research-article

Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures

Authors:

Babins Shrestha,

Yan ZhuAuthors Info & Claims

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

Pages 25 - 30

https://doi.org/10.1145/2462096.2462101

Published: 17 April 2013 Publication History

Abstract

We introduce a lightweight permission enforcement approach - Tap-Wave-Rub (TWR) - for smartphone malware prevention. TWR is based on simple human gestures (implicit or explicit) that are very quick and intuitive but less likely to be exhibited in users' daily activities. Presence or absence of such gestures, prior to accessing an application, can effectively inform the OS whether the access request is benign or malicious. In this paper, we focus on the design of an accelerometer-based phone tapping detection mechanism. This implicit tapping detection mechanism is geared to prevent malicious access to NFC services, where a user is usually required to tap her phone with another device. We present a variety of novel experiments to evaluate the proposed mechanism. Our results suggest that our approach could be very effective for malware prevention, with quite low false positives and false negatives, while imposing no additional burden on the users. As part of the TWR framework, we also briefly explore explicit gestures (finger tapping, rubbing or hand waving based on proximity sensor), which could be used to protect services which do not have a unique implicit gesture associated with them.

References

[1]

R. Amadeo. Exclusive: Android 4.2 alpha teardown, part 2: SELinux, VPN lockdown, and premium SMS confirmation. Available online at http://www.androidpolice.com/2012/10/17/exclusive-android-4-2-alpha-teardown-part-2-selinux-vpn-lockdown-and-premium-sms-confirmation/, Oct. 2012.

[2]

W. Augustinowicz. Trojan horse electronic pickpocket demo by identity stronghold. Available online at http://www.youtube.com/watch?v=eEcz0XszEic, June 2011.

[3]

I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: Behavior-based malware detection systems for Android. In ACM CCSW Workshop, 2011.

Digital Library

[4]

M. Calamia. Mobile payments to surge to $670 billion by 2015. Available online at http://www.mobiledia.com/news/96900.html, Jul. 2011.

[5]

A. Chaugule, Z. Xu, and S. Zhu. A specification based intrusion detection framework for mobile phones. In ACNS'11, 2011.

Digital Library

[6]

J. Cheng, S. Wong, H. Yang, and S. Lu. Smartsiren: virus detection and alert for smartphones. In 5th International Conference on Mobile Systems, Applications and Services (MobiSys'07), 2007.

Digital Library

[7]

M. Conti, I. Zachia-Zlatea, and B. Crispo. Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In ASIACCS'11.

Digital Library

[8]

A. Czeskis, K. Koscher, J. Smith, and T. Kohno. RFIDs and secret handshakes: Defending against Ghost-and-Leech attacks and unauthorized reads with context-aware communications. In ACM Conference on Computer and Communications Security, 2008.

Digital Library

[9]

F-Secure. Bluetooth-worm:symbos/cabir. Available online at http://www.f-secure.com/v-descs/cabir.shtml.

[10]

F-Secure. Worm:symbos/commwarrior. Available online at http://www.f-secure.com/v-descs/commwarrior.shtml.

[11]

A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In ACM CCSW Workshop, 2011.

Digital Library

[12]

D. Gafurov, K. Helkala, and T. Søndrol. Biometric gait authentication using accelerometer sensor. Journal of Computers, 1(7):51--59, 2006.

[13]

T. Halevi, S. Lin, D. Ma, A. Prasad, N. Saxena, J. Voris, and T. Xiang. Sensing-enabled defenses to rfid unauthorized reading and relay attacks without changing the usage model. In PerCom'12, 2012.

[14]

J. Han, E. Owusu, T.-L. Nguyen, A. Perrig, and J. Zhang. ACComplice: Location Inference using Accelerometers on Smartphones. In Proc. of COMSNETS, Jan. 2012.

[15]

ISO. Near field communication interface and protocol (nfcip-1)----iso/iec 18092:2004. Available online at http://www.iso.org/iso/catalogue_detail.htm?csnumber=38578, 2004.

[16]

H. Li, D. Ma, N. Saxena, B. Shrestha, and Y. Zhu. Tap-wave-rub: Lightweight malware prevention for smartphones using intuitive human gestures. Extended Technical Report, Available online at http://arxiv.org/abs/1302.4010, Feb. 2013.

Digital Library

[17]

J. Liu, Z. Wang, L. Zhong, J. Wickramasuriya, and V. Vasudevan. uWave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing, 5(6):657--575, December 2009.

Digital Library

[18]

J. Liu, L. Zhong, J. Wickramasuriya, and V. Vasudevan. User evaluation of lightweight user authentication with a single tri-axis accelerometer. In MobileHCI'09, 2009.

Digital Library

[19]

P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proc. of ACM CCS, 2011.

Digital Library

[20]

C. Mulliner. Vulnerability analysis and attacks on NFC-enabled mobile phones. In 1st International Workshop on Sensor Security (IWSS) at ARES, 2009.

[21]

E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. ACCessory: Keystroke Inference using Accelerometers on Smartphones. In Proc. of HotMobile), Feb. 2012.

[22]

F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-driven access control: Rethinking permission granting in modern operating systems. In 33rd IEEE Symposium on Security and Privacy (Oakland 2012), 2012.

Digital Library

[23]

A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. Yksel, S. Camtepe, and A. Sahin. Static analysis of executables for collaborative malware detection on Android. In ICC 2009 Communication and Information Systems Security Symposium, 2009.

