Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security

Carlton Shepherd, Elliot Hurley

TL;DR

This paper Frage explores whether mobile sensor data provide adequate entropy for security-critical tasks such as proximity detection and device pairing. It systematically measures four entropy notions ($H_0$, $H_1$, $H_2$, $H_{inf}$) across 25 modalities and four large public datasets, and finds a consistent gap between average-case and worst-case unpredictability due to inter-sensor redundancy. Using a Chow-Liu tree-based approach to estimate high-dimensional joint entropy, the authors show that even with many sensors, the min-entropy often plateaus far below cryptographic requirements (typically below 22 bits in the best cases). They translate these findings into practical guessing-attack costs and argue that sensor-based entropy is insufficient alone for secure applications, calling for more rigorous evaluation and hybrid designs that do not rely solely on mobile sensor data for security guarantees.

Abstract

Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values (max, Shannon, collision, and min-entropy) for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408-4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a ~75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1-23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only ~1-2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.

Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security

TL;DR

This paper Frage explores whether mobile sensor data provide adequate entropy for security-critical tasks such as proximity detection and device pairing. It systematically measures four entropy notions (, , , ) across 25 modalities and four large public datasets, and finds a consistent gap between average-case and worst-case unpredictability due to inter-sensor redundancy. Using a Chow-Liu tree-based approach to estimate high-dimensional joint entropy, the authors show that even with many sensors, the min-entropy often plateaus far below cryptographic requirements (typically below 22 bits in the best cases). They translate these findings into practical guessing-attack costs and argue that sensor-based entropy is insufficient alone for secure applications, calling for more rigorous evaluation and hybrid designs that do not rely solely on mobile sensor data for security guarantees.

Abstract

Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values (max, Shannon, collision, and min-entropy) for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408-4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a ~75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1-23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only ~1-2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.

Paper Structure

This paper contains 25 sections, 10 equations, 5 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Related Work
  4. Definitions
  5. Experiment Design
  6. Threat Model and Assumptions
  7. High-level Methodology
  8. Entropy Analysis
  9. Pre-processing
  10. Single Sensors
  11. Multi-modal Sensors
  12. Complexity Challenges
  13. Chow-Liu Approximation
  14. Results
  15. Binning Sensitivity Analysis
  16. ...and 10 more sections

Figures (5)

  • Figure 1: Global sensor data CDFs -- UCI-HAR (a--f) and Relay (g--l) datasets.
  • Figure 2: Pairwise sensor correlation matrices for each dataset.
  • Figure 3: Average joint entropy vs. number of combined sensors modalities.
  • Figure 4: Bin sensitivity analysis showing how entropy values vary by average bin width for the best-performing sensor combinations for each data set. Freedman--Diaconis (FD) and Scott's rule values are also shown.
  • Figure A.1: Pairwise mutual information (in bits) heatmaps for each dataset.

Theorems & Definitions (3)

  • Definition 2.1: Rényi Entropy
  • Definition 2.2: Joint Rényi Entropy
  • Definition 2.3: Kullback-Leibler (KL) Divergence