Re: [deviceorientation] add security and privacy section

Hi Chaals,

Here is a free link to the paper: 
http://arxiv.org/abs/1602.04115

Our solution suggests for requiring explicit permissions from the users. 

We also believe that the solutions available in the literature have failed to be practical. An industrial solution which has been applied by Chrome was decreasing the sampling rate (from 200Hz to 60Hz), which seems not successful too, since we reveal the PINs even on the frequency of 20Hz. 

Thanks,
Maryam

________________________________________
From: Chaals McCathie Nevile <chaals@yandex-team.ru>
Sent: Thursday, February 18, 2016 5:57 PM
To: public-geolocation@w3.org; maryammjd via GitHub
Subject: Re: [deviceorientation] add security and privacy section

On Wed, 10 Feb 2016 12:40:10 +0100, maryammjd via GitHub
<sysbot+gh@w3.org> wrote:

> @timvolodine
> The security discussion is nice, however the security and privacy
> risks associated with this issue are more than fingerprinting the
> mobile devices. As we discussed it with the W3C Geolocation Working
> Group via emails, our
> [paper](http://www.sciencedirect.com/science/article/pii/S2214212615000678)
>  (published in the Journal of Information Security and Applications)
> shows that these sensor measurements can reveal the user's PINs. It is
>  worth mentioning this level of security risks in the security
> consideration section.

Hi Maryam,

is the paper available somewhere for less than $30? Or do the mitigations
suggested in the conclusion look at either the use of vibration, e.g. the
vibration API, to add noise to the data, or the little trick done by e.g.
BancoSantander where they provide an onscreen keyboard that randomly
shuffles key positions at each keypress?

cheers

Chaals

--
Charles McCathie Nevile - web standards - CTO Office, Yandex
  chaals@yandex-team.ru - - - Find more at http://yandex.com

Received on Thursday, 18 February 2016 18:26:55 UTC