Automated Security Analysis of Android and iOS Applications with Mobile Security Framework

2016 ◽  
Keyword(s):  
Security Analysis ◽  
Mobile Security ◽  
Security Framework

scholarly journals Ekstraksi Logis Forensik Mobile pada Aplikasi E-Commerce Android

2020 ◽  
Vol 2 (1) ◽  
pp. 1-10
Author(s):  
Nuril Anwar ◽  
Son Ali Akbar ◽  
Ahmad Azhari ◽  
Imam Suryanto
Keyword(s):  
Rapid Development ◽  
Personal Data ◽  
Data File ◽  
Mobile Security ◽  
Security Framework ◽  
Storage Media ◽  
Analysis Process ◽  
Application Data ◽  
Forensic Tools ◽  
System File

Pesatnya perkembangan aplikasi android, terutama aplikasi di bidang e-commerce dan transaksi jual beli online yang populer di Indonesia, memaksa pengguna untuk memberikan izin untuk menggunakan fitur dan layanan aplikasi selama pemasangan dan pasca pemasangan. Kurangnya pemahaman pengguna akan resiko dari izin akses yang diminta oleh aplikasi sebelum atau setelah melakukan instalasi menjadikan celah pada keamanan data pengguna untuk mengakses fitur pada perangkat smartphone seperti kamera, media penyimpanan, kontak, akun dan fitur lainnya. Logical Extraction Method menjadi metode yang digunakan untuk mendapatkan data aplikasi dengan mengakusisi seluruh data file sistem pada smartphone menggunakan bantuan tools MOBILedit Forensic, TWRP (Team Win Recovery Project), dan Aplikasi Migrate. Akusisi data dari masing-masing aplikasi akan diambil Android Package File (APK) yang digunakan untuk proses analisis secara statis dengan menggunakan Tools Forensic MobSF (Mobile Security Framework). Berdasarkan hasil analisis yang dilakukan pada tiga aplikasi teratas e-commerce terdapat 51 izin akses dan dari tiga aplikasi e-commerce terpopuler di Indonesia dengan tingkat keamanan paling berbahaya dengan 49 izin akses, 7 izin akses normal dan 1 izin akses tanda tangan. Aplikasi lazada terdapat 21 izin akses berbahaya yang tidak diketahui pengguna sedangkan aplikasi Tokopedia terdapat 4 izin akses berbahaya yang tidak diketahui pengguna dan aplikasi Blibli.com terdapat 1 izin akses berbahaya yang tidak diketahui pengguna. Berdasarkan temuan celah keamanan dapat disimpulkan bahwa aplikasi e-commerce yang digunakan oleh penggunanya memungkinkan pula disisipi sebuah malware atau virus sejenis yang berpeluang dalam penggambilan data pribadi penggunanya.  The rapid development of android applications, especially applications in the field of e-commerce and online buying and selling transactions that are popular in Indonesia, force users to give permission to use the features and services of the application during installation and post-installation. Lack of user understanding of the risk of access permissions requested by the application before or after installation creates a gap in the user's data security to access features on smartphone devices such as cameras, storage media, contacts, accounts, and other features. Logical Extraction Method is a method used to obtain application data by acquiring all system file data on smartphones using the help of MOBILedit Forensic tools, TWRP (Team Win Recovery Project), and Migrate Applications. Data acquisition from each application will be taken by Android Package File (APK) which is used for the static analysis process using Tools Forensic MobSF (Mobile Security Framework). Based on the results of an analysis conducted on the top three e-commerce applications there are 51 access permits and of the three most popular e-commerce applications in Indonesia with the most dangerous level of security with 49 access permits, 7 normal access permits, and 1 signature access permit. The Lazada application has 21 dangerous access permits that the user does not know while the Tokopedia application has 4 dangerous access permits that the user does not know and the Blibli.com application has 1 dangerous access permit that the user does not know about. Based on the findings of a security hole, it can be concluded that the e-commerce application used by its users also allows the insertion of a malware or virus that has the opportunity to capture the user's personal data.

