Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security

📅 2025-02-13
📈 Citations: 0
Influential: 0
📄 PDF

career value

219K/year
🤖 AI Summary
This work challenges the widely held “high-entropy” assumption of mobile sensor data in security-critical applications (e.g., device pairing, continuous authentication). Using four real-world smartphone sensor datasets, we systematically assess cryptographic-grade randomness via min-entropy analysis, cross-modal correlation modeling, and joint min-entropy lower-bound estimation. Results reveal critically low entropy: single-sensor min-entropy is only 3.4–3.5 bits; multi-sensor fusion suffers severe joint min-entropy degradation due to strong cross-modal correlations—under 20 modalities, most scenarios yield <10 bits, with a maximum of ~24 bits. We introduce the novel concept of “Entropy Collapse” to characterize this phenomenon, providing the first quantitative refutation of the entrenched belief that more sensors inherently improve security. Our findings demonstrate that raw sensor data are unsuitable as cryptographic random sources, urging caution in their use for entropy harvesting in practical systems.

Technology Category

Application Category

📝 Abstract
Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational assumption that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of smartphone sensor data across four diverse datasets spanning multiple application contexts. Our findings reveal pervasive biases, with single-sensor mean min-entropy values ranging from 3.408-3.508 bits (S.D.=1.018-1.574), while conventional Shannon entropy is several multiples higher. We further demonstrate that correlations between sensor modalities reduce the worst-case entropy of using multiple sensors by up to approx. 75% compared to average-case Shannon entropy. This brings joint min-entropy well below 10 bits in many cases and, in the best case, yielding only approx. 24 bits of min-entropy when combining 20 sensor modalities. These results call into question the widely held assumption that adding more sensors inherently yields higher security. We ultimately caution against relying on raw sensor data as a primary source of randomness.
Problem

Research questions and friction points this paper is trying to address.

Mobile sensor entropy insufficient for security
Biases reduce worst-case entropy significantly
Multiple sensors do not ensure higher security
Innovation

Methods, ideas, or system contributions that make the work stand out.

Systematic entropy analysis
Reveals pervasive sensor biases
Correlations reduce worst-case entropy
🔎 Similar Papers
No similar papers found.