February 24, 2020: Invited Speaker Seminar: The Dual Role of Embedded Sensors in IoT Security
Zhongjie Ba, Ph.D.
State University of New York at Buffalo
Monday, February 24, 2020 at 10:45 am
Internet of Things (IoT) play an increasingly important role in our daily life. With the accelerated development of embedded sensing and communication techniques, interconnected physical devices are able to jointly perform sophisticated tasks and support abundant unprecedented services for the world. In this context, the wide variety of embedded sensors allow IoT devices to detect all sorts of changes in the environment and are widely recognized as one of the key enablers towards IoT. The role of embedded sensors in IoT Security, however, can be two-fold. On the one hand, they can be employed to build up innovative security systems and to ensure that IoT devices can be trusted to be what they purport to be. On the other hand, they can also be exploited by adversaries to spy on user privacy in scenarios that have never been considered before. In both cases, it is important to study and understand the capability of embedded sensors, as well as their security implications.
In this talk, I will use two examples to illustrate the potential of embedded sensors in attacking and securing IoT devices. I will first present a brand-new hardware-rooted device authentication system that utilizes the physical characteristics of image sensors to identify and authenticate modern smartphones. The proposed mechanism allows a verifier to authenticate a smartphone through examining just one photo taken by the device. We study various security issues underlying the proposed system and demonstrate its usability through real-world experiments. Next, I present an accelerometer-based side-channel attack that can eavesdrop on the speaker in a smartphone without the requirement of sensitive system permissions. It utilizes a smartphone’s accelerometer to capture the vibration signals incurred by smartphone speakers and employs learning techniques to extract the speech information from the accelerometer measurements. In particular, the proposed attack is able to recognize hot words and digits from phone conversations and to reconstruct the audio signal played by the smartphone speaker.
Dr. Zhongjie Ba is currently a Postdoctoral Researcher in the School of Computer Science at McGill University. He received his PhD in Computer Science and Engineering from the State University of New York at Buffalo. He has published in peer-reviewed security conferences and journals, including CCS, NDSS, ICDCS, and IEEE Trans. Inf. Forensics Security. His research interests include the security and privacy aspects of Internet of Things, artificial intelligence powered mobile sensing, and forensic analysis of multimedia contents.