Digital Library

[24]

A. S. Shamili, C. Bauckhage, and T. Alpcan. Malware detection on mobile devices using distributed machine learning. In 20th International Conference on Pattern Recognition (ICPR'10), 2010.

Digital Library

[25]

D. Venugopal. An efficient signature representation and matching method for mobile devices. In WICON'06, 2006.

Digital Library

Cited By

Shrestha PSaxena N(2022)Beware of Your Vibrating Devices! Vibrational Relay Attacks on Zero-Effort DeauthenticationApplied Cryptography and Network Security10.1007/978-3-031-09234-3_5(85-104)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_5
Mehrnezhad MToreini E(2019)What Is This Sensor and Does This App Need Access to It?Informatics10.3390/informatics60100076:1(7)Online publication date: 24-Jan-2019
https://doi.org/10.3390/informatics6010007
Mehrnezhad MToreini EAlajrami SBella GLenzini G(2018)Making sense of sensorsProceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust10.1145/3167996.3168001(40-52)Online publication date: 5-Dec-2018
https://dl.acm.org/doi/10.1145/3167996.3168001
Show More Cited By

Index Terms

Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures
1. Information systems
  1. Information systems applications

Recommendations

Tap-Wave-Rub: Lightweight Human Interaction Approach to Curb Emerging Smartphone Malware
Malware is a burgeoning threat for smartphones and continuing advancing. Traditional defenses to malware, however, are not suitable for smartphones due to their resource intensive nature. This necessitates the design of novel mechanisms that can consider ...
A survey of mobile malware in the wild
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Mobile malware is rapidly becoming a serious threat. In this paper, we survey the current state of mobile malware in the wild. We analyze the incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011. We ...
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method

In this paper, a new approach for detecting previously unencountered malware targeting mobile device is proposed. In the proposed approach, time-stamped security data is continuously monitored within the target mobile device (i.e., smartphones, PDAs) ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

April 2013

230 pages

ISBN:9781450319980

DOI:10.1145/2462096

General Chair:
Levente Buttyán
Budapest University of Technology and Economics, Hungary
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universitaet Darmstadt, Fraunhofer SIT, Intel-CRISC, Germany
,
Marco Gruteser
Rutgers University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC'13

Sponsor:

SIGSAC

WISEC'13: Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks

April 17 - 19, 2013

Budapest, Hungary

Acceptance Rates

WiSec '13 Paper Acceptance Rate 26 of 70 submissions, 37%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
381
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shrestha PSaxena N(2022)Beware of Your Vibrating Devices! Vibrational Relay Attacks on Zero-Effort DeauthenticationApplied Cryptography and Network Security10.1007/978-3-031-09234-3_5(85-104)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_5
Mehrnezhad MToreini E(2019)What Is This Sensor and Does This App Need Access to It?Informatics10.3390/informatics60100076:1(7)Online publication date: 24-Jan-2019
https://doi.org/10.3390/informatics6010007
Mehrnezhad MToreini EAlajrami SBella GLenzini G(2018)Making sense of sensorsProceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust10.1145/3167996.3168001(40-52)Online publication date: 5-Dec-2018
https://dl.acm.org/doi/10.1145/3167996.3168001
Abawajy JHuda SSharmeen SHassan MAlmogren A(2018)Identifying cyber threats to mobile-IoT applications in edge computing paradigmFuture Generation Computer Systems10.1016/j.future.2018.06.05389(525-538)Online publication date: Dec-2018
https://doi.org/10.1016/j.future.2018.06.053
Wang SHsiu MTsai YTing IHong T(2017)Analysis of privacy and utility tradeoffs in anonymized mobile context streamsIntelligent Data Analysis10.3233/IDA-17087021(S21-S39)Online publication date: 1-Apr-2017
https://doi.org/10.3233/IDA-170870
Shrestha BMohamed MTamrakar SSaxena NSchwab SRobertson WBalzarotti D(2016)Theft-resilient mobile walletsProceedings of the 32nd Annual Conference on Computer Security Applications10.1145/2991079.2991097(265-276)Online publication date: 5-Dec-2016
https://dl.acm.org/doi/10.1145/2991079.2991097
Mohamed MShrestha BSaxena NBertino ESandhu RPretschner A(2016)SMASheDProceedings of the Sixth ACM Conference on Data and Application Security and Privacy10.1145/2857705.2857749(152-159)Online publication date: 9-Mar-2016
https://dl.acm.org/doi/10.1145/2857705.2857749
(2016)TouchSignaturesJournal of Information Security and Applications10.1016/j.jisa.2015.11.00726:C(23-38)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1016/j.jisa.2015.11.007
Mehrnezhad MAli MHao Fvan Moorsel A(2016)NFC Payment Spy: A Privacy Attack on Contactless PaymentsSecurity Standardisation Research10.1007/978-3-319-49100-4_4(92-111)Online publication date: 2-Nov-2016
https://doi.org/10.1007/978-3-319-49100-4_4
Wang SHsiu MTing IHong T(2015)Toward Analyzing Privacy and Utility of Mobile User DataProceedings of the ASE BigData & SocialInformatics 201510.1145/2818869.2818909(1-6)Online publication date: 7-Oct-2015
https://dl.acm.org/doi/10.1145/2818869.2818909
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten