Sensorprint: Hardware-Enforced Information Authentication for Mobile Systems
Radu Sion, Stony Brook
Bogdan Carbunar, FIU
Today’s societies are intrinsically and inextricably fused through a vast set of technology-driven networks, mostly mobile-based. Individuals equipped with feature-rich mobile devices effectively become the real-time eyes of the rest of the world, providing invaluable insights into remote, hard to access sites and events. However, in critical politically and socially charged settings it is difficult to ascertain and assert an acceptable level of trust, especially as current technologies allow easy forging, manipulation and fabrication of data. In this project we design and build technology that will endow mobile data with increased authenticity and integrity assurances. Of primary importance is the data “liveness” assurance, proof that the data has been captured live on the actual mobile device, and has not been fabricated. We identify and exploit the insight that mobile data and the device sensor streams simultaneously captured, necessarily bear certain relations. This research will play a fundamental role in establishing the credibility of mobile and social media, acting as the required witness to the authenticity of reported data. Applications with important social impact include citizen journalism, smart city management and prototype verification.
The project will investigate, develop and evaluate a framework for secure and efficient sensor-based mobile data verification mechanisms. In a first thrust, the researchers will leverage TrustZone to build a trusted mobile device platform, to bootstrap trust into sensor readings captured on the device, and provide secure storage and a secure execution environment for sensitive functions. In the second thrust, the researchers will devise solutions to securely and efficiently capture, authenticate, communicate, archive, search and access mobile device sensor snapshots (sensorprints). In the third thrust, the researchers will develop mechanisms to verify the consistency between mobile data and simultaneously captured sensor streams. In addition, the researchers will evaluate the developed solutions on newly introduced sensor-centric data plagiarism attacks and mobility based data categories.