scholarly journals Authenticator Rebinding Attack of the UAF Protocol on Mobile Devices

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Hui Li ◽  
Xuesong Pan ◽  
Xinluo Wang ◽  
Haonan Feng ◽  
Chengjie Shi
Keyword(s):  
Mobile Devices ◽  
Actual System ◽  
Authentication Mechanism ◽  
Android Platform ◽  
Android Applications

We present a novel attack named “Authenticator Rebinding Attack,” which aims at the Fast IDentity Online (FIDO) Universal Authentication Framework (UAF) protocol implemented on mobile devices. The presented Authenticator Rebinding Attack rebinds the victim’s identity to the attacker’s authenticator rather than the victim’s authenticator being verified by the service in the UAF protocol, allowing the attacker to bypass the UAF protocol local authentication mechanism by imitating the victim to perform sensitive operations such as transfer and payment. The lack of effective authentication between entities in the implementations of the UAF protocol used in the actual system causes the vulnerability to the Authenticator Rebinding Attack. In this paper, we implement this attack on the Android platform and evaluate its implementability, where results show that the proposed attack is implementable in the actual system and Android applications using the UAF protocol are prone to such attack. We also discuss the possible countermeasures against the threats posed by Authenticator Rebinding Attack for different stakeholders implementing UAF on the Android platform.

scholarly journals Building Standardized and Secure Mobile Health Services Based on Social Media

Electronics ◽  
2020 ◽  
Vol 9 (12) ◽  
pp. 2208
Author(s):  
Jesús D. Trigo ◽  
Óscar J. Rubio ◽  
Miguel Martínez-Espronceda ◽  
Álvaro Alesanco ◽  
José García ◽  
...  
Keyword(s):  
Social Media ◽  
Mobile Devices ◽  
Mobile Health ◽  
Healthcare Services ◽  
Small Scale ◽  
Proof Of Concept ◽  
Privacy And Security ◽  
Health Level 7 ◽  
Information Embedding ◽  
Android Applications

Mobile devices and social media have been used to create empowering healthcare services. However, privacy and security concerns remain. Furthermore, the integration of interoperability biomedical standards is a strategic feature. Thus, the objective of this paper is to build enhanced healthcare services by merging all these components. Methodologically, the current mobile health telemonitoring architectures and their limitations are described, leading to the identification of new potentialities for a novel architecture. As a result, a standardized, secure/private, social-media-based mobile health architecture has been proposed and discussed. Additionally, a technical proof-of-concept (two Android applications) has been developed by selecting a social media (Twitter), a security envelope (open Pretty Good Privacy (openPGP)), a standard (Health Level 7 (HL7)) and an information-embedding algorithm (modifying the transparency channel, with two versions). The tests performed included a small-scale and a boundary scenario. For the former, two sizes of images were tested; for the latter, the two versions of the embedding algorithm were tested. The results show that the system is fast enough (less than 1 s) for most mHealth telemonitoring services. The architecture provides users with friendly (images shared via social media), straightforward (fast and inexpensive), secure/private and interoperable mHealth services.

scholarly journals Detecting Colluding Inter-App Communication in Mobile Environment

2020 ◽  
Vol 10 (23) ◽  
pp. 8351
Author(s):  
Rosangela Casolare ◽  
Fabio Martinelli ◽  
Francesco Mercaldo ◽  
Antonella Santone
Keyword(s):  
Model Checking ◽  
Mobile Devices ◽  
Private Information ◽  
End Users ◽  
Home Automation ◽  
Mobile Environment ◽  
Data Support ◽  
Bank Transfer ◽  
Android Applications

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method.

scholarly journals Data (Video) Encryption in Mobile devices

2017 ◽  
Vol 2 (3) ◽  
pp. 32-39
Author(s):  
Aya Khalid Naji ◽  
Saad Najim Alsaad
Keyword(s):  
Elliptic Curve ◽  
Mobile Devices ◽  
Mobile Device ◽  
Elliptic Curve Cryptography ◽  
Computation Time ◽  
Video Encryption ◽  
Android Platform ◽  
Time Required ◽  
New Generation

In the development of 3G devices, all elements of multimedia (text, image, audio, and video) are becoming crucial choice for communication. The secured system in 3G devices has become an issue of importance, on which lot of research is going on. The traditional cryptosystem like DES, AES, and RSA do not able to meet with the properties of the new generation of digital mobile devices. This paper presents an implementation of video protection of fully encrypted using Elliptic Curve   Cryptography (ECC) on a mobile device. The Android platform is used for this purpose.  The results refer that the two important criteria of video mobile encryption: the short computation time required and high confidentially are provided.

The Concept of Extensible Authentication Protocol for Mobile Equipment to Heterogeneous Network (EAP-M2H)

2011 ◽  
Vol 145 ◽  
pp. 204-208
Author(s):  
Hsia Hung Ou ◽  
Hao Hsiang Ku ◽  
Te Yu Chen
Keyword(s):  
Mobile Devices ◽  
Heterogeneous Network ◽  
Access Point ◽  
Authentication Protocol ◽  
Service Network ◽  
Heavy Load ◽  
Authentication Mechanism ◽  
Widespread Acceptance ◽  
Point To Point ◽  
Extensible Authentication Protocol

Extensible Authentication Protocol (EAP) is a universal authentication framework defined by RFC3748 and updated by RFC5247. It is not a specific authentication mechanism for exclusive system and then the widespread acceptance and implementation in wireless networks or other Point-to-Point (P2P) connections. A number of vendor specific EAP methods were proposed for special purpose such as EAP-MD5, EAP-TLS, EAP-TTLS, EAP-PEAP, LEAP, SPEKE, EAP-SIM, EAP-AKA, EAP-FAST, and so on. All of them have a common characteristic that the client submitted his Security Association (SA) to the neighbor Access Point (AP), then AP forward it to identify his validity by Authentication Authorization Accounting (AAA) server of both sides. Although these EAPs are design to meet the widespread authentication demands. But in fact they have the independent authentication procedure respectively. That is they are incompatible with each other. For mobile devices, in order to meet the needs of different connection it had to support many of the EAPs. This situation for the most mobile devices is a heavy load and result the inconvenient which move in the different service network. This paper devotes in solves this situation. For this goal, an extensible authentication protocol for mobile equipment to heterogeneous network (EAP-M2H) is provided in the paper. EAP-M2H development from the EAP-AKA and improve their applicability and compatibility in heterogeneous network.

scholarly journals Android App Development: A Review

2021 ◽  
Vol 1 (2) ◽  
pp. 1-6
Author(s):  
Anmol Tewari ◽  
Keyword(s):  
Operating System ◽  
Open Source ◽  
Mobile Devices ◽  
Free Software ◽  
Support Programs ◽  
App Development ◽  
Android Platform ◽  
Android App ◽  
Native Code ◽  
Open Standards

Android is a software stack for mobile devices that includes an operating system, middleware, and key applications. Android is a software platform and operating system for mobile devices based on the Linux operating system and developed by Google and the Open Handset Alliance. It allows developers to write managed code in a Java-like language that utilizes Google-developed Java libraries but does not support programs developed in native code. The unveiling of the Android platform on 5 November 2007 was announced with the founding of the Open Handset Alliance, a consortium of 34 hard-ware, software and telecom companies devoted to advancing open standards for mobile devices. When released in 2008, most of the Android platform will be made available under the Apache free-software and open-source license.

scholarly journals Vulnerability Evaluation Method through Correlation Analysis of Android Applications

2019 ◽  
Vol 11 (23) ◽  
pp. 6637
Author(s):  
Cheolmin Yeom ◽  
Yoojae Won
Keyword(s):  
Correlation Analysis ◽  
Mobile Devices ◽  
Mobile Device ◽  
Diagnostic Tool ◽  
Evaluation Method ◽  
Data Use ◽  
Single Application ◽  
Vulnerability Evaluation ◽  
Android Applications

Due to people in companies use mobile devices to access corporate data, attackers targeting corporate data use vulnerabilities in mobile devices. Most vulnerabilities in applications are caused by the carelessness of developers, and confused deputy attacks and data leak attacks using inter-application vulnerabilities are possible. These vulnerabilities are difficult to find through the single-application diagnostic tool that is currently being studied. This paper proposes a process to automate the decompilation of all the applications on a user’s mobile device and a mechanism to find inter-application vulnerabilities. The mechanism generates a list and matrix, detailing the vulnerabilities in the mobile device. The proposed mechanism is validated through an experiment on an actual mobile device with four installed applications, and the results show that the mechanism can accurately capture all application risks as well as inter-application risks. Through this mechanism, users can expect to find the risks in their mobile devices in advance and prevent damage.

scholarly journals The Dangers of Rooting: Data Leakage Detection in Android Applications

2018 ◽  
Vol 2018 ◽  
pp. 1-9 ◽  
Author(s):  
Luca Casati ◽  
Andrea Visconti
Keyword(s):  
Mobile Devices ◽  
Sensitive Information ◽  
Leakage Detection ◽  
Improve Performance ◽  
Security Issues ◽  
Man In The Middle ◽  
The World ◽  
Unrestricted Access ◽  
User Access ◽  
Android Applications

Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab’s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.

scholarly journals An Accurate and Efficient User Authentication Mechanism on Smart Glasses Based on Iris Recognition

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Yung-Hui Li ◽  
Po-Jen Huang
Keyword(s):  
Mobile Devices ◽  
Iris Recognition ◽  
Hamming Distance ◽  
User Authentication ◽  
Infrared Camera ◽  
Modern Society ◽  
Infrared Light ◽  
Recognition Mechanism ◽  
Authentication Mechanism ◽  
Smart Glasses

In modern society, mobile devices (such as smart phones and wearable devices) have become indispensable to almost everyone, and people store personal data in devices. Therefore, how to implement user authentication mechanism for private data protection on mobile devices is a very important issue. In this paper, an intelligent iris recognition mechanism is designed to solve the problem of user authentication in wearable smart glasses. Our contributions include hardware and software. On the hardware side, we design a set of internal infrared camera modules, including well-designed infrared light source and lens module, which is able to take clear iris images within 2~5 cm. On the software side, we propose an innovative iris segmentation algorithm which is both efficient and accurate to be used on smart glasses device. Another improvement to the traditional iris recognition is that we propose an intelligent Hamming distance (HD) threshold adaptation method which dynamically fine-tunes the HD threshold used for verification according to empirical data collected. Our final system can perform iris recognition with 66 frames per second on a smart glasses platform with 100% accuracy. As far as we know, this system is the world’s first application of iris recognition on smart glasses.

Sign in / Sign up

Export Citation Format

Share Document