Wenhao Li
Haibo Chen
Yubin Xia
ABSTRACT
Mobile advertisement (ad for short) is a major financial pillar for developers to provide free mobile apps. However, it is frequently thwarted by ad fraud, where rogue code tricks ad providers by forging ad display or user clicks, or both. With the mobile ad market growing drastically (e.g., from $8.76 billion in 2012 to $17.96 billion in 2013), it is vitally important to provide a verifiable mobile ad framework to detect and prevent ad frauds. Unfortunately, this is notoriously hard as mobile ads usually run in an execution environment with a huge TCB.
This paper proposes a verifiable mobile ad framework called AdAttester, based on ARM?s TrustZone technology. AdAttester provides two novel security primitives, namely unforgeable clicks and verifiable display. The two primitives attest that ad-related operations (e.g., user clicks) are initiated by the end user (instead of a bot) and that the ad is displayed intact and timely. AdAttester leverages the secure world of TrustZone to implement these two primitives to collect proofs, which are piggybacked on ad requests to ad providers for attestation. AdAttester is non-intrusive to mobile users and can be incrementally deployed in existing ad ecosystem. A prototype of AdAttester is implemented for Android running on a Samsung Exynos 4412 board. Evaluation using 182 typical mobile apps with ad frauds shows that AdAttester can accurately distinguish ad fraud from legitimate ad operations, yet incurs small performance overhead and little impact on user experience.
- Apache http server benchmarking tool. http://httpd.apache.org/docs/2.2/programs/ab.html.Google Scholar
- Trusted execution environment of globalplatform. http://www.globalplatform.org/specificationsdevice.asp.Google Scholar
- Bots are hot, but publishers and advertisers are cold to combating the situation. http://www.adexchanger.com/onlineadvertising/bots-are-hot-but-publishers-and-advertisers-are-cold-to-combating-the-situation/, 2013.Google Scholar
- Bots mobilize. http://www.dmnews.com/botsmobilize/article/291566/, 2013.Google Scholar
- Bots win! nonhuman ad impressions still selling like hotcakes. http://www.adexchanger.com/onlineadvertising/bots-win-non-human-adsstill-selling-like-hotcakes/, 2013.Google Scholar
- Mopub android sdk. https://github.com/mopub/mopub-android-sdk, 2013.Google Scholar
- Admob publisher guidelines and policies. https://support.google.com/admob/answer/2753860?hl=en, 2014.Google Scholar
- Antutu benchmark. https://play.google.com/store/apps/details?id=com.google.android.stardroid&hl=en, 2014.Google Scholar
- T6, a secure os and tee for mobile devices. http://trustkernel.org/, 2015.Google Scholar
- T. Alves and D. Felton. Trustzone: Integrated hardware and software security. ARM white paper, 3(4), 2004.Google Scholar
- M. Backes, A. Kate, M. Maffei, and K. Pecina. Obliviad: Provably secure and practical online behavioral advertising. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 257--271. IEEE, 2012. Google ScholarDigital Library
- H. Bay, T. Tuytelaars, and L. Van Gool. Surf: Speeded up robust features. In Computer Vision-ECCV 2006, pages 404--417. Springer, 2006. Google ScholarDigital Library
- E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proceedings of the 11th ACM conference on Computer and communications security, pages 132--145. ACM, 2004. Google ScholarDigital Library
- S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In NDSS, 2012.Google Scholar
- P. Chen, D. Yang, W. Zhang, Y. Li, B. Zang, and H. Chen. Adaptive pipeline parallelism for image feature extraction algorithms. In Parallel Processing (ICPP), 2012 41st International Conference on, pages 299--308. IEEE, 2012. Google ScholarDigital Library
- J. Crussell, R. Stevens, and H. Chen. Madfraud: investigating ad fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services, pages 123--134. ACM, 2014. Google ScholarDigital Library
- N. Daswani, C. Mysen, V. Rao, S. Weis, K. Gharachorloo, and S. Ghosemajumder. Online advertising fraud. Crimeware: understanding new attacks and defenses, 2008.Google Scholar
- V. Dave, S. Guha, and Y. Zhang. Measuring and fingerprinting click-spam in ad networks. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication, pages 175--186. ACM, 2012. Google ScholarDigital Library
- emarketer. Driven by facebook and google, mobile ad market soars 105 http://www.emarketer.com/Article/Driven-by-Facebook-Google-Mobile-Ad-Market-Soars-10537--2013/1010690, 2014.Google Scholar
- Z. Fang, D. Yang, W. Zhang, H. Chen, and B. Zang. A comprehensive analysis and parallelization of an image retrieval algorithm. In Performance Analysis of Systems and Software (ISPASS), 2011 IEEE International Symposium on, pages 154--164. IEEE, 2011. Google ScholarDigital Library
- L. Guan, J. Lin, B. Luo, and J. Jing. Copker: Computing with private keys without ram. 2014.Google Scholar
- S. Guha, B. Cheng, and P. Francis. Privad: Practical privacy in online advertising. In NSDI, 2011. Google ScholarDigital Library
- R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy. Not-a-bot (nab): Improving service availability in the face of botnet attacks. 2009.Google Scholar
- N. Krawetz. Perceptual hash algorithm: the average hash algorithm. http://www.hackerfactor.com/blog/?/archives/432-Looks-Like-It.html.Google Scholar
- W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-K. Chu, and T. Li. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems, page 8. ACM, 2014. Google ScholarDigital Library
- B. Liu, S. Nath, R. Govindan, and J. Liu. Decaf: detecting and characterizing ad fraud in mobile apps. In Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation, pages 57--70. USENIX Association, 2014. Google ScholarDigital Library
- D. Liu and L. P. Cox. Veriui: Attested login for mobile devices. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, page 7. ACM, 2014. Google ScholarDigital Library
- H. Liu, S. Saroiu, A. Wolman, and H. Raj. Software abstractions for trusted sensors. In Proceedings of the 10th international conference on Mobile systems, applications, and services, pages 365--378. ACM, 2012. Google ScholarDigital Library
- D. G. Lowe. Distinctive image features from scale-invariant keypoints. International journal of computer vision, 60(2):91--110, 2004. Google ScholarDigital Library
- A. Metwally, D. Agrawal, and A. El Abbadi. Detectives: detecting coalition hit inflation attacks in advertising networks streams. In Proceedings of the 16th international conference on World Wide Web, pages 241--250. ACM, 2007. Google ScholarDigital Library
- B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's clicking what? techniques and innovations of today's clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 164--183. Springer, 2011. Google ScholarDigital Library
- T. Müller, F. C. Freiling, and A. Dewald. Tresor runs encryption securely outside ram. In USENIX Security Symposium, pages 17--17, 2011. Google ScholarDigital Library
- P. Pearce, V. Dave, C. Grier, K. Levchenko, S. Guha, D. McCoy, V. Paxson, S. Savage, and G. M. Voelker. Characterizing large-scale click fraud in zeroaccess. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ?14, pages 141--152, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- P. Pearce, A. P. Felt, G. Nunez, and D. Wagner. Addroid: Privilege separation for applications and advertisers in android. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pages 71--72. ACM, 2012. Google ScholarDigital Library
- H. Raj, S. Saroiu, A. Wolman, and J. Padhye. Splitting the bill for mobile data with simlets. In Proceedings of the 14th Workshop on Mobile Computing Systems and Applications, page 1. ACM, 2013. Google ScholarDigital Library
- A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. Swatt: Software-based attestation for embedded devices. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pages 272--282. IEEE, 2004.Google ScholarCross Ref
- S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: Separating smartphone advertising from applications. In USENIX Security Symposium, pages 553--567, 2012. Google ScholarDigital Library
- E. G. Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Williams, and F. B. Schneider. Logical attestation: an authorization architecture for trustworthy computing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 249--264. ACM, 2011. Google ScholarDigital Library
- V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas. Adnostic: Privacy preserving targeted advertising. In NDSS, 2010.Google Scholar
- E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on aes, and countermeasures. Journal of Cryptology, 23(1):37--71, 2010. Google ScholarDigital Library
- A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, implementation and verification of an extensible and modular hypervisor framework. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 430--444. IEEE, 2013. Google ScholarDigital Library
- Y. Xia, Y. Liu, and H. Chen. Architecture support for guest-transparent vm protection from untrusted hypervisor and physical attacks. In High Performance Computer Architecture (HPCA2013), 2013 IEEE 19th International Symposium on, pages 246--257. IEEE, 2013. Google ScholarDigital Library
- Y. Yarom and K. Falkner. Flush+reload: A high resolution, low noise, l3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14), pages 719--732, San Diego, CA, Aug. 2014. USENIX Association. Google ScholarDigital Library
- F. Yu, Y. Xie, and Q. Ke. Sbotminer: large scale search bot detection. In Proceedings of the third ACM international conference on Web search and data mining, pages 421--430. ACM, 2010. Google ScholarDigital Library
- F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 203--216. ACM, 2011. Google ScholarDigital Library
- X. Zhang, A. Ahlawat, and W. Du. Aframe: isolating advertisements from mobile applications in android. In Proceedings of the 29th Annual Computer Security Applications Conference, pages 9--18. ACM, 2013 Google ScholarDigital Library
Index Terms
- AdAttester: Secure Online Mobile Advertisement Attestation Using TrustZone
Recommendations
A weight-based clustering multicast routing protocol for mobile ad hoc networks
In mobile ad hoc networks, the mobile nodes can move arbitrarily without any centralised management mechanism. The topology of these networks can be very dynamic due to the mobility of mobile nodes. Under such changeable network topology, multicasting ...
A Study of Speed Aware Routing for Mobile Ad Hoc Networks
The flexibility of movement for the wireless ad hoc devices, referred to as node mobility, introduces challenges such as dynamic topological changes, increased frequency of route disconnections and high packet loss rate in Mobile Ad hoc Wireless Network ...
Neighborhood-Based Route Discovery Protocols for Mobile Ad Hoc Networks
Network-wide broadcasting is used extensively in mobile ad hoc networks for route discovery and for disseminating data throughout the network. Flooding is a common approach to performing network-wide broadcasting. Although it is a simple mechanism that ...
Comments