As more services have come to rely on sensor data such
as audio and photos collected by mobile phone users, verifying
the authenticity of this data has become critical for service
correctness. At the same time, clients require the flexibility
to tradeoff the fidelity of the data they contribute for resource
efficiency or privacy. This paper describes YouProve,
a partnership between a mobile device’s trusted hardware
and software that allows untrusted client applications to directly
control the fidelity of data they upload and services
to verify that the meaning of source data is preserved. The
key to our approach is trusted analysis of derived data, which
generates statements comparing the content of a derived data
item to its source. Experiments with a prototype implementation
for Android demonstrate that YouProve is feasible.
Our photo analyzer is over 99% accurate at identifying regions
changed only through meaning-preserving modifications
such as cropping, compression, and scaling. Our audio
analyzer is similarly accurate at detecting which sub-clips of
a source audio clip are present in a derived version, even in
the face of compression, normalization, splicing, and other
modifications. Finally, performance and power costs are reasonable,
with analyzers having little noticeable effect on interactive
applications and CPU-intensive analysis completing
asynchronously in under 70 seconds for 5-minute audio
clips and under 30 seconds for 5-megapixel photos.