Covert Device Association Among Colluding Apps via Edge Processor Workload

Abstract

While thriving application (app) distribution systems involving incentivized third-party app vendors are desirable for the emerging edge computing paradigm, they also bring security challenges as faced by the current mobile app distribution systems. This article studies a threat called covert device association , in which the vendors of two apps collude to figure out which of their app installations run on the same edge device. The threat can widely spread when the two apps are popular. It is also a stepping stone for: 1) the de-anonymization attacks against the users anonymous to one of the two vendors and 2) privilege escalation in which the two colluding vendors have united privileges. We show that the threat can be implemented via a reliable and ubiquitous covert channel based on the edge device’s processor workload without requiring any privileged permissions. We present the implementation details for three attack scenarios of: 1) two Android apps; 2) an Android app and a Web session running in the mobile Tor browser; and 3) two Android Things apps. Evaluation on two smartphones and an embedded edge device shows that the covert channel gives at least 0.25 b/s data rate with zero empirical bit error rate and the covert device association can be completed within 3.2 min.