This paper contributes a novel method for low-cost, covert physical sensing and, by doing so, surfaces new privacy threats. We demonstrate how a smartphone and portable speaker playing music with embedded, inaudible signals can track multiple individuals’ locations and activities both within a room and through barriers in 2D space. We achieve this by transforming a smartphone into an active sonar system that emits a combination of a sonar pulse and music and listens to the reflections off of humans in the environment. Our implementation, CovertBand, monitors minute changes to these reflections to track multiple people concurrently and to recognize different types of motion, leaking information about where people are in addition to what they may be doing. We evaluated CovertBand by running experiments in five homes in the Seattle area, showing that we can localize both single and multiple individuals through barriers. These tests show CovertBand can track walking subjects with a mean tracking error of 18 cm and subjects moving at a fixed position with an accuracy of 8 cm at up to 6 m in line-of-sight and 3 m through barriers. We test a variety of rhythmic motions such as pumping arms, jumping, and supine pelvic tilts in through-wall scenarios and show that they produce discernibly different spectrograms from walking in the acoustic reflections. In tests with 33 subjects, we also show that even in ideal scenarios, listeners were unlikely to detect a CovertBand attack.
Trusted Geolocation in the Cloud; Mike Bartock, Murugiah Souppaya (NIST); National Cybersecurity Center of Excellence (NCCoE), National Institute of Standards and Technology (NIST); 2017-05-11; 16 pages; landing;
The motivation behind this Building Block is to improve the security of cloud computing and accelerate the adoption of cloud computing technologies by establishing an automated hardware root of trust method for enforcing and monitoring geolocation restrictions for cloud servers. A hardware root of trust is an inherently trusted combination of hardware and firmware that maintains the integrity of the geolocation information and the platform. Once the cloud platform has been attested to be trustworthy and to comply with a defined geolocation policy, then other use properties can be instantiated to support additional security capabilities that are built on this foundational hardware root of trust. These capabilities can include restricting workloads to running on trusted hardware in a trusted location; restricting communications between workloads; ensure workload data is protected at rest; applying security policies to workloads; and leveraging these capabilities across a hybrid cloud. This project will result in a freely available NIST Cybersecurity Practice Guide.
Table of Contents
Platform Attestation and Safer Hypervisor or Operating System Launch
Trust-Based Homogeneous Secure Migration within a Single Cloud Platform
Trust-Based and Geolocation-Based Homogeneous Secure Migration within a Single Cloud Platform
Data Protection and Encryption Key Management Enforcement Based on Trust-Based and Geolocation-Based Homogeneous Secure Migration within a Single Cloud Platform
Persistent Data Flow Segmentation Before and After the Trust-Based and Geolocation-Based Homogeneous Secure Migration within a Single Cloud Platform
Industry Sector Compliance Enforcement for Regulated Workloads Before and After the Trust-Based and Geolocation-Based Homogeneous Secure Migration
Trust-Based and Geolocation-Based Homogeneous and Policy Enforcement in a Secure Cloud Bursting across Two Cloud Platforms