AdAttester: Secure online mobile advertisement attestation using trustzone

MobiSys 2015 - Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services

Volumn , Issue , 2015, Pages 75-88

  Li, Wenhao ^a   Li, Haibo ^a   Chen, Haibo ^a   Xia, Yubin ^a  

^a SHANGHAI JIAO TONG UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

AD MARKET; EXECUTION ENVIRONMENTS; MOBILE ADVERTISEMENT; MOBILE APPS; MOBILE USERS; NON-INTRUSIVE; SECURITY PRIMITIVES; USER EXPERIENCE;

CRIME;

EID: 84954195489     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2742647.2742676     Document Type: Conference Paper

References (46)

1. Apache http server benchmarking tool. http:// httpd.apache.org/docs/2.2/programs/ab.html.
2. Trusted execution environment of globalplatform. http://www.globalplatform.org/ specificationsdevice.asp.
3. Bots are hot, but publishers and advertisers are cold to combating the situation. http://www.adexchanger.com/onlineadvertising/ bots-are-hot-but-publishersand- advertisers-are-cold-to-combatingthe- situation/, 2013.
4. Bots mobilize. http://www.dmnews.com/botsmobilize/ article/291566/, 2013.
5. Bots win! nonhuman ad impressions still selling like hotcakes. http://www.adexchanger.com/onlineadvertising/ bots-win-non-human-adsstill- selling-like-hotcakes/, 2013.
6. Mopub android sdk. https: //github.com/mopub/mopub-android-sdk, 2013.
7. Admob publisher guidelines and policies. https://support.google.com/admob/answer/ 2753860?hl=en, 2014.
8. Antutu benchmark. https: //play.google.com/store/apps/details?id= com.google.android.stardroid&hl=en, 2014.
9. T6, a secure os and tee for mobile devices. http://trustkernel.org/, 2015.
10. T. Alves and D. Felton. Trustzone: Integrated hardware and software security. ARM white paper, 3(4), 2004.
11. M. Backes, A. Kate, M. Maffei, and K. Pecina. Obliviad: Provably secure and practical online behavioral advertising. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 257-271. IEEE, 2012.
12. H. Bay, T. Tuytelaars, and L. Van Gool. Surf: Speeded up robust features. In Computer Vision-ECCV 2006, pages 404-417. Springer, 2006.
13. E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proceedings of the 11th ACM conference on Computer and communications security, pages 132-145. ACM, 2004.
14. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In NDSS, 2012.
15. P. Chen, D. Yang, W. Zhang, Y. Li, B. Zang, and H. Chen. Adaptive pipeline parallelism for image feature extraction algorithms. In Parallel Processing (ICPP), 2012 41st International Conference on, pages 299-308. IEEE, 2012.
16. J. Crussell, R. Stevens, and H. Chen. Madfraud: investigating ad fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services, pages 123-134. ACM, 2014.
17. N. Daswani, C. Mysen, V. Rao, S. Weis, K. Gharachorloo, and S. Ghosemajumder. Online advertising fraud. Crimeware: understanding new attacks and defenses, 2008.
18. V. Dave, S. Guha, and Y. Zhang. Measuring and fingerprinting click-spam in ad networks. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication, pages 175-186. ACM, 2012.
19. emakerter. Driven by facebook and google, mobile ad market soars 105http://www.emarketer.com/Article/Driven-by-Facebook- Google-Mobile-Ad-Market-Soars-10537-2013/1010690, 2014.
20. Z. Fang, D. Yang, W. Zhang, H. Chen, and B. Zang. A comprehensive analysis and parallelization of an image retrieval algorithm. In Performance Analysis of Systems and Software (ISPASS), 2011 IEEE International Symposium on, pages 154-164. IEEE, 2011.
21. L. Guan, J. Lin, B. Luo, and J. Jing. Copker: Computing with private keys without ram. 2014.
22. S. Guha, B. Cheng, and P. Francis. Privad: Practical privacy in online advertising. In NSDI, 2011.
23. R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy. Not-a-bot (nab): Improving service availability in the face of botnet attacks. 2009.
24. N. Krawetz. Perceptual hash algorithm: the average hash algorithm. http://www.hackerfactor.com/blog/?/archives/432- Looks-Like-It.html.
25. W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-K. Chu, and T. Li. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems, page 8. ACM, 2014.
26. B. Liu, S. Nath, R. Govindan, and J. Liu. Decaf: detecting and characterizing ad fraud in mobile apps. In Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation, pages 57-70. USENIX Association, 2014.
27. D. Liu and L. P. Cox. Veriui: Attested login for mobile devices. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, page 7. ACM, 2014.
28. H. Liu, S. Saroiu, A. Wolman, and H. Raj. Software abstractions for trusted sensors. In Proceedings of the 10th international conference on Mobile systems, applications, and services, pages 365-378. ACM, 2012.
29. D. G. Lowe. Distinctive image features from scale-invariant keypoints. International journal of computer vision, 60(2):91-110, 2004.
30. A. Metwally, D. Agrawal, and A. El Abbadi. Detectives: detecting coalition hit inflation attacks in advertising networks streams. In Proceedings of the 16th international conference on World Wide Web, pages 241-250. ACM, 2007.
31. B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. Whatąrs̈ clicking what? techniques and innovations of todayąrs̈ clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 164-183. Springer, 2011.
32. T. Müller, F. C. Freiling, and A. Dewald. Tresor runs encryption securely outside ram. In USENIX Security Symposium, pages 17-17, 2011.
33. P. Pearce, V. Dave, C. Grier, K. Levchenko, S. Guha, D. McCoy, V. Paxson, S. Savage, and G. M. Voelker. Characterizing large-scale click fraud in zeroaccess. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 141-152, New York, NY, USA, 2014. ACM.
34. P. Pearce, A. P. Felt, G. Nunez, and D. Wagner. Addroid: Privilege separation for applications and advertisers in android. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pages 71-72. ACM, 2012.
35. H. Raj, S. Saroiu, A. Wolman, and J. Padhye. Splitting the bill for mobile data with simlets. In Proceedings of the 14th Workshop on Mobile Computing Systems and Applications, page 1. ACM, 2013.
36. A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. Swatt: Software-based attestation for embedded devices. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pages 272-282. IEEE, 2004.
37. S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: Separating smartphone advertising from applications. In USENIX Security Symposium, pages 553-567, 2012.
38. E. G. Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Williams, and F. B. Schneider. Logical attestation: an authorization architecture for trustworthy computing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 249-264. ACM, 2011.
39. V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas. Adnostic: Privacy preserving targeted advertising. In NDSS, 2010.
40. E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on aes, and countermeasures. Journal of Cryptology, 23(1):37-71, 2010.
41. A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, implementation and verification of an extensible and modular hypervisor framework. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 430-444. IEEE, 2013.
42. Y. Xia, Y. Liu, and H. Chen. Architecture support for guest-transparent vm protection from untrusted hypervisor and physical attacks. In High Performance Computer Architecture (HPCA2013), 2013 IEEE 19th International Symposium on, pages 246-257. IEEE, 2013.
43. Y. Yarom and K. Falkner. Flush+reload: A high resolution, low noise, 13 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14), pages 719-732, San Diego, CA, Aug. 2014. USENIX Association.
44. F. Yu, Y. Xie, and Q. Ke. Sbotminer: large scale search bot detection. In Proceedings of the third ACM international conference on Web search and data mining, pages 421-430. ACM, 2010.
45. F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 203-216. ACM, 2011.
46. X. Zhang, A. Ahlawat, and W. Du. Aframe: isolating advertisements from mobile applications in android. In Proceedings of the 29th Annual Computer Security Applications Conference, pages 9-18. ACM, 2013.