Assuring Data Authenticity While Preserving User Choice in Mobile Sensing
As more services have come to rely on sensor data such as photos and audio collected by mobile phone users, verifying the authenticity of this data has become critical for service correctness. At the same time, contributors require the flexibility to modify data for resource efficiency, presentation, or privacy before the data is submitted. This dissertation presents two approaches for resolving the tension between data authenticity and user choice. YouProve is a partnership between a mobile device's trusted hardware and software that allows untrusted client applications to directly control the fidelity of data and enables services to verify that the meaning of source data is preserved. The key to YouProve's approach is trusted analysis of derived data, which generates statements comparing the content of a derived data item to its source.
To address certain cases where YouProve's approach is insufficient for evaluating modifications to photos, we introduce an alternative approach called pixel tracking. Pixel tracking uses dynamic taint analysis, or taint tracking, to monitor the execution of untrusted image processing code and track the history of operations performed on individual pixels. Pixel tracking is built on TaintDroid, a collaborative work that enables taint tracking in the Android operating system. This dissertation presents two key enhancements to TaintDroid to improve its efficiency and precision which are critical for enabling pixel tracking and other follow-on work.
Experiments with prototype implementations of YouProve and pixel tracking for Android demonstrate that the approaches are feasible. YouProve's photo analyzer is over 99% accurate at identifying regions changed only through meaning-preserving modifications such as cropping, compression, and scaling. Pixel tracking complements YouProve's analysis and can provide valuable information in several important cases where the photo analyzer falls short. YouProve's audio analyzer is similarly accurate at detecting which sub-clips of a source audio clip are present in a derived version, even in the face of compression, normalization, splicing, and other modifications. Finally, performance and power costs are reasonable, with YouProve's analyzers having little noticeable effect on interactive applications and CPU-intensive analysis completing asynchronously in under 30 seconds for 5-megapixel photos and under 70 seconds for 5-minute audio clips. Pixel tracking incurs slowdowns of only 21% to 43% for fine-grained tracking of image processing code.
Our work on YouProve and pixel tracking demonstrates that it is possible to provide guarantees about data authenticity while preserving users' control over the data they contribute.