GGrantIndex
← Search

SaTC: CORE: Small: Defense by Deception of Smartphone Software Applications For Users With Disabilities

$483,610FY2022CSENSF

University Of Illinois At Chicago, Chicago IL

Investigators

Abstract

Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in business and personal use, and are deployed on diverse software and hardware smartphone platforms. Unfortunately, many users of such GAPs have disabilities - approximately 50 million in the USA alone and over 600 million worldwide - and it is difficult for these users to work with GAPs on their smartphones. Since there are hundreds of types of disabilities that may impair people in vision, movement, memory, oral communication and hearing, users with disabilities need specialized enhancements to GAPs that are based on accessibility technologies, which are fundamentally insecure, thus exposing users with disabilities to a variety of cyber-attacks. These malicious apps can use the accessibility technologies to prey on users with disabilities for financial gain, harming the users financially. Although there are hundreds of assistive approaches, there is almost no research to secure users with disabilities in using GAPs, especially after they are tricked to install and give permissions to run malicious assistive apps on their smartphones. This project addresses these issues by developing software to automatically deceive these malicious applications into revealing their intent, thus effectively detecting them, and protecting Internet users with disabilities. Furthermore, the project includes many activities to broaden the participation of underrepresented groups in computing. This project is based on a novel idea of the first-ever automated Defense by Deception (DbD) approach that protects targeted financial GAPs from malicious assistive apps by using game theory combined with weaponized phishing and realistic login generation, whereby smartphones will be secured even after complex malicious apps are deployed with full accessibility privileges. A key part of this project is to reconstructively generate fake GUIs of the doppelganger GAPs, whose user interface structures closely resemble the target financial GAP, from which the fake GUIs cannot be distinguished algorithmically. With the game-theoretical foundation of automating the use of deception to protect users with disabilities that the investigator produces in this research work, other researchers can collaborate more closely in securing GAPs by building on the proposed unifying abstraction of applying deception in an automated way. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →