research-article

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound

Authors:

Kehuan ZhangAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 429 - 440

https://doi.org/10.1145/2660267.2660300

Published: 03 November 2014 Publication History

Abstract

The popularity of mobile devices has made people's lives more convenient, but threatened people's privacy at the same time. As end users are becoming more and more concerned on the protection of their private information, it is even harder for hackers to track a specific user by using conventional technologies. For example, cookies might be cleared by users regularly. Besides, OS designers have developed a series of measures to cope with tracker. Apple has stopped apps accessing UDIDs, and Android phones use some special permissions to protect IMEI code. However, some recent studies showed that attackers are able to find new ways to get around those limitations, even though these new methods should be improved in order to be practically deployed in large scale. For example, attackers can trace smart phones by using the hardware features resulting from the imperfect manufacturing process of accelerometers. In this paper, we will present another new and more practical method for the adversaries to generate stable and unique device ID stealthily for the smartphone by exploiting the frequency response of the speaker. With carefully selected audio frequencies and special sound wave patterns, we can reduce the impact of non-linear effects and noises, and keep our feature extraction process un-noticeable to phone owners. The extracted feature is not only very stable for a given smart phone, but also unique to that phone. The feature contains rich information, which is even enough to differentiate millions of smart phones of the same model. We have built a prototype to evaluate our method, and the results show that the generated device ID can be used to track users practically.

References

[1]

Android 4.4 blocked some SD card accessing. http://lifehacker.com/android-kitkatblocks-some-access-to-micro-sd-cards-1524997895.

[2]

Anonymity, Privacy, and Security Online. http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/.

[3]

Apple set deadline for UDID. http://www.engadget.com/2013/03/21/apple-sets-a-may-1st-cutoff-for-appsubmissions-that-use-udid/.

[4]

F-secure Mobile Treat Report. https://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2013.pdf.

[5]

Frequency response of 3 speakers. http://community.edmdistrict.com/showthread.php?7944-Beats-Studios-doesn-t-sound-right.

[6]

Google may stop tracking user by cookie. http://www.usatoday.com/story/tech/2013/09/17/google-cookies-advertising/2823183/.

[7]

iBeacon. http://en.wikipedia.org/wiki/IBeacon.

[8]

IDC Worldwide Smartphone Shipments. https://www.idc.com/getdoc.jsp?containerId=prUS24645514.

[9]

Spread spectrum. http://en.wikipedia.org/wiki/Spread_spectrum.

[10]

UIUC Physics 406 Acoustical Physics of Music. http://courses.physics.illinois.edu/phys406/Lecture_Notes/P406POM_Lecture_Notes/P406POM_Lect5.pdf.

[11]

UUID of Android. http://developer.android.com/reference/java/util/UUID.html.

[12]

Wifi Positioning System. http://en.wikipedia.org/wiki/Wi-Fi_positioning_system.

[13]

C. Arackaparambil, S. Bratus, A. Shubina, and D. Kotz. On the reliability of wireless fingerprinting using clock skews. In Proceedings of the third ACM conference on Wireless network security, pages 169--174. ACM, 2010.

Digital Library

[14]

K. Boda, Á. M. Földes, G. G. Gulyás, and S. Imre. User tracking on the web via cross-browser fingerprinting. In Information Security Technology for Applications, pages 31--46. Springer, 2012.

Digital Library

[15]

K. Bonne Rasmussen and S. Capkun. Implications of radio fingerprinting on the security of sensor networks. In Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on, pages 331--340. IEEE, 2007.

[16]

A. Boxall. Smartphone kill switch bill passes in california. http://www.digitaltrends.com/mobile/smartphone-kill-switch-bill-passes-incalifornia/, May 2014.

[17]

V. Brik, S. Banerjee, M. Gruteser, and S. Oh. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking, pages 116--127. ACM, 2008.

Digital Library

[18]

S. Brown. Linear and Nonlinear Loudspeaker Characterization. PhD thesis, WORCESTER POLYTECHNIC INSTITUTE, 2006.

[19]

A. Das, N. Borisov, and M. Caesar. Fingerprinting smart devices through embedded acoustic components. arXiv preprint arXiv:1403.3366, 2014.

[20]

L. C. C. Desmond, C. C. Yuan, T. C. Pheng, and R. S. Lee. Identifying unique devices through wireless fingerprinting. In Proceedings of the first ACM conference on Wireless network security, pages 46--55. ACM, 2008.

Digital Library

[21]

S. Dey, N. Roy, W. Xu, R. R. Choudhury, and S. Nelakuditi. Accelprint: Imperfections of accelerometers make smartphones trackable. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (Feb 2014), NDSS, volume 14, 2014.

[22]

P. Eckersley. How unique is your web browser? In Privacy Enhancing Technologies, pages 1--18. Springer, 2010.

Digital Library

[23]

J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker. Passive data link layer 802.11 wireless device driver fingerprinting. In Proc. 15th USENIX Security Symposium, pages 167--178, 2006.

Digital Library

[24]

A. Gionis, P. Indyk, R. Motwani, et al. Similarity search in high dimensions via hashing. In VLDB, volume 99, pages 518--529, 1999.

Digital Library

[25]

L. G. Greenwald and T. J. Thomas. Toward undetected operating system fingerprinting. In Proceedings of the first USENIX workshop on Offensive Technologies, pages 1--10. USENIX Association, 2007.

Digital Library

[26]

L. G. Greenwald and T. J. Thomas. Understanding and preventing network device fingerprinting. Bell Labs Technical Journal, 12(3):149--166, 2007.

Digital Library

[27]

J. Han, E. Owusu, L. T. Nguyen, A. Perrig, and J. Zhang. Accomplice: Location inference using accelerometers on smartphones. In Communication Systems and Networks (COMSNETS), 2012 Fourth International Conference on, pages 1--9. IEEE, 2012.

Digital Library

[28]

B. Krishnamurthy and C. Wills. Privacy diffusion on the web: A longitudinal perspective. In Proceedings of the 18th international conference on World wide web, pages 541--550. ACM, 2009.

Digital Library

[29]

B. Krishnamurthy and C. E. Wills. Generating a privacy footprint on the internet. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 65--70. ACM, 2006.

Digital Library

[30]

J. Lester, B. Hannaford, and G. Borriello. "are you with me?" - using accelerometers to determine if two devices are carried by the same person. In Pervasive, pages 33--50, 2004.

[31]

J. Lukas, J. Fridrich, and M. Goljan. Digital camera identification from sensor pattern noise. Information Forensics and Security, IEEE Transactions on, 1(2):205--214, 2006.

Digital Library

[32]

J. R. Mayer and J. C. Mitchell. Third-party web tracking: Policy and technology. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 413--427. IEEE, 2012.

Digital Library

[33]

K. Mowery, D. Bogenreif, S. Yilek, and H. Shacham. Fingerprinting information in javascript implementations. In Proceedings of Web, volume 2, 2011.

[34]

L. T. Nguyen and Y. Zhang. Probabilistic infrastructureless positioning in the pocket. In Mobile Computing, Applications, and Services, pages 311--330. Springer, 2012.

[35]

N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 541--555. IEEE, 2013.

Digital Library

[36]

F. Roesner. Detecung and defending against third--party tracking on the web. 2012.

[37]

M. Slaney and M. Casey. Locality-sensitive hashing for finding nearest neighbors {lecture notes}. Signal Processing Magazine, IEEE, 25(2):128--131, 2008.

[38]

M. Smart, G. R. Malan, and F. Jahanian. Defeating tcp/ip stack fingerprinting. In Proceedings of the 9th USENIX Security Symposium, volume 6, 2000.

Digital Library

[39]

A. Soltani, S. Canty, Q. Mayo, L. Thomas, and C. J. Hoofnagle. Flash cookies and privacy. In AAAI Spring Symposium: Intelligent Information Privacy Management, 2010.

[40]

K. Takeda. User identification and tracking with online device fingerprints fusion. In Security Technology (ICCST), 2012 IEEE International Carnahan Conference on, pages 163--167. IEEE, 2012.

[41]

V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas. Adnostic: Privacy preserving targeted advertising. In NDSS, 2010.

[42]

O. Ureten and N. Serinken. Wireless security through rf fingerprinting. Electrical and Computer Engineering, Canadian Journal of, 32(1):27--33, 2007.

[43]

T.-E. Wei, A. B. Jeng, H.-M. Lee, C.-H. Chen, and C.-W. Tien. Android privacy. In Machine Learning and Cybernetics (ICMLC), 2012 International Conference on, volume 5, pages 1830--1837. IEEE, 2012.

[44]

P. N. Yianilos. Data structures and algorithms for nearest neighbor search in general metric spaces. In Proceedings of the fourth annual ACM-SIAM Symposium on Discrete algorithms, pages 311--321. Society for Industrial and Applied Mathematics, 1993.

