Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach

Abstract

Abuse of zero-permission sensors (e.g., accelerometers and gyroscopes) on-board mobile and wearable devices to infer users’ personal context and information is a well-known privacy threat, and has received significant attention in the literature. At the same time, efforts towards relevant protection mechanisms have been ad-hoc and have main focus on threat-specific approaches that are not very practical, thus garnering limited adoption within popular mobile operating systems. It is clear that privacy threats that take advantage of unrestricted access to these sensors can be prevented if they are effectively regulated. However, the importance of these sensors to all applications operating on the mobile platform, including the dynamic sensor usage and requirements of these applications, makes designing effective access control/regulation mechanisms difficult. Moreover, this problem is different from classical intrusion detection as these sensors have no system- or user-defined policies that define their authorized or correct usage. Thus, to design effective defense mechanisms against such privacy threats, a clean slate approach that formalizes the problem of sensor access (to zero-permission sensors) on mobile devices is first needed. The paper accomplishes this by employing game theory, specifically, signaling games, to formally model the strategic interactions between mobile applications attempting to access zero-permission sensors and an on-board defense mechanism attempting to regulate this access. Within the confines of such a formal game model, the paper then outlines conditions under which equilibria can be achieved between these entities on a mobile device (i.e., applications and defense mechanism) with conflicting goals. The game model is further analyzed using numerical simulations, and also extended in the form of a repeated signaling game.