’s security issues, as the data involved is often extremely valuable and highly sensitive. Also, the limited computing resource, growing data transmission capability and expanding device-device connectivity have aggravated the security threats.

In this thesis, we focus on the security issues in the interactions of smart device. Three major types of interactions exist in the ecosystem of smart device:

(1) User-device intera...[ Read more ]

With the ability to interact with the user, connect to other peers, and sense the environment, smart devices, including mobile devices, wearables, and Internet-of-Thing devices, have enabled a plethora of promising applications and penetrated into every part of our life. Along with the convenience it brought, it also comes an increasing concern on smart device’s security issues, as the data involved is often extremely valuable and highly sensitive. Also, the limited computing resource, growing data transmission capability and expanding device-device connectivity have aggravated the security threats.

In this thesis, we focus on the security issues in the interactions of smart device. Three major types of interactions exist in the ecosystem of smart device:

(1) User-device interaction defines how the user access the device. From the perspective of security design, we put our focus on determining what information can be accessed by the current user. To this end, a fundamental problem is to recognizing who is using the smart device, i.e., user identification. In this thesis, we leverage the bio-vibrometry to enable a novel user identification system, VibID, for smart devices. By examining the vibration response patterns of the human arm at different frequencies, our system can ensure an identification accuracy above 91% in small-scale scenarios with 8 users and is robust to various confounding factors.

(2) Device-device connection creates direct communication links among smart devices. Fueled by the wide adoption of smart devices, the device-device connection is prevalent and forming secure pairing between devices lays the foundations of the security protection and data privacy preservation. In this thesis, we propose two solutions for this problem. Touch-And-Guard (TAG) is a system that uses hand touch as an intuitive manner to establish a secure connection between a wristband wearable and the touched device. It generates secret bits from hand resonant properties and uses it to authenticate each other and then communicate confidentially. We demonstrate the feasibility of our system using an experimental prototype and conduct experiments on 12 users. The results indicate that our system can generate secret bits at a rate of 7.84 bit/s, which is 58% faster than conventional text input PIN authentication. Apart from this, we further leverage the Electromyogram signal (EMG) caused by human muscle contraction to generate a secret key. Extensive evaluation on 10 volunteers under different scenarios demonstrates that our system, EMG-KEY, can achieve a competitive bit generation rate of 5.51 bit/s while maintaining a matching probability of 88.84%. Also, the evaluation results with the presence of adversaries demonstrate our system is very secure to strong attackers who can eavesdrop on proximate wireless communication, capture and imitate legitimate pairing process with the help of a camera.

(3) In the context of device-environment sensing, we investigate two issues. The first one is how to prevent pirate photo/video taking, which is one of the most disturbing issues resulted from the smart device’s unrestricted sensing ability. To prevent pirate photo/video taking on the physical intelligence properties, such as painting, sculpture, we propose a new lighting system, Rolling-Light, to pollute the pirate photo/video on the mobile camera, but retain a good visual quality for human observer. By carefully modulating the chromatic change and luminance flicker into the light system, we can introduce nonuniform variation into the reflected light energy from physical objects, thus maximize the distortion caused by the camera’s banding effect. Meanwhile, due to the color fusion ability and low-bandpass characteristics of human vision, the visual quality for human observer is not affected. Extensive objective evaluations under different scenarios indicate that our system is robust with different confounding factors and can significantly pollute the piracy photos on various devices. After that, we investigate how to unobtrusively track users in indoor scenario. To this end, we explore the nonlinearity characteristics of the ambient light sensor to sense the high-frequency modulated location information with a low sampling rate. In particular, due to the nonlinear characteristics of electronic components inside the circuit, the amplifier in ALS exhibits some levels of nonlinearity. When two high-frequency signals are perceived by the ALS simultaneously, such nonlinearity renders the output signal of amplifier violate the linear superposition rule and generate a low-frequency ”shadow“ signal. In light of this idea, we build a low-power and unobtrusive indoor localization system, NALoc. Our experiments on ALS sensors from Apple and Samsung devices confirm the feasibility of our system and extensive experiment demonstrates that it is possible to derive the fine-grained location information unobtrusively from the ALS readings, which poses a brand-new security threat.