More Like this

1. NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking (The Andreas Pfitzmann Best Student Paper Award)

   Shuba, A.; Markopoulou, A.; Shafiq, Z. (October 2018, Proceedings of the Privacy Enhancing Technologies Symposium (PETS))

   Although advertising is a popular strategy for mobile app monetization, it is often desirable to block ads in order to improve usability, performance, privacy, and security. In this paper, we propose NoMoAds to block ads served by any app on a mobile device. NoMoAds leverages the network interface as a universal vantage point: it can intercept, inspect, and block outgoing packets from all apps on a mobile device. NoMoAds extracts features from packet headers and/or payload to train machine learning classifiers for detecting ad requests. To evaluate NoMoAds, we collect and label a new dataset using both EasyList and manually created rules. We show that NoMoAds is effective: it achieves an F-score of up to 97.8% and performs well when deployed in the wild. Furthermore, NoMoAds is able to detect mobile ads that are missed by EasyList (more than one-third of ads in our dataset). We also show that NoMoAds is efficient: it performs ad classification on a per-packet basis in real-time. To the best of our knowledge, NoMoAds is the first mobile ad-blocker to effectively and efficiently block ads served across all apps using a machine learning approach. 

   more » « less
2. A data privacy survey on personal identifiable information (PII) left on rental vehicle infotainment systems

   https://doi.org/10.20517/jsss.2024.07  

   Carlton, Jason; Malik, Hafiz (November 2024, Journal of Surveillance, Security and Safety)

   In the current automotive ecosystem, the trend of pairing mobile devices to connected vehicles is gaining momentum, providing a vast number of benefits such as hands-free driving and remote vehicle control. However, along with these conveniences arises the issue of data accumulation, ranging from vehicle diagnostics to personal identifiable information (PII). The problem emerges when a consumer rents a vehicle, pairs their mobile device to the infotainment system, and neglects to remove their device prior to returning the vehicle. This oversight can potentially expose vulnerabilities with the current renter’s PII for subsequent renters to exploit. Research indicates that renters often overlook the deletion process prior to returning the rental vehicle and are unaware of whose responsibility it is to perform this task. In this survey, we investigated the experiences and perceptions of a group of consumers who have previously rented vehicles. We wanted to know if the participants were aware they were responsible for deleting their mobile device from the rental vehicle before returning it, the renters’ importance and tolerance for risk if they overlooked the deletion process leaving their shared data on the infotainment system for subsequent users, and if they were aware who was responsible for deleting their shared data. Lastly, we explored if the participants supported an automated solution to perform this manual deletion process. The goal of this paper is to demonstrate the significance of safeguarding PII in connected vehicles and advocate for the adoption of an automated solution to mitigate this privacy risk. 

   more » « less
3. NoMoATS: Towards Automatic Detection of Mobile Tracking

   https://doi.org/DOI 10.2478/popets-2020-0017  

   Shuba, Anastasia; Markopoulou, Athina (July 2020, Proceedings on Privacy Enhancing Technologies)

   Today’s mobile apps employ third-party advertising and tracking (A&T) libraries, which may pose a threat to privacy. State-of-the-art detects and blocks outgoing A&T HTTP/S requests by using manually curated filter lists (e.g. EasyList), and recently, using machine learning approaches. The major bottleneck of both filter lists and classifiers is that they rely on experts and the community to inspect traffic and manually create filter list rules that can then be used to block traffic or label ground truth datasets. We propose NoMoATS – a system that removes this bottleneck by reducing the daunting task of manually creating filter rules, to the much easier and scalable task of labeling A&T libraries. Our system leverages stack trace analysis to automatically label which network requests are generated by A&T libraries. Using NoMoATS, we collect and label a new mobile traffic dataset. We use this dataset to train decision tree classifiers, which can be applied in real-time on the mobile device and achieve an average F-score of 93%. We show that both our automatic labeling and our classifiers discover thousands of requests destined to hundreds of different hosts, previously undetected by popular filter lists. To the best of our knowledge, our system is the first to (1) automatically label which mobile network requests are engaged in A&T, while requiring to only manually label libraries to their purpose and (2) apply on-device machine learning classifiers that operate at the granularity of URLs, can inspect connections across all apps, and detect not only ads, but also tracking. 

   more » « less
4. Load Balanced Controller Association in Wireless Distributed SDNs

   https://doi.org/10.1109/PerComWorkshops48775.2020.9156178  

   Starke, Allen; McNair, Janise (March 2020, IEEE Pervasive Computing Conference PhD Workshop)

   null (Ed.)

   Wireless infrastructure is steadily evolving into wireless access for all humans and most devices, from 5G to Internet-of-Things. This widespread access creates the expectation of custom and adaptive services from the personal network to the backbone network. In addition, challenges of scale and interoperability exist across networks, applications and services, requiring an effective wireless network management infrastructure. For this reason Software-Defined Networks (SDN) have become an attractive research area for wireless and mobile systems. SDN can respond to sporadic topology issues such as dropped packets, message latency, and/or conflicting resource management, to improved collaboration between mobile access points, reduced interference and increased security options. Until recently, the main focus on wireless SDN has been a more centralized approach, which has issues with scalability, fault tolerance, and security. In this work, we propose a state of the art WAM-SDN system for large-scale network management. We discuss requirements for large scale wireless distributed WAM-SDN and provide preliminary benchmarking and performance analysis based on our hybrid distributed and decentralized architecture. Keywords: software defined networks, controller optimization, resilience. 

   more » « less
5. By Your Command: Extracting the User Actions that Create Network Flows in Android

   Liu, Shuwen; Petitti, Joseph P.; Lei, Yunsen Lei; Liu, Yu; Shue, Craig A. (January 2023, International Conference on the Network of the Future)

   Given the complexity of modern systems, it can be difficult for device defenders to pinpoint the user action that precipitates a network connection. Mobile devices, such as smartphones, further complicate analysis since they may have diverse and ephemeral network connectivity and support users in both personal and professional capacities. There are multiple stakeholders associated with mobile devices, such as the end-user, device owner, and each organization whose assets are accessed via the device; however, none may be able to fully manage, troubleshoot, or defend the device on their own. In this work, we explore a set of techniques to determine the root cause of each new network flow, such the button press or gesture for user-initiated flows, associated with a mobile device. We fuse the User Interface (UI) context with network flow data to enhance network profiling on the Android operating system. In doing so, we find that we can improve network profiling by clearly linking user actions with network behavior. When exploring effectiveness, the system enables allow-lists to reach over 99% accuracy, even when user-specified destinations are used. 

   more » « less