Peter Gilbert, Jaeyeon Jung, Kyungmin Lee, Henry Qin, Daniel Sharkey, Anmol Sheth, and Landon P. Cox
As more services have come to rely on sensor data such as audio and photos collected by mobile phone users, verifying the authenticity of this data has become critical for service correctness. At the same time, clients require the flexibility to tradeoff the fidelity of the data they contribute for resource efficiency or privacy. This paper describes YouProve, a partnership between a mobile device’s trusted hardware and software that allows untrusted client applications to directly control the fidelity of data they upload and services to verify that the meaning of source data is preserved. The key to our approach is trusted analysis of derived data, which generates statements comparing the content of a derived data item to its source. Experiments with a prototype implementation for Android demonstrate that YouProve is feasible. Our photo analyzer is over 99% accurate at identifying regions changed only through meaning-preserving modifications such as cropping, compression, and scaling. Our audio analyzer is similarly accurate at detecting which sub-clips of a source audio clip are present in a derived version, even in the face of compression, normalization, splicing, and other modifications. Finally, performance and power costs are reasonable, with analyzers having little noticeable effect on interactive applications and CPU-intensive analysis completing asynchronously in under 70 seconds for 5-minute audio clips and under 30 seconds for 5-megapixel photos.