• Login
    View Item 
    •   Home
    • Theses and Dissertations
    • Theses and Dissertations
    • View Item
    •   Home
    • Theses and Dissertations
    • Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of TUScholarShareCommunitiesDateAuthorsTitlesSubjectsGenresThis CollectionDateAuthorsTitlesSubjectsGenres

    My Account

    LoginRegister

    Help

    AboutPeoplePoliciesHelp for DepositorsData DepositFAQs

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    Security and Privacy Issues of Mobile Cyber-physical Systems

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    Shang_temple_0225E_14199.pdf
    Size:
    7.454Mb
    Format:
    PDF
    Download
    Genre
    Thesis/Dissertation
    Date
    2020
    Author
    Shang, Jiacheng
    Advisor
    Wu, Jie, 1961-
    Committee member
    Tan, Chiu C.
    Chen, Si
    Wang, Yan
    Ahmad, Fauzia (Electrical engineer)
    Department
    Computer and Information Science
    Subject
    Computer Science
    Attack
    Mobile Cyber-physical System
    Privacy
    Security
    Permanent link to this record
    http://hdl.handle.net/20.500.12613/322
    
    Metadata
    Show full item record
    DOI
    http://dx.doi.org/10.34944/dspace/306
    Abstract
    Cyber-physical systems (CPS) refer to a group of systems that combine the real physical world with cyber components. Traditionally, the applications of CPS in research and the real world mainly include smart power grid, autonomous automobile systems, and robotics systems. In recent years, due to the fast development of pervasive computing, sensor manufacturing, and artificial intelligence technologies, mobile cyber-physical systems that extend the application domains of traditional cyber-physical systems have become increasingly popular. In mobile cyber-physical systems, devices have rich features, such as significant computational resources, multiple communication radios, various sensor modules, and high-level programming languages. These features enable us to build more powerful and convenient applications and systems for mobile users. At the same time, such information can also be leveraged by attackers to design new types of attacks. The security and privacy issues can exist in any application of mobile CPS. In terms of defense systems, we focus on three important topics: voice liveness detection, face forgery detection, and securing PIN-based authentication. In terms of attack systems, we study the location privacy in augmented reality (AR) applications. We first investigate the voice replay attacks on smartphones. Voice input is becoming an important interface on smartphones since it can provide better user experience compared with traditional typing-based input methods. However, because the human voice is often exposed to the public, attackers can easily steal victims' voices and replay it to victims' devices to issue malicious commands. To defend the smartphone from voice replay attacks, we propose a novel liveness detection system, which can determine whether the incoming voice is from a live person or a loudspeaker. The key idea is that voices are produced and finalized at multiple positions in human vocal systems, while the audio signals from loudspeakers are from one position. By using two microphones on the smartphone to record the voice at two positions and measure their relationship, the proposed system can defend against voice replay attacks with a high success rate. Besides smartphones, voice replay attacks are also feasible on AR headsets. However, due to the special hardware positions, the current voice liveness detection system designed for smartphones cannot be deployed on AR headsets. To address this issue, we propose a novel voice liveness detection system for AR headsets. The key insight is that the human voice can propagate through the internal body. By attaching a contact microphone around the user's temple, we can collect the internal body voice. A voice is determined from a live person as long as the collected internal body voice has a strong relationship with the mouth voice. Since the contact microphone is cheap, tiny, and thin, it can be embedded in current AR headsets with minimal additional cost. Next, we propose a system to detect the fake face in real-time video chat. Recent developments in deep learning-based forgery techniques largely improved the ability of forgery attackers. With the help of face reenactment techniques, attackers can transfer their facial expressions to another person's face to create fake facial videos in real-time with very high quality. In our system, we find that the face of a live person can reflect the screen light, and this reflected light can be captured by the web camera. Moreover, current face forgery techniques cannot generate such light change with acceptable quality. Therefore, we can measure the correlation and similarity of the luminance changes between the screen light and the face-reflected light to detect the liveness of the face. We also study to leverage IoT devices to enhance the privacy of some daily operations. We find that the widely used personal identification number (PIN) is not secure and can be attacked in many ways. In some scenarios, it is hard to prevent attackers from obtaining the victim's PIN. Therefore, we propose a novel system to secure the PIN input procedure even if the victim's PIN has been leaked. The basic idea is that different people have different PIN input behavior even for the same PIN. Even though attackers can monitor the victim's PIN input behaviors and imitate it afterward, the biological differences among each person's hands still exist and can be used to differentiate them. To capture both PIN input behavior and the biological features, we install a tiny light sensor at the center of the PIN pad to transfer the information into a light signal. By extracting useful features from multiple domains, we can determine whether the PIN input is from the same person with high accuracy. Besides designing new defense systems, we also show that sensory data and side-channel information can be leveraged to launch new types of attacks. We conduct a study on the network traffic of location-based AR applications. We find that it is feasible to infer the real-time location of a user using the short-time network traffic if the downloading jobs are related to the current location. By carefully deploying fake AR contents at some locations, our attack system can infer the location of the user with high accuracy by processing noisy network traffic data.
    ADA compliance
    For Americans with Disabilities Act (ADA) accommodation, including help with reading this content, please contact scholarshare@temple.edu
    Collections
    Theses and Dissertations

    entitlement

     
    DSpace software (copyright © 2002 - 2023)  DuraSpace
    Temple University Libraries | 1900 N. 13th Street | Philadelphia, PA 19122
    (215) 204-8212 | scholarshare@temple.edu
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.