Security analysis of mobile crowd sensing applications

Abstract

Read online

The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.

Keywords

• Dynamic analysis
• Advanced encryption standard
• Authentication
• Encryption
• Galois counter mode
• Secure socket layer