Digital Library

[45]

X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: inferring your secrets from android public resources. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 1017--1028. ACM, 2013.

Digital Library

Cited By

Song WLiu JLiu YHan J(2024)Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic EmanationsProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678917(660-673)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678917
Yang HLi ZLuo CWei BXu W(2024)InaudibleKey2.0: Deep Learning-Empowered Mobile Device Pairing Protocol Based on Inaudible Acoustic SignalsIEEE/ACM Transactions on Networking10.1109/TNET.2024.340778332:5(4160-4174)Online publication date: Oct-2024
https://doi.org/10.1109/TNET.2024.3407783
Ren YYang TXia ZLiu HYu JLiu BLi H(2024)Robust Mobile Two-Factor Authentication Leveraging Acoustic FingerprintingIEEE Transactions on Mobile Computing10.1109/TMC.2024.339118423:12(11105-11120)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3391184
Show More Cited By

Index Terms

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Android App Permission and Users’ Adoption: A Case Study of Mental Health Application
Human Aspects of Information Security, Privacy and Trust
Abstract
The prevalent use of mobile devices makes mobile applications (apps) a promising approach to enhance mental healthcare. However, at the same time, users’ information privacy and security becomes a serious concern due to the ubiquitous data ...
Developing mobile apps using cross-platform frameworks: a case study
HCI'13: Proceedings of the 15th international conference on Human-Computer Interaction: human-centred design approaches, methods, tools, and environments - Volume Part I

In last few years, a huge variety of frameworks for the mobile cross-platform development have been released to deliver quick and overall better solutions. Most of them are based on different approaches and technologies; therefore, relying on only one ...
Towards end-user development of REST client applications on smartphones

HTML5 can be used to develop client applications by composing REST web services within the context of Web 2.0. However, the possibility of implementing cross-platform smartphone applications with REST services needs to be studied. Accordingly, we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

79
Total Citations
View Citations
1,143
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)5

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Song WLiu JLiu YHan J(2024)Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic EmanationsProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678917(660-673)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678917
Yang HLi ZLuo CWei BXu W(2024)InaudibleKey2.0: Deep Learning-Empowered Mobile Device Pairing Protocol Based on Inaudible Acoustic SignalsIEEE/ACM Transactions on Networking10.1109/TNET.2024.340778332:5(4160-4174)Online publication date: Oct-2024
https://doi.org/10.1109/TNET.2024.3407783
Ren YYang TXia ZLiu HYu JLiu BLi H(2024)Robust Mobile Two-Factor Authentication Leveraging Acoustic FingerprintingIEEE Transactions on Mobile Computing10.1109/TMC.2024.339118423:12(11105-11120)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3391184
Shen YLin FWang CLiu TBa ZLu LXu WRen K(2024)MotoPrint: Reconfigurable Vibration Motor Fingerprint via Homologous Signals LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325350721:1(372-387)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3253507
Fang XLiu JChen YXu XHan J(2024)WristPass: Secure Wearable Continuous Authentication via Ultrasonic Sensing2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682871(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682871
Park SSeo CWang XLee YSeo S(2024)Exclusively in-store: Acoustic location authentication for stationary business devicesJournal of Network and Computer Applications10.1016/j.jnca.2024.104028(104028)Online publication date: Sep-2024
https://doi.org/10.1016/j.jnca.2024.104028
Jiang XZhao ZLi ZHong F(2023)Echo-ID: Smartphone Placement Region Identification for Context-Aware ComputingSensors10.3390/s2309430223:9(4302)Online publication date: 26-Apr-2023
https://doi.org/10.3390/s23094302
Kim DCho MShin HKim JNoh JKim Y(2023)Lightbox: Sensor Attack Detection for Photoelectric Sensors via Spectrum FingerprintingACM Transactions on Privacy and Security10.1145/361586726:4(1-30)Online publication date: 14-Oct-2023
https://dl.acm.org/doi/10.1145/3615867
Kumar VPaul K(2023)Device Fingerprinting for Cyber-Physical Systems: A SurveyACM Computing Surveys10.1145/358494455:14s(1-41)Online publication date: 21-Feb-2023
https://dl.acm.org/doi/10.1145/3584944
Liu LFu XChen XWang JBa ZLin FLu LRen KMeng WJensen CCremers CKirda E(2023)FITS: Matching Camera Fingerprints Subject to Software Noise PollutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616600(1660-1674)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616600
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents