Publication

Abstract : In smartphones, sensors are fundamental components to sensing-enabled mobile activities and applications. Mobile applications and websites access the sensors and use them in a variety of ways. Permission is required to access permission-imposed sensors, while users can access no-permission imposed sensors directly without any permission by using the generic sensor application programming interface (API). An attacker targets these sensors and makes smartphones vulnerable at the application and network level. Attackers gain access to sensor information and use it for various purposes like identifying personal identification numbers (PINs) and stealing personal information. This paper presents BPLMSBT, a novel Blockchain-based permission list for mitigating smartphone sensor-based threats by allowing benign users to access sensors through various channels. The permission list contains benign sources with sensor access permissions, while the blacklist contains malicious sources that access the sensors. Blockchain avoids the risks of centralized lists and maintains the list’s integrity through the immutability feature. Experimental results indicate that the proposed defence mechanism consumes less overhead and is more efficient. An informal security analysis proved that the BPLMSBT is capable of protecting against various attacks.