APPregator: A Large-Scale Platform for Mobile Security Analysis

2020 ◽  
pp. 73-88
Author(s):  
Luca Verderame ◽  
Davide Caputo ◽  
Andrea Romdhana ◽  
Alessio Merlo
Keyword(s):  
Large Scale ◽  
Security Analysis ◽  
Mobile Security

scholarly journals Identity-Based Proxy Signcryption Protocol with Universal Composability

2018 ◽  
Vol 2018 ◽  
pp. 1-11 ◽  
Author(s):  
Huifang Yu ◽  
Zhicang Wang ◽  
Jianmin Li ◽  
Xinzhe Gao
Keyword(s):  
Security Analysis ◽  
Random Oracle Model ◽  
Random Oracle ◽  
Computation Complexity ◽  
Security Framework ◽  
Universal Composability ◽  
Diffie Hellman ◽  
Semantic Security ◽  
Identity Based

Proxy signcryption means that the proxy signcrypter obtains the delegate authorization from the original signcrypter and then signcrypts the specified message on behalf of the original signcrypter. In this paper, we construct an identity-based proxy signcryption protocol (IBPSP) based on the universally composable (UC) framework. In the random oracle model, we prove that this protocol has the semantic security under the gap bilinear Diffie-Hellman and computational Diffie-Hellman assumptions. At the same time, an ideal functionality of the identity-based proxy signcryption protocol is defined in the UC security framework, and we also prove the equivalence between the universally composable identity-based proxy signcryption protocol and its IND-CCA2 and UF-CMA security. Analysis shows this IBPSP has both low computation complexity and semantic security together with UC security.

scholarly journals Towards Green Computing Oriented Security: A Lightweight Postquantum Signature for IoE

Sensors ◽  
2021 ◽  
Vol 21 (5) ◽  
pp. 1883
Author(s):  
Rinki Rani ◽  
Sushil Kumar ◽  
Omprakash Kaiwartya ◽  
Ahmad M. Khasawneh ◽  
Jaime Lloret ◽  
...  
Keyword(s):  
Digital Signature ◽  
Secure Communication ◽  
Security Analysis ◽  
Computation Time ◽  
Quantum Computers ◽  
Simulation Environment ◽  
Security Framework ◽  
Internet Of Everything ◽  
Chosen Message Attack ◽  
Commutative Property

Postquantum cryptography for elevating security against attacks by quantum computers in the Internet of Everything (IoE) is still in its infancy. Most postquantum based cryptosystems have longer keys and signature sizes and require more computations that span several orders of magnitude in energy consumption and computation time, hence the sizes of the keys and signature are considered as another aspect of security by green design. To address these issues, the security solutions should migrate to the advanced and potent methods for protection against quantum attacks and offer energy efficient and faster cryptocomputations. In this context, a novel security framework Lightweight Postquantum ID-based Signature (LPQS) for secure communication in the IoE environment is presented. The proposed LPQS framework incorporates a supersingular isogeny curve to present a digital signature with small key sizes which is quantum-resistant. To reduce the size of the keys, compressed curves are used and the validation of the signature depends on the commutative property of the curves. The unforgeability of LPQS under an adaptively chosen message attack is proved. Security analysis and the experimental validation of LPQS are performed under a realistic software simulation environment to assess its lightweight performance considering embedded nodes. It is evident that the size of keys and the signature of LPQS is smaller than that of existing signature-based postquantum security techniques for IoE. It is robust in the postquantum environment and efficient in terms of energy and computations.

scholarly journals Smart Resilient Security Framework and Solutions for Cloud-driven Digital Supply Networks

2019 ◽  
Vol 9 (2) ◽  
pp. 2492-2501
Keyword(s):  
Data Security ◽  
Cost Reduction ◽  
Logistic Model ◽  
Security Analysis ◽  
Security Framework ◽  
Supply Networks ◽  
Security Enhancement ◽  
Logistics Services ◽  
Critical Issues ◽  
Maximum Utilization

The cloud-based logistics services allow cost reduction, higher elasticity, flexibility, and maximum utilization of resources for performing high computations and data analytics. Logistics and security are complex issues with the corporate entities when these are to be used for taking critical issues. To understand these, this paper discusses a conceptualized, flexible security framework for cloud-driven digital supply chain in Agricultural. Moreover, a security enhancement layer is included at each layer of the cloud with a feasibility study on protecting user information in the logistics services ambiance. Also, the Data Residency for cloud-based logistics services is elaborated with Data Security analysis. Further, the article discusses the possible solutions to handle the security concerns of the logistic model.

scholarly journals Blockchain Security as “People Security”: Applying Sociotechnical Security to Blockchain Technology

