Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices

by   Chris Xiaoxuan Lu, et al.

Along with the benefits of Internet of Things (IoT) come potential privacy risks, since billions of the connected devices are granted permission to track information about their users and communicate it to other parties over the Internet. Of particular interest to the adversary is the user identity which constantly plays an important role in launching attacks. While the exposure of a certain type of physical biometrics or device identity is extensively studied, the compound effect of leakage from both sides remains unknown in multi-modal sensing environments. In this work, we explore the feasibility of the compound identity leakage across cyber-physical spaces and unveil that co-located smart device IDs (e.g., smartphone MAC addresses) and physical biometrics (e.g., facial/vocal samples) are side channels to each other. It is demonstrated that our method is robust to various observation noise in the wild and an attacker can comprehensively profile victims in multi-dimension with nearly zero analysis effort. Two real-world experiments on different biometrics and device IDs show that the presented approach can compromise more than 70% of device IDs and harvests multiple biometric clusters with  94 same time.


page 1

page 2

page 3

page 4


Internet-of-Things Architectures for Secure Cyber-Physical Spaces: the VISOR Experience Report

Internet of things (IoT) technologies are becoming a more and more wides...

Internet of Things: Digital Footprints Carry A Device Identity

The usage of technologically advanced devices has seen a boom in many do...

Smart But Unsafe: Experimental Evaluation of Security and Privacy Practices in Smart Toys

Smart toys have captured an increasing share of the toy market, and are ...

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Smart toys have captured an increasing share of the toy market, and are ...

Self-Sovereign Identity for IoT environments: A Perspective

This paper analyses the concept of Self-Sovereign Identity (SSI), an eme...

"Privacy is the Boring Bit": User Perceptions and Behaviour in the Internet-of-Things

In opinion polls, the public frequently claim to value their privacy. Ho...

SoK: Design Tools for Side-Channel-Aware Implementions

Side-channel attacks that leak sensitive information through a computing...

Please sign up or login with your details

Forgot password? Click here to reset