Ditio: Trustworthy Auditing of Sensor Activities in Mobile & IoT Devices Saeed Mirzamohammadi, Justin A. Chen, Ardalan Amiri Sani, Sharad Mehrotra, Gene Tsudik Department of Computer Science University of California, Irvine
[email protected],
[email protected],
[email protected],
[email protected],
[email protected] ABSTRACT in Mobile & IoT Devices. In Proceedings of SenSys ’17, Delft, Netherlands, Mobile and Internet-of-Things (IoT) devices, such as smartphones, November 6–8, 2017, 14 pages. tablets, wearables, smart home assistants (e.g., Google Home and https://doi.org/10.1145/3131672.3131688 Amazon Echo), and wall-mounted cameras, come equipped with various sensors, notably camera and microphone. These sensors 1 INTRODUCTION can capture extremely sensitive and private information. There Mobile and Internet-of-Things (IoT) devices, such as smartphones, are several important scenarios where, for privacy reasons, a user tablets, wearables, voice-activated smart home assistants (e.g., Google might require assurance about the use (or non-use) of these sensors. Home and Amazon Echo), and wall-mounted cameras, incorporate For example, the owner of a home assistant might require assur- various sensors, notably cameras and microphones. These sensors ance that the microphone on the device is not used during a given can capture extremely sensitive and private information, such as time of the day. Similarly, during a confidential meeting, the host video and audio. There are increasingly important scenarios, where needs assurance that attendees do not record any audio or video. it is essential for these devices to provide assurance about the use Currently, there are no means to attain such assurance in modern (or non-use) of these sensors to their owners or even to a third party.