Security and Privacy Issues of Mobile Cyber-physical Systems

Abstract

Cyber-physical systems (CPS) refer to a group of systems that combine the real physical world with cyber components. Traditionally, the applications of CPS in research and the real world mainly include smart power grid, autonomous automobile systems, and robotics systems. In recent years, due to the fast development of pervasive computing, sensor manufacturing, and artificial intelligence technologies, mobile cyber-physical systems that extend the application domains of traditional cyber-physical systems have become increasingly popular. In mobile cyber-physical systems, devices have rich features, such as significant computational resources, multiple communication radios, various sensor modules, and high-level programming languages. These features enable us to build more powerful and convenient applications and systems for mobile users. At the same time, such information can also be leveraged by attackers to design new types of attacks. The security and privacy issues can exist in any application of mobile CPS. In terms of defense systems, we focus on three important topics: voice liveness detection, face forgery detection, and securing PIN-based authentication. In terms of attack systems, we study the location privacy in augmented reality (AR) applications. We first investigate the voice replay attacks on smartphones. Voice input is becoming an important interface on smartphones since it can provide better user experience compared with traditional typing-based input methods. However, because the human voice is often exposed to the public, attackers can easily steal victims' voices and replay it to victims' devices to issue malicious commands. To defend the smartphone from voice replay attacks, we propose a novel liveness detection system, which can determine whether the incoming voice is from a live person or a loudspeaker. The key idea is that voices are produced and finalized at multiple positions in human vocal systems, while the audio signals from loudspeakers are from one position. By using two microphones on the smartphone to record the voice at two positions and measure their relationship, the proposed system can defend against voice replay attacks with a high success rate. Besides smartphones, voice replay attacks are also feasible on AR headsets. However, due to the special hardware positions, the current voice liveness detection system designed for smartphones cannot be deployed on AR headsets. To address this issue, we propose a novel voice liveness detection system for AR headsets. The key insight is that the human voice can propagate through the internal body. By attaching a contact microphone around the user's temple, we can collect the internal body voice. A voice is determined from a live person as long as the collected internal body voice has a strong relationship with the mouth voice. Since the contact microphone is cheap, tiny, and thin, it can be embedded in current AR headsets with minimal additional cost. Next, we propose a system to detect the fake face in real-time video chat. Recent developments in deep learning-based forgery techniques largely improved the ability of forgery attackers. With the help of face reenactment techniques, attackers can transfer their facial expressions to another person's face to create fake facial videos in real-time with very high quality. In our system, we find that the face of a live person can reflect the screen light, and this reflected light can be captured by the web camera. Moreover, current face forgery techniques cannot generate such light change with acceptable quality. Therefore, we can measure the correlation and similarity of the luminance changes between the screen light and the face-reflected light to detect the liveness of the face. We also study to leverage IoT devices to enhance the privacy of some daily operations. We find that the widely used personal identification number (PIN) is not secure and can be attacked in many ways. In some scenarios, it is hard to prevent attackers from obtaining the victim's PIN. Therefore, we propose a novel system to secure the PIN input procedure even if the victim's PIN has been leaked. The basic idea is that different people have different PIN input behavior even for the same PIN. Even though attackers can monitor the victim's PIN input behaviors and imitate it afterward, the biological differences among each person's hands still exist and can be used to differentiate them. To capture both PIN input behavior and the biological features, we install a tiny light sensor at the center of the PIN pad to transfer the information into a light signal. By extracting useful features from multiple domains, we can determine whether the PIN input is from the same person with high accuracy. Besides designing new defense systems, we also show that sensory data and side-channel information can be leveraged to launch new types of attacks. We conduct a study on the network traffic of location-based AR applications. We find that it is feasible to infer the real-time location of a user using the short-time network traffic if the downloading jobs are related to the current location. By carefully deploying fake AR contents at some locations, our attack system can infer the location of the user with high accuracy by processing noisy network traffic data.