TITLE
TITLE
Side and Covert Channels: the Dr. Jekyll and Mr Hyde of Modern Technologies
Side and Covert Channels: the Dr. Jekyll and Mr Hyde of Modern Technologies
ABSTRACT
ABSTRACT
While Smartphone and IoT devices usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as “tracking devices”. The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this talk, we discuss threats coming from contextual information and to which extent it is feasible, for example, to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We will also discuss the possibility of building covert and side channels leveraging timing, heat, energy consumption, and audio signals, to steal information from mobile devices, as well as inferring keypresses, password & PINs.
While Smartphone and IoT devices usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as “tracking devices”. The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this talk, we discuss threats coming from contextual information and to which extent it is feasible, for example, to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We will also discuss the possibility of building covert and side channels leveraging timing, heat, energy consumption, and audio signals, to steal information from mobile devices, as well as inferring keypresses, password & PINs.