2021 ◽  
Vol 2 ◽  
Author(s):  
Kelsie Nabben
Keyword(s):  
Case Studies ◽  
Security Analysis ◽  
Social Software ◽  
Security Framework ◽  
Public And Private ◽  
Blockchain Technology ◽  
Digital Infrastructure ◽  
The Social ◽  
Different Types ◽  
Security Guarantees

The notion that blockchains offer decentralized, “trustless” guarantees of security through technology is a fundamental misconception held by many advocates. This misconception hampers participants from understanding the security differences between public and private blockchains and adopting blockchain technology in suitable contexts. This paper introduces the notion of “people security” to argue that blockchains hold inherent limitations in offering accurate security guarantees to people as participants in blockchain-based infrastructure, due to the differing nature of the threats to participants reliant on blockchain as secure digital infrastructure, as well as the technical limitations between different types of blockchain architecture. This paper applies a sociotechnical security framework to assess the social, software, and infrastructural layers of blockchain applications to reconceptualize “blockchain security” as “people security.” A sociotechnical security analysis of existing macrosocial level blockchain systems surfaces discrepancies between the social, technical, and infrastructural layers of a blockchain network, the technical and governance decisions that characterize the network, and the expectations of, and threats to, participants using the network. The results identify a number of security and trust assumptions against various blockchain architectures, participants, and applications. Findings indicate that private blockchains have serious limitations for securing the interests of users in macrosocial contexts, due to their centralized nature. In contrast, public blockchains reveal trust and security shortcomings at the micro and meso-organizational levels, yet there is a lack of suitable desktop case studies by which to analyze sociotechnical security at the macrosocial level. These assumptions need to be further investigated and addressed in order for blockchain security to more accurately provide “people security”.

scholarly journals ANALISIS STATIS MENGGUNAKAN MOBILE SECURITY FRAMEWORK UNTUK PENGUJIAN KEAMANAN APLIKASI MOBILE E-COMMERCE BERBASIS ANDROID

Sebatik ◽  
2020 ◽  
Vol 24 (1) ◽  
pp. 22-28
Author(s):  
Cholis Hanifurohman ◽  
Deanna Durbin Hutagalung
Keyword(s):  
Mobile Security ◽  
Security Framework ◽  
Root Detection

Pengguna internet di Indonesia setiap tahunnya mengalami peningkatan yang terus naik. Peningkatan yang pesat ini diiukuti juga dengan penggunaan internat menggunakan perangkat mobile. Hal ini memberikan dampak positif ke beberapa sektor bisnis seperti jual beli online dan juga memicu munculnya beragam aplikasi mobile khususnya pada platform android. Oleh karena itu perlu dilakukan analisis keamanan terhadap aplikasi dengan melakukan pengujian/pengukuran terhadap tingkat keamanan aplikasi. Tujuan dari penelitian ini adalah untuk meningkatkan pemahaman kepada pengguna aplikasi mobile e-commerce terhadap celah-celah keamanan aplikasi mobile e-commerce dan memberikan metode dalam melakukan analisis statis menggunakan Mobile Security Framework (MobSF) untuk melakukan pengujian keamanan terhadap aplikasi mobile e-commerce khususnya yang berbasis android. Analisis statis dilakukan dengan melakukan anailis terhadap kelemahan kriptografi (weak crypto), SSL bypass, penggunaan dangerous permission, hardcode secret, root detection dan domain malware check. Metode yang digunakan dalam melakukan anailis adalah Mobile Security Framework (MobSF). Sistem ini mempunyai tiga fase, yaitu kebutuhan perencanaan, proses desain RAD dan fase implementasi. Hasil analisis keamanan keamanan yang dilakukan pada aplikasi mobile e-commerce yaitu SP, TP, LZ, BL dan SR yang merupakan lima besar mobile e-commerce berbasis android paling populer di Indonesia menunjukkan bahwa beberapa celah keamanan masih terdapat dari di kelima aplikasi hasil tersebut yang perlu diketahui baik oleh pengguna maupun pengembang aplikasi.

A modular framework for mobile security analysis

2020 ◽  
Vol 29 (5) ◽  
pp. 220-243
Author(s):  
Francesco Bergadano ◽  
Milena Boetti ◽  
Fabio Cogno ◽  
Valerio Costamagna ◽  
Mario Leone ◽  
...  
Keyword(s):  
Security Analysis ◽  
Mobile Security ◽  
Modular Framework
Sign in / Sign up

Export Citation Format

Share Document