 |
Android Encryption 2015 |
The proliferation and increased capability of “smartphones” have also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to the Android operating system. The work was presented in 2015.
Fang Yuan, Guang-Yi Wang and Bo-zhen Cai, “Android SMS Encryption System Based on Chaos,” 2015 IEEE 16th International Conference on Communication Technology (ICCT), Hangzhou, 2015, vol., no., pp. 856-862. doi:10.1109/ICCT.2015.7399961
Abstract: A new discrete switch-chaos system is proposed for generating chaotic PN sequences. Performance analysis with respect to Logistic map, Tent map and the new switch-chaos system are discussed, including the onto mapping range of the chaos system, the uniformity and pseudo-random of the sequences. An android SMS encryption system based on switch-chaos system is also designed. Experimental results show good performance and high utility value of the SMS encryption system.
Keywords: Android (operating system); chaotic communication; cryptography; electronic messaging; random sequences; telecommunication switching; Android SMS encryption system; chaotic PN sequence generation; discrete switch-chaos system; logistic map; pseudorandom sequence; tent map; Chaos; Encryption; Switches; Android SMS (ID#: 16-10800)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7399961&isnumber=7399781
P. Wächter and M. Gruhn, “Practicability Study of Android Volatile Memory Forensic Research,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, vol., no., pp. 1-6. doi:10.1109/WIFS.2015.7368601
Abstract: As Android device and application storage encryption becomes more widespread, memory analysis becomes more important. Memory is often the only data immediately accessible without decryption and in most cases stores the encryption keys of persistent data currently in use. This work therefore investigates the practicability of current research in forensics with regard to acquiring and analyzing volatile memory of Android smartphones. To this end, we investigate 8 different Android smartphones in their stock vendor configurations. While we are able to recreate current research results by specifically preparing specific phones the same way as described in the relevant research publications, we are only able to conduct a full acquisition and full analysis against 1 of our 8 sample smartphones in its stock configuration. Because the stock configuration, as shipped by the manufacturer, i.e. non-rooted and locked boot loader, is the most likely configuration encountered by forensic investigators, we unfortunately must conclude that current research methods are not applicable in practice. We further present reasons for our conclusion and possible resolutions which should be endeavored by future research.
Keywords: Android (operating system); computer bootstrapping; cryptography; digital forensics; storage management; Android device encryption; Android smartphone stock vendor configurations; Android volatile memory forensic research; application storage encryption; locked boot loader; nonrooted boot loader; persistent data encryption keys; Androids; Data mining; Forensics; Humanoid robots; Kernel; Linux; Smart phones (ID#: 16-10801)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368601&isnumber=7368550
I. B. Cioc, M. Jurian, I. Lita and R. M. Teodorescu, “A Method for Increasing Security in Electronic Communication Services Based on Text Messages Communication,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, vol., no., pp. AE-23–AE-26. doi:10.1109/ECAI.2015.7301181
Abstract: This paper presents a method used for increasing the security of sending text messages using public text communication services like email and SMS. It uses text encryption before sending the message through email or mobile phone (SMS), so, even [if] the message is received and viewed by another unauthorized person, it cannot be understood. The application was implemented in LabVIEW and can be used for sending encrypted text email between two or more users, using public email services. For encryption, the proposed application uses text encryption methods like symmetrical and asymmetrical encryption, using private encryption key or private and public encryption key. For sending encrypted SMS using this application, the text message must be previously encrypted, and then the encrypted message will be copied to the text window of the application for sending SMS running on the mobile phone. A similar application can be also developed for mobile phones with operating systems like android, iOS, windows mobile, etc. This application can be used also with any text message service, like Yahoo Messenger, facebook messenger, etc.
Keywords: operating systems (computers); private key cryptography; public key cryptography; smart phones; social networking (online); text analysis; LabVIEW; SMS; Yahoo Messenger; android; asymmetrical encryption; electronic communication services security; email; facebook messenger; iOS; mobile phones; operating systems; private encryption key; public encryption key; public text communication services; symmetrical encryption; text encryption methods; text messages; text window; windows mobile; Electronic mail; Encryption; Servers; Smart phones; text encryption/description; text message communication (ID#: 16-10802)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301181&isnumber=7301133
M. Masoud, I. Jannoud, A. Ahmad and H. Al-Shobaky, “The Power Consumption Cost of Data Encryption in Smartphones,” Open Source Software Computing (OSSCOM), 2015 International Conference on, Amman, 2015, vol., no., pp. 1-6. doi:10.1109/OSSCOM.2015.7372685
Abstract: This paper provides a performance evaluation of four different symmetric encryption algorithms in Android mobile platform. DES, Bluefish, RC6 and AES algorithms have been written and implemented in JAVA for Android platform utilizing an open source library called Bouncy castle. Different file sizes have been encrypted and power consumption has been measured. The results demonstrated that the cost of implementing these encryption algorithms in smartphones is high. Power consumption may prevent developers from utilizing encryption algorithms in their communication applications through smartphones. In addition, our results demonstrate the requirements of new power-saving ‘Green’ encryption algorithms. Finally, encryption algorithms are not about security only, power should be one requirement in designing these algorithms for smartphones.
Keywords: Android (operating system); mobile computing; security of data; smart phones; AES algorithm; Android mobile platform; Bluefish algorithm; Bouncy castle; DES algorithm; RC6 algorithm; data encryption; green encryption algorithms; smart phones; symmetric encryption algorithm; Algorithm design and analysis; Batteries; Encryption; Power demand; Smart phones; Software algorithms; Android; Battery Capacity; Encryption Algorithms; Power Consumption; Smartphones (ID#: 16-10803)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7372685&isnumber=7372674
W. Xiang-Gang, “Research and Implementation of Face Recognition System Based on Android,” Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on, Nanchang, 2015, vol., no., pp. 812-817. doi:10.1109/ICMTMA.2015.200
Abstract: Represented by smartphone mobile terminal equipment, mostly for using Android system, with the development of modern electronic communication technology, the Android system of image acquisition and processing technology is also in constant progress. The face recognition system based on Android system, which is representative of it greatly expand the function of the use of the Android system. Human face recognition system using the promising prospects in the field of encryption, because of its unique advantages, will be used more and more. This article will mainly introduce the Android system, face recognition system, the characteristics of the processing model and realization process, expect to further promote mobile encryption technology, to provide some reference.
Keywords: Android (operating system); cryptography; face recognition; mobile computing; smart phones; Android system; encryption; face recognition system; image acquisition; image processing; mobile terminal equipment; modern electronic communication technology; smartphone; Androids; Databases; Face; Face recognition; Feature extraction; Humanoid robots; Smart phones; implementation; the Android system (ID#: 16-10804)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7263694&isnumber=7263490
J. Xu and X. Yuan, “Developing a Course Module for Teaching Cryptography Programming on Android,” Frontiers in Education Conference (FIE), 2015. 32614 2015. IEEE, El Paso, TX, 2015, vol., no., pp. 1-4. doi:10.1109/FIE.2015.7344086
Abstract: Mobile platforms have become extremely popular among users and hence become an important platform for developers. Mobile devices often store tremendous amount of personal, financial and commercial data. Several studies have shown that large number of the mobile applications that use cryptography APIs have made mistakes. This could potentially attract both targeted and mass-scale attacks, which will cause great loss to the mobile users. Therefore, it is vitally important to provide education in secure mobile programming to students in computer science and other related disciplines. It is very hard to find pedagogical resources on this topic that many educators urgently need. This paper introduces a course module that teaches students how to develop secure Android applications by correctly using Android’s cryptography APIs. This course module is targeted to two areas where programmers commonly make many mistakes: password based encryption and SSL certificate validation. The core of the module includes a real world sample Android program for students to secure by implementing cryptographic components correctly. The course module will use open-ended problem solving to let students freely explore the multiple options in securing the application. The course module includes a lecture slide on Android’s Crypto library, its common misuses, and suggested good practices. Assessment materials will also be included in the course module. This course module could be used in mobile programming class or network security class. It could also be taught as a module in advanced programming class or used as a self-teaching tool for general public.
Keywords: application program interfaces; computer aided instruction; computer science education; cryptography; educational courses; mobile computing; smart phones; teaching; Android crypto library; Android program; SSL certificate validation; assessment materials; computer science; course module development; cryptographic components; cryptography API; cryptography programming; education; lecture slide; mass-scale attacks; mobile applications; mobile devices; mobile platforms; network security class; open-ended problem solving; password based encryption; pedagogical resources; secure Android applications; secure mobile programming class; targeted attacks; Androids; Encryption; Humanoid robots; Mobile communication; Programming; Android programming; SSL; course module; programming; security (ID#: 16-10805)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344086&isnumber=7344011
M. K. Debnath, S. Samet and K. Vidyasankar, “A Secure Revocable Personal Health Record System with Policy-Based Fine-Grained Access Control,” Privacy, Security and Trust (PST), 2015 13th Annual Conference on, Izmir, 2015, vol., no., pp. 109-116. doi:10.1109/PST.2015.7232961
Abstract: Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today’s fast-paced tech-dominant world. In our context, Personal Health Record (PHR) system has become a popular research area for sharing patients information very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Therefore, cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed. Attribute-based encryption can resolve these problems. We have proposed a framework with fine-grained access control mechanism that protects PHRs against service providers, and malicious users. We have used the Ciphertext Policy Attribute Based Encryption system as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation in a hierarchical scheme. The Web Services and APIs for the proposed framework have been developed and implemented, along with an Android mobile application for the system.
Keywords: authorisation; cryptography; data protection; electronic health records; API; Android mobile application; PHR system; Web services; access policies; access revocation; ciphertext policy attribute based encryption system; collaborative information sharing; cryptographic schemes; cryptographic technique; data protection; health professionals; malicious users; patients information sharing; policy-based fine-grained access control; secure revocable personal health record system; security mechanisms; service providers; system privacy; system security; tech-dominant world; user attributes; Access control; Data privacy; Encryption; Medical services; Servers; Attribute Revocation; Attribute-Based Encryption; Fine-Grained Access Control; Patient-centric Data Privacy; Personal Health Records (ID#: 16-10806)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232961&isnumber=7232940
M. Protsenko, S. Kreuter and T. Müller, “Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, vol., no., pp. 129-138. doi:10.1109/ARES.2015.98
Abstract: With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.
Keywords: Android (operating system); computer crime; cryptography; mobile computing; reverse engineering; Android apps; application piracy; dynamic code loading; dynamic obfuscation techniques; dynamic re-encryption; dynamic self-protection; mobile devices; native code; proprietary mobile software; tamperproofing; Androids; Encryption; Humanoid robots; Loading; Runtime; Software protection; Android; Software Protection (ID#: 16-10807)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299906&isnumber=7299862
C. Buckley, P. H. Pathak, A. K. Das, C. N. Chuah and P. Mohapatra, “AnonAD: Privacy-Aware Micro-Targeted Mobile Advertisements without Proxies,” Computer Communication and Networks (ICCCN), 2015 24th International Conference on, Las Vegas, NV, 2015, vol., no., pp. 1-8. doi:10.1109/ICCCN.2015.7288379
Abstract: Mobile advertisements have become the dominant source of revenue for mobile application developers, advertisers and brokers. Using novel sensing techniques and the advanced sensors of mobile devices, it has become feasible to determine a user’s fine-grained context such as her location, activity, and interests. This information can be used by the advertisement (ad) brokers to provide more relevant ads to the user based on her context. However, this has led to serious privacy risks, since a user can be tracked by the broker or an adversary based on her context. In this paper, we present AnonAd, an ad delivery scheme that allows users to protect their privacy when receiving micro-targeted ads from the broker. AnonAd utilizes the encryption of the user’s context based on a split-secret scheme that guarantees that the broker can decrypt the context only when there exists k other users in the same context. This way, a user’s privacy is protected with k-anonymity during the context report. We show that the split-secret scheme integrates seamlessly with existing homomorphic encryption-based schemes that can provide differential privacy for ad click reports. We implement AnonAd on Android smartphones and evaluate it with real users as well as simulated users that follow real mobility traces. Our results show that AnonAd achieves a balance between user’s privacy and relevancy of advertisements without the requirement of any additional proxy servers.
Keywords: cryptography; data protection; mobile computing; smart phones; Android smartphone; AnonAD; ad delivery scheme; homomorphic encryption-based scheme; mobile application developer; mobility trace; privacy protection; privacy-aware microtargeted mobile advertisement; split-secret scheme; user context encryption; Context; Encryption; Privacy; Sensors; Servers (ID#: 16-10808)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7288379&isnumber=7288342
Adam Shortall and M. A. Hannan Bin Azhar, “Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms,” 2015 Sixth International Conference on Emerging Security Technologies (EST), Braunschweig, Germany, 2015, vol., no., pp. 13-17. doi:10.1109/EST.2015.16
Abstract: Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.
Keywords: Data mining; Forensics; Mobile communication; Operating systems; Oxygen; Smart phones; Android; Forensic tools; Live data forensics; Mobile forensics; WhatsApp forensics; Windows Phone; iOS (ID#: 16-10809)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7429264&isnumber=7429252
M. Kühnel, M. Smieschek and U. Meyer, “Fast Identification of Obfuscation and Mobile Advertising in Mobile Malware,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, vol., no., pp. 214-221. doi:10.1109/Trustcom.2015.377
Abstract: The presence of mobile malware on Android devices is indisputable. For static analysis of mobile malware, the nature of the source code is of particular interest as it determines the amount of resources required for an in-depth analysis. On the one hand, the more obfuscation is used in the code, the more time is needed for static analysis. On the other hand, correct identification of various benign third party libraries can considerably speed up static analysis as these libraries can be omitted. In this paper we focus on very fast identification of Identifier renaming, Reflection, Encryption, and mobile Advertising (IREA) in mobile malware. We propose heuristics for detecting IREA in mobile malware and provide a chronological quantitative analysis of IREA in mobile malware gathered between October 2009 and July 2014. The chronological quantitative analysis reveals general facts about the evolution of mobile malware, e.g. that identifier renaming is still on the rise, reflection hit its peak in 2012 and that more than 10% of mobile malware employ third party libraries for mobile advertising and encryption purposes.
Keywords: invasive software; mobile computing; program diagnostics; Android devices; REA detection; chronological quantitative analysis; encryption; identifier renaming-reflection-encryption-and-mobile advertising; mobile malware; obfuscation identification; static analysis; Androids; Encryption; Humanoid robots; Java; Malware; Mobile communication; Mobile malware; mobile advertising; obfuscation (ID#: 16-10810)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345285&isnumber=7345233
S. Davis, B. Jones and H. Jiang, “Portable Parallelized Blowfish via RenderScript,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015 16th IEEE/ACIS International Conference on, Takamatsu, 2015, vol., no., pp. 1-6. doi:10.1109/SNPD.2015.7176197
Abstract: The recent rise in the popularity of mobile computing has brought the attention of mobile security to the forefront. As users depend more on tablets and smartphones, sensitive data is left to be secured using devices with vastly weaker resources than a typical computer. As mobile technology matures, the industry is starting to provide devices with multiple CPU cores in addition to other coprocessors such as GPUs. By using RenderScript, a new language technology on the Android platform, we hope to utilize the power of parallelism to increase the efficiency of the Blowfish encryption algorithm, while at the same time leveraging the power of RenderScript’s heterogenous execution to cope with the quickly changing mobile architectures in order to make the use of data encryption more feasible on a mobile platform. Experimental results demonstrate the effectiveness of RenderScript.
Keywords: Android (operating system); authoring languages; cryptography; mobile computing; parallel processing; Android platform; GPUs; RenderScript heterogenous execution; coprocessors; data encryption; language technology; mobile architectures; mobile computing; mobile security; mobile technology; multiple CPU cores; portable parallelized blowfish encryption algorithm; sensitive data; smartphones; tablets; Androids; Encryption; Humanoid robots; Java; Kernel; Resource management; Smart phones (ID#: 16-10811)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7176197&isnumber=7176160
M. Kennedy and R. Sulaiman, “Following the Wi-Fi Breadcrumbs: Network Based Mobile Application Privacy Threats,” Electrical Engineering and Informatics (ICEEI), 2015 International Conference on, Denpasar, Bali, 2015, vol., no., pp. 265-270. doi:10.1109/ICEEI.2015.7352508
Abstract: Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a user’s identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.
Keywords: cryptography; data privacy; smart phones; wireless LAN; Android applications; Wi-Fi breadcrumb; network based mobile application privacy threats; personal information disclosure; unencrypted traffic; user tracking; wireless network access; IEEE 802.11 Standard; Mobile applications; Object recognition; Privacy; Security; Smart phones; Wireless communication; android; mobile applications; privacy; security; wireless networks (ID#: 16-10812)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7352508&isnumber=7352453
C. Xenakis and C. Ntantogian, “Attacking the Baseband Modem of Mobile Phones to Breach the Users’ Privacy and Network Security,” Cyber Conflict: Architectures in Cyberspace (CyCon), 2015 7th International Conference on, Tallinn, 2015, vol., no.,
pp. 231-244. doi:10.1109/CYCON.2015.7158480
Abstract: As people are using their smartphones more frequently, cyber criminals are focusing their efforts on infecting smartphones rather than computers. This paper presents the design and implementation of a new type of mobile malware, named (U)SimMonitor for Android and iPhone devices, which attacks the baseband modem of mobile phones. In particular, the mobile malware is capable of stealing security credentials and sensitive information of the cellular technology including permanent and temporary identities, encryption keys and location of users. The developed malware operates in the background in a stealthy manner without disrupting the normal operation of the phone. We elaborate on the software architecture of (U)SimMonitor and provide implementation details for the specific AT commands used by the malware. We analyse the security impacts of (U)SimMonitor malware and we show that it can entirely breach the privacy of mobile users and the security of cellular networks. In particular, a mobile user with an infected phone can be identified and all his/her movements can be tracked. Moreover, all his/her encrypted phone calls and data sessions can be disclosed.
Keywords: computer network security; data privacy; invasive software; mobile radio; smart phones; Android devices; SimMonitor malware; baseband modem; cyber criminals; iPhone devices; mobile malware; mobile phones; network security; smartphones; software architecture; user privacy; Malware; Mobile communication; Mobile computing; Modems; Smart phones; AT commands; android; iPhone; mobile networks (ID#: 16-10813)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158480&isnumber=7158456
N. R. Kisore and S. Sagi, “A Secure SMS Protocol for Implementing Digital Cash System,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, India, 2015, vol., no., pp. 1883-1892. doi:10.1109/ICACCI.2015.7275893
Abstract: We propose a digital cash system suitable for low value transactions and a secure SMS protocol based on EC-MQV key agreement protocol and AES encryption algorithm to operate the proposed digital cash system. The key security aspects of the protocol are resilience to SIM cloning, SIM swapping attacks and possible message tampering using a GSM ghost base station. It further provides for 2 factor authentication by using IMSI number as proof of “what you have?” and a user provided password as proof of “what you know?”. The total cost of executing a financial transaction is 2 SMS messages. We use the proposed protocol to implement a digital cash system. We strongly believe such a low cost secure digital cash system can be a boon to extend financial services to people who are left out of regular banking services due to the high cost of providing the same through existing banking and payment solutions. The low communication cost associated with each financial transaction makes it financially viable for handling low value transactions. The proposed protocol was implemented for both android and J2ME mobile phones with an easy to use interface wherein any individual with number literacy can operate. This makes it easy to deploy in less developed economies where literacy is often a challenge.
Keywords: cryptographic protocols; electronic messaging; electronic money; mobile handsets; public key cryptography; AES encryption algorithm; Android mobile phones; EC-MQV key agreement protocol; GSM ghost base station; IMSI number; J2ME mobile phones; SIM cloning; SIM swapping attacks; Short Messaging Service; advanced encryption standard; authentication; banking services; digital cash system; message tampering; secure SMS protocol; user provided password; Logic gates; Mobile handsets; Protocols; Public key; Servers; Digital Cash; Elliptic curve; Secure SMS (ID#: 16-10814)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275893&isnumber=7275573
A. Munch-Ellingsen, R. Karlsen, A. Andersen and S. Akselsen, “Two-Factor Authentication for Android Host Card Emulated Contactless Cards,” Mobile and Secure Services (MOBISECSERV), 2015 First Conference on, Gainesville, FL, 2015, vol., no., pp. 1-6. doi:10.1109/MOBISECSERV.2015.7072874
Abstract: With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.
Keywords: Android (operating system); cryptography; near-field communication; smart phones; trusted computing; Android 4.4 KitKat; Android host card emulated contactless cards; Cipurse open ticketing standard; Cipurse specification; HCE application; NFC card emulation mode; OSPT; SIM card; Universal Integrated Circuit Card; authentication mechanism; data encryption; host card emulation; mobile phone; near field communication card emulation mode; public transportation; security issues; two-factor authentication mechanism; Androids; Authentication; Emulation; Humanoid robots; Mobile communication; Smart phones; Cipurse; Host Card Emulation; Near Field Communication; Trusted Service Manager (ID#: 16-10815)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7072874&isnumber=7072857
I. Mohamed and D. Patel, “Android vs iOS Security: A Comparative Study,” Information Technology – New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, vol., no., pp. 725-730. doi:10.1109/ITNG.2015.123
Abstract: The massive adoption of mobile devices by individuals as well as by organizations has brought forth many security concerns. Their significant abilities have resulted in their permeating use while correspondingly increasing their attractiveness as targets for cybercriminals. Consequently, mobile device vendors have increasingly focused on security in their design efforts. However, present security features might still be insufficient to protect users’ assets. In this paper, factors that influence security within the two leading mobile platforms, Android and iOS, are presented and examined to promote discussion while studying them under one umbrella. We consider various factors that influence security on both platforms, such as application provenance, application permissions, application isolation, and encryption mechanisms.
Keywords: Android (operating system); cryptography; iOS (operating system); mobile computing; mobile handsets; organisational aspects; Android security; application isolation; application permissions; application provenance; cybercriminals; design efforts; encryption mechanisms; iOS security; mobile device vendors; organizations; security features; Androids; Encryption; Google; Humanoid robots; Mobile communication; Mobile handsets; Android; Application store; Mobile Platform; Security; iOS
(ID#: 16-10816)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113562&isnumber=7113432
Y. Yuan, C. M. Cheng, S. Kiyomoto, Y. Miyake and T. Takagi, “Portable Implementation of Lattice-Based Cryptography Using JavaScript,” 2015 Third International Symposium on Computing and Networking (CANDAR), Sapporo, 2015, vol., no., pp. 58-67. doi:10.1109/CANDAR.2015.36
Abstract: Lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are in sight. In addition, JavaScript is a standard programming language for Web applications. It is now supported on a wide variety of computing platforms and devices with immense efficiency improvement in the past few years. In this paper, we present the results of our JavaScript implementation of several Lattice-based encryption schemes and show the speed performance on four common Web browsers on PC. Furthermore, we also show the performance on two smaller computing platforms, namely, tablets running the Android operating system, as well as Tessel, an embedded system equipped with an ARM Cortex-M3-grade microcontroller. Our results demonstrate that some of today’s Lattice-based cryptosystems can already have efficient JavaScript implementations and hence are ready for use on a growing list of JavaScript-enabled computing platforms.
Keywords: Android (operating system); Internet; Java; cryptography; embedded systems; lattice theory; microcontrollers; notebook computers; online front-ends; ARM Cortex-M3-grade microcontroller; Android operating system; JavaScript-enabled computing platform; Tessel; Web applications; Web browsers; cryptologic research community; embedded system; lattice-based cryptography portable implementation; lattice-based cryptosystem; lattice-based encryption scheme; quantum computers; tablets; Browsers; Encryption; Lattices; Performance evaluation; Public key; Android; JavaScript; Lattice-based cryptography (ID#: 16-10817)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424690&isnumber=7424253
S. Szlósarczyk and A. Schulte, “Voice Encrypted Recognition Authentication—VERA,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, vol., no., pp. 270-274. doi:10.1109/NGMAST.2015.74
Abstract: We propose VERA—an authentication scheme where sensitive data on mobile phones can be secured or whereby services can be locked by the user’s voice. Our algorithm takes use of acoustic fingerprints to identify the personalized voice. The security of the algorithm depends on the discrete logarithm problem in ZN where N is a safe prime. Further we evaluate two practical examples on Android devices where our scheme is used: First the encryption of any data(set). Second locking a mobile phone. Voice is the basic for both of the fields.
Keywords: acoustic signal processing; cryptography; smart phones; VERA scheme; acoustic fingerprints; data encryption; discrete logarithm problem; mobile phones; voice encrypted recognition authentication scheme; Acoustics; Authentication; Encryption; Mobile handsets; Protocols; Android; acoustic fingerprint; authentication; biometrics; encryption; voice (ID#: 16-10818)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373254&isnumber=7373199
I. Denisow, S. Zickau, F. Beierle and A. Küpper, “Dynamic Location Information in Attribute-Based Encryption Schemes,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, vol., no., pp. 240-247. doi:10.1109/NGMAST.2015.63
Abstract: Attribute-based encryption (ABE) allows users to encrypt (cloud) data with fine-grained Boolean access control policies. To be able to decrypt the ciphertext, users need to have a private key with the associated attributes. If the attributes satisfy the formula, the plaintext can be recovered. In this paper, ABE is extended with dynamic attributes. This allows attributes to be added to an existing private key. A server component named Attribute Authority is introduced. By using these dynamic attributes, it is now possible to have the decryption depend on data that changes often, such as location information of a mobile device. Two schemes were developed that convert location data into usable ABE attributes. To demonstrate our results, an Android application was implemented and evaluated in a field test.
Keywords: Android (operating system); authorisation; cloud computing; mobile computing; private key cryptography; Android application; Boolean access control policies; associated attributes; attribute authority; attribute-based encryption schemes; ciphertext decryption; cloud data encryption; dynamic attributes; dynamic location information; location data; mobile device; plaintext recovery; private key; server component; usable ABE attributes; Access control; Encryption; Java; Libraries; Mobile handsets; Public key; Attribute-based Encryption Schemes; Cloud Data; Dynamic Attribute Information; Location-based Access Control (ID#: 16-10819)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373250&isnumber=7373199
S. Singh, R. Jain, P. Deep and S. Agarwal, “Developing Mobile Message Security Application Using 3D Playfair Cipher Algorithm,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, vol., no., pp. 838-841. doi:10.1109/ICACEA.2015.7164820
Abstract: The theme of this research is to provide security for the messages of an Android phone that contains alphabets, numerals and special characters. This research overrules the functioning of Application Lock and secures the messages by encrypting through 3D-Playfair Cipher (4 × 4 × 4). 3D-Playfair works on trigraph and supports all of the 26 alphabets {A to Z}, the 10 digits {0 to 9} and the 28 basic special characters. 3D-Playfair increases the security by maximizing complexity. Using this application, all the messages will be displayed in the encrypted form on the mobile screen which can be decrypted upon the verification of valid user.
Keywords: Android (operating system); computational complexity; cryptography; smart phones; 3D playfair cipher algorithm; Android phone; application lock; complexity maximization; decrypted; encrypted form; mobile message security application; mobile screen; special characters; valid user verification; Ciphers; Encryption; Floors; Smart phones; Three-dimensional displays; 3D Playfair cipher; Android Application; trigraph (ID#: 16-10820)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164820&isnumber=7164643
R. Stevens and H. Chen, “Predictive Eviction: A Novel Policy for Optimizing TLS Session Cache Performance,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, vol., no., pp. 1-7. doi:10.1109/GLOCOM.2015.7417274
Abstract: Transport Layer Security (TLS) is the most commonly used security protocol to encrypt web traffic. TLS connections are computationally expensive to set up, so the TLS protocol supports session resumption, where previously negotiated connection parameters can be used to short-circuit the TLS handshake. The server assigns new sessions a session identifier (ID) and caches each session by its ID so it can be retrieved later. As clients come and go, sessions in the server’s cache will have to be evicted according to the server’s eviction policy. We find that first-in-first-out (FIFO) and least-recently-used (LRU) are the most common session cache eviction policies among popular TLS libraries, however, for applications whose clients connect at regular intervals, such as mobile advertising, the performance of these policies may be far worse than randomly evicting policies from the cache. To handle this, we propose a novel eviction policy for TLS session caches, predictive eviction, that relies on the server knowing the next time each client will connect again. Using a real-world application of such a policy, Android in-application advertising, we build a client that is able to simulate the behavior of a large number of devices requesting mobile advertisements over TLS. We use this simulated client to benchmark the hit rate of the predictive policy compared with eviction policies found in popular TLS library implementations. In addition, we demonstrate that our policy can be implemented efficiently by benchmarking its performance in transactions per second compared with OpenSSL’s session cache implementation, and compared with TLS session tickets (an alternative to session caching for resuming TLS sessions). We find that our policy has better hit rate performance than other eviction policies, and can achieve comparable performance to session tickets. To the best of our knowledge, this is the first study of the performance of TLS session resumption strategies.
Keywords: Internet; cache storage; cryptographic protocols; Android in-application advertising; FIFO; ID; LRU; OpenSSL session cache; TLS library; TLS session cache performance optimization; TLS session resumption strategy; Web traffic encryption; first-in-first-out session cache eviction policy; hit rate performance; least-recently-used session cache eviction policy; mobile advertisements; predictive eviction; security protocol; session identifier; transport layer security; Advertising; Cryptography; Libraries; Mobile communication; Protocols; Servers (ID#: 16-10821)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417274&isnumber=7416057
P. P. Nayadkar, “Automatic and Secured Backup and Restore Technique in Android,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-4. doi:10.1109/ICIIECS.2015.7193103
Abstract: In today’s world Smartphone users are increasing day by day. As Smartphone’s have always been connected with the internet it plays very important role in a user’s daily life. Almost all Important data are stored in Smartphone’s compared to desktops or PC’s. This increases the chances of data theft, loss or failure from Smartphone’s so backup and restore technique is used for preventing loss of data. But there are many challenges faced by the user while taking backup because of operating systems and versions available in the market. In this paper, we apply automatic as well as an encrypted backup technique for an Android device as per as security is concerned.
Keywords: Android (operating system); mobile computing; security of data; smart phones; Android restore technique; PC; Smartphone users; automatic backup; data theft; desktops; encrypted backup technique; operating systems; secured backup; Cloud computing; Encryption; Smart phones; Synchronization; Backup and Restore; Backup techniques; Mobile devices; Smartphone (ID#: 16-10822)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193103&isnumber=7192777
Prajitha, M V, Rekha, P and Amrutha, George A, “A Secured Authentication Protocol Which Resist[s] Password Reuse Attack,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-5. doi:10.1109/ICIIECS.2015.7193082
Abstract: Passwords are the powerful tools that tend to keep all data and information digitally safe. It is frequently noticed that text password remains predominantly popular over the other formats of passwords, due to the fact that it is simple and expedient. However, text passwords are not always sturdy enough and are very easily stolen and misused under different vulnerabilities. Other persons can obtain a text password when a person creates a weak password or a password that is completely reused in many sites. In this condition if one password is hacked, it can be used for all the websites. This is called the Domino Effect. Another unsafe situation is when a person enters his/her password in a computer that is not trust-worthy; the password is prone to stealing attacks such as phishing, malware and key loggers etc. Among the most significant current threats to online banking are keylogging and phishing. These attacks extract user identity and account information to be used later for unauthorized access to user’s financial accounts. This paper proposes a user authentication protocol which leverages a user’s Android Smartphone and short message service to resist password stealing and password reuse attacks. This protocol only requires each participating website possesses a unique phone number and users only need to remember a long-term password for login on all websites. To provide more security to Android Smartphone, an additional method called color pattern screen locking is also proposed in this paper.
Keywords: Android (operating system); Web sites; computer crime; invasive software; message authentication; smart phones; Android smartphone; color pattern screen locking; domino effect; financial accounts; key loggers; keylogging; malware; online banking; password hacking; password reuse attacks; password stealing; phishing; short message service; stealing attacks; text passwords; user authentication protocol; Authentication; Computers; Cryptography; Mobile handsets; Protocols; Servers; Encryption and decryption; Network security; Password; password reuse attack; password stealing attack (ID#: 16-10823)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193082&isnumber=7192777
A. Jevremovic and M. Veinovic, “Development of the Android-Based Secure Communication Device,” Telecommunication in Modern Satellite, Cable and Broadcasting Services (TELSIKS), 2015 12th International Conference on, Niš, Serbia, 2015, vol., no., pp. 385-388. doi:10.1109/TELSKS.2015.7357837
Abstract: The possibility of secure communication used only to be the privilege of professional services and systems which could afford to allocate enormous funds for the development of specialized communication devices. Nowadays, through the popularization of the open-source development model, significant reduction of development costs was thus enabled, together with maintaining a high level of security. Such development implies the inclusion of ready-made components, the operating principles of which may be checked and modified, when needed. This paper shall elaborate on key issues concerning the development of mobile devices for secure communication based on the Android platform.
Keywords: Android (operating system); cryptography; public domain software; smart phones; Android platform; Android-based secure communication device; Linux; custom cipher; mobile device; open-source development model; ready-made component; Encryption; Hardware; Kernel; Linux; Protocols; Android; Secure communication; custom cipher (ID#: 16-10824)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357837&isnumber=7357713
R. Divya and S. Muthukumarasamy, “An Impervious QR-Based Visual Authentication Protocols to Prevent Black-Bag Cryptanalysis,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-6. doi:10.1109/ISCO.2015.7282330
Abstract: Black-bag cryptanalysis is used to acquire the cryptographic secrets from the target computers and devices through burglary or covert installation of keylogging and Trojan horse hardware/software. To overcome black-bag cryptanalysis, the secure authentication protocols are required. It mainly focuses on keylogging where the keylogger hardware or software is used to capture the client’s keyboard strokes to intercept the password. They considers various root kits residing in PCs (Personnel Computers) to observe the client’s behavior that breaches the security. The QR code can be used to design the visual authentication protocols to achieve high usability and security. The two authentication protocols are Time based One-Time-Password protocol and Password-based authentication protocol. Through accurate analysis, the protocols are proved to be robust to several authentication attacks. And also by deploying these two protocols in real-world applications especially in online transactions, the strict security requirements can be satisfied.
Keywords: QR codes; cryptographic protocols; invasive software; message authentication; QR code; QR-based visual authentication protocol; Trojan horse hardware/software; authentication attack; black-bag cryptanalysis; burglary; covert installation; cryptographic secret; keylogger hardware; keylogger software; keylogging; online transaction; password-based authentication protocol; personnel computer; secure authentication protocol; time based one-time-password protocol; Encryption; Hardware; Keyboards; Personnel; Protocols; Robustness; Android; Attack; Authentication; Black-bag cryptanalysis; Keylogging; Malicious code; Pharming; Phishing; Session hijacking; visualization (ID#: 16-10825)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282330&isnumber=7282219
L. Malina, J. Hajny and V. Zeman, “Usability of Pairing-Based Cryptography on Smartphones,” Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, Prague, 2015, vol., no., pp. 617-621. doi:10.1109/TSP.2015.7296337
Abstract: This paper deals with the usability of pairing-based cryptography on smartphones. Pairing-based cryptographic schemes can offer many advanced cryptographic primitives such as privacy protection, identity-based encryption and so on. These schemes are used to secure services and applications that may run on hand-held devices. Nevertheless, pairing operations are more expensive than modular arithmetic operations that are used in conventional cryptographic schemes. In this work, we investigate the performance of pairing operations on current smartphones. Then, we implement and evaluate a pairing-based group signature scheme on smartphones. Further, we show optimization techniques that can reduce expensive pairing operations in pairing-based schemes. Our results help to clarify whether these schemes are suitable to run on current smartphones.
Keywords: cryptography; optimisation; smart phones; cryptographic primitives; hand-held devices; identity based encryption; modular arithmetic operations; pairing based cryptographic schemes; pairing based group signature scheme; privacy protection; smartphones; Androids; Cryptography; Elliptic curves; Humanoid robots; Optimization; Smart phones; Subspace constraints; Bilinear Pairing; Cryptography; Group Signatures; Optimization; Performance; Smartphones (ID#: 16-10826)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7296337&isnumber=7296206
E. Huseynov and J. M. Seigneur, “WiFiOTP: Pervasive Two-Factor Authentication Using Wi-Fi SSID Broadcasts,” ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015, Barcelona, 2015, vol., no., pp. 1-8. doi:10.1109/Kaleidoscope.2015.7383630
Abstract: Two-factor authentication can significantly reduce risks of compromised accounts by protecting from weak passwords, online identity theft and other online fraud. This paper presents a new easy solution to implement two-factor authentication without affecting user experience by introducing minimum user interaction based on standard Wi-Fi. It has been validated with different software and hardware implementations in a real life environment to show it can easily be deployed in many cases.
Keywords: fraud; message authentication; ubiquitous computing; wireless LAN; Wi-Fi SSID broadcasts; WiFiOTP; minimum user interaction; online fraud; online identity theft; pervasive two-factor authentication; weak password; Androids; Authentication; Decision support systems; Encryption; Humanoid robots; Servers; multi-factor authentication; user-friendly security (ID#: 16-10827)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7383630&isnumber=7383613
M. Aliasgari, N. Sabol and A. Sharma, “Sesame: A Secure and Convenient Mobile Solution for Passwords,” Mobile and Secure Services (MOBISECSERV), 2015 First Conference on, Gainesville, FL, 2015, vol., no., pp. 1-5. doi:10.1109/MOBISECSERV.2015.7072879
Abstract: Passwords are the main and most common method of remote authentication. However, they have their own frustrating challenges. Users tend to forget passwords that are chosen to be hard to guess. Password managers are an approach to keeping our passwords safe. However, they mainly rely on one master password to secure all of our passwords. If this master password is compromised then all other passwords can be recovered. In this work, we introduce Sesame: a secure yet convenient mobile-based, voice-activated password manager. It combines all different methods of user authentication to create a more robust digital vault for personal data. Each password is encrypted with a new fresh key on the user’s mobile device for maximum security. The keys are stored in our servers in a protected format. The user has the option of backing up the encrypted passwords in any cloud service. To view a password, the user only needs to utter the name of a web service, and speaker and speech recognition are applied for authentication. Only the key for that service is sent to the mobile application and the password is decrypted and displayed. The biggest advantage of Sesame is that the user need not assume any trust to neither our servers nor any cloud storage. Also, there is no need to enter a master password every time since speaker recognition is used. However, as an alternative to voice, users can view their passwords using a master password in case voice is not available. We provide a brief analysis of the security of our solution that has been implemented on Android platform and freely available on Google Play. Sesame is an ideal and practical solution for mobile password managers.
Keywords: Android (operating system); Web services; authorisation; cloud computing; cryptography; mobile computing; speaker recognition; Android platform; Google Play; Sesame; Web service; cloud service; cloud storage; digital vault; master password; mobile application; mobile device; mobile-based voice-activated password manager; password decryption; password encryption; personal data; remote authentication; speaker recognition; speech recognition; Authentication; Cryptography; Mobile handsets; Servers; Speaker recognition; Speech recognition; Biometrics; Mobile Authentication; Password Management; Secure Cloud Storage (ID#: 16-10828)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7072879&isnumber=7072857
J. Gan, R. Kok, P. Kohli, Y. Ding and B. Mah, “Using Virtual Machine Protections to Enhance Whitebox Cryptography,” Software Protection (SPRO), 2015 IEEE/ACM 1st International Workshop on, Florence, 2015, vol., no., pp. 17-23. doi:10.1109/SPRO.2015.12
Abstract: Since attackers can gain full control of the mobile execution environment, they are able to examine the inputs, outputs, and, with the help of a disassembler/debugger the result of every intermediate computation a cryptographic algorithm carries out. Essentially, attackers have total visibility into the cryptographic operation. Whitebox cryptography aims at protecting keys from disclosed in software implementation. With theoretically unbounded resources a determined attacker is able to recover any confidential keys and data. A strong whitebox cipher implementation as the cornerstone of security is essential for the overall security in mobile environments. Our goal is to provide an increased degree of protection given the constraints of a software solution and the resource constrained, hostile-host environments. We seek neither perfect protection nor long-term guarantees, but rather a practical level of protection to balance cost, security and usability. Regular software updates can be applied such that the protection will need to withstand a limited period of time. V-OS operates as a virtual machine (VM) within the native mobile operating system to provide a secure software environment within which to perform critical processes and computations for a mobile app.
Keywords: cryptography; mobile computing; virtual machines; V-OS; confidential keys; cryptographic algorithm; mobile application; mobile execution environment; secure software environment; software implementation; virtual machine protection; whitebox cipher implementation; whitebox cryptography; Androids; Encryption; Microprogramming; Mobile communication; Object recognition; Virtual machining; Anti-Debugging; Anti-Reverse Engineering; Code Obfuscation; Data Obfuscation; Fingerprinting; Mobile Code; Software Licensing; Software Renewability; Software Tamper Resistance; Virtual Machine Protections (VMP); Whitebox Cryptography (WBC) (ID#: 16-10829)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7174806&isnumber=7174794
W. Zegers, S. Y. Chang, Y. Park and J. Gao, “A Lightweight Encryption and Secure Protocol for Smartphone Cloud,” Service-Oriented System Engineering (SOSE), 2015 IEEE Symposium on, San Francisco Bay [Area], CA, 2015, vol., no., pp. 259-266. doi:10.1109/SOSE.2015.47
Abstract: User data on mobile devices are always transferred into Cloud for flexible and location-independent access to services and resources. The issues of data security and privacy data have been often reverted to contractual partners and trusted third parties. As a matter of fact, to project data, data encryption and user authentication are fundamental requirements between the mobile devices and the Cloud before a data transfer. However, due to limited resources of the smartphones and the unawareness of security from users, data encryption has been the last priority in mobile devices, and the authentication between two entities always depends on a trusted third party. In this paper, we propose a lightweight encryption algorithm and a security handshaking protocol for use specifically between in mobile devices and in Cloud, with the intent of securing data on the user side before it is migrated to cloud storages. The proposed cryptographic scheme and security protocol make use of unique device specific identifiers and user supplied credentials. It aims to achieve a usersoriented approach for Smartphone Cloud. Through experiments, we demonstrated that the proposed cryptographic scheme requires less power consumption on mobile devices.
Keywords: authorisation; cloud computing; cryptographic protocols; data privacy; smart phones; cloud storages; contractual partners; cryptographic scheme; data encryption; data security; data transfer; lightweight encryption algorithm; location-independent access; mobile devices; privacy data; project data; secure protocol; security handshaking protocol; security protocol; smart phone cloud; trusted third party; user authentication; user data; Authentication; Encryption; Mobile communication; Protocols; Smart phones; Android; Cloud; Cryptography; Mobile devices and smartphones; Security (ID#: 16-10830)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133539&isnumber=7133490
J. Xu, L. Zhang, D. Lin and Y. Mao, “Recommendable Schemes of Anti-decompilation for Android Applications,” Frontier of Computer Science and Technology (FCST), 2015 Ninth International Conference on, Dalian, China, 2015, vol., no., pp. 184-190. doi:10.1109/FCST.2015.76
Abstract: Currently, Regular Android software, injected in malicious code, is one of the important factors of that Android virus run rampant. Protecting the Android software has become a focus of attention in academia and industry. Addressing the safety protection issues of the Android software, this paper will present some new schemes for Android software security technology. On the basis of existing research results, we will propose some recommendable solutions to prevent android applications being decompiled. Take advantage of these methods, we will build the Android software protection system, which will mostly eliminate the feasibility of the secondary packaging for Android software, and extend the Android software safety lifecycle.
Keywords: Android (operating system); invasive software; mobile computing; Android applications; Android software protection system; Android software safety lifecycle; Android software security technology; Android virus; malicious code; recommendable antidecompilation schemes; safety protection issues; Androids; Encryption; Humanoid robots; Smart phones; Software (ID#: 16-10831)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7314672&isnumber=7314625
J. Cui, D. She, J. Ma, Q. Wu and J. Liu, “A New Logistics Distribution Scheme Based on NFC,” Network and Information Systems for Computers (ICNISC), 2015 International Conference on, Wuhan, 2015, vol., no., pp. 492-495. doi:10.1109/ICNISC.2015.48
Abstract: There are many disadvantages in the logistics distribution scheme today. The package may be taken by mistake and the information of consumers on the package may be hooked up illegally. What is more, it needs lots of couriers and costs plenty of money. To solve these problems above, a more effective logistics distribution scheme based on Near Field Communication is proposed. Many key technologies, such as the data exchange technology among android APP, server and NFC module, the data transmission technology by NFC and so on, are used in this scheme. The information is encrypted by ASE while transmission from one place to another. By contrasting the existing schemes and the new scheme, it is obvious that the new scheme has more advantages. Finally, the performance of the scheme is tested. The scheme makes logistics distribution automated greatly by the NFC, PN532 and arduino. In addition, it can ensure the safety of consumer privacy largely. All in all, the data of the test indicates that the new scheme has better performance.
Keywords: cryptography; data privacy; goods distribution; logistics data processing; mobile computing; near-field communication; production engineering computing; Android application; Arduino; NFC; consumer privacy; data exchange technology; data transmission technology; information encryption; logistics distribution scheme; near field communication; Cryptography; Databases; Logistics; Servers; Smart phones; AES; Logistics distribution; NFC (ID#: 16-10832)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7311934&isnumber=7311794
P. Amthor and W. E. Kühnhauser, “Security Policy Synthesis in Mobile Systems,” Services (SERVICES), 2015 IEEE World Congress on, New York City, NY, 2015, vol., no., pp. 189-197. doi:10.1109/SERVICES.2015.36
Abstract: Contemporary mobile devices have become universal and versatile tools that increasingly are used in sensitive application scenarios. They inevitably carry confidential information such as passwords, encryption keys, mission-critical company data, or location information in combat areas. In order to meet sophisticated security requirements, recent technology focuses on policy-oriented approaches that allow for the definition and enforcement of rigorous and precise rules for protecting confidential information. State-of-the-art development of security policies is a critical process, because of the involved quality assurance measures, it is quite heavy-weighted and tends to antagonize the distinguished virtues of mobile devices for lightweight, spontaneous communication and cooperation. This paper presents an approach to support secure, mobile device based cooperation in temporary, sporadically and spontaneously fashioned cliques within open communication infrastructures. The approach is based upon light-weight security domains protected by security policies that are dynamically and automatically composed during group formation. Due to the volatile nature of such groups simplicity, adaptability, efficiency and compatibility with today’s security policy implementation techniques have been a major design goal.
Keywords: mobile computing; security of data; confidential information; contemporary mobile devices; light-weight security domains; mobile device based cooperation; mobile systems; policy-oriented approaches; security policy synthesis; Androids; Companies; Humanoid robots; Mobile communication; Security; Smart phones; Android Security Extensions; Flaskdroid; MOSES; Mobile computing; SE Android; SE Linux; ad-hoc cooperation; metapolicy; mobile devices security; policy-controlled system; security domain; security policy (ID#: 16-10833)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7196524&isnumber=7196486
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.