A flexible security architecture to support third-party applications on mobile devices

Fingerprinting Mobile Devices Using Personalized Configurations

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0027 ◽

2016 ◽

Vol 2016 (1) ◽

pp. 4-19 ◽

Cited By ~ 32

Author(s):

Andreas Kurtz ◽

Hugo Gascon ◽

Tobias Becker ◽

Konrad Rieck ◽

Felix Freiling

Keyword(s):

Supervised Learning ◽

Mobile Devices ◽

Real World ◽

Third Party ◽

Learning Approach ◽

Total Accuracy ◽

Over Time

Abstract Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time

Download Full-text

Intelligent Prevention Method for Third-Party Damage of Long-Distance Pipeline Based on Mobile Devices Location Information

10.1115/1.0003404v ◽

2021 ◽

Author(s):

Jiatong Ling ◽

Hang Zhang ◽

Dong Shaohua ◽

Jinheng Luo

Keyword(s):

Mobile Devices ◽

Third Party ◽

Location Information ◽

Long Distance ◽

Prevention Method

Download Full-text

IDA-Pay: a secure and efficient micro-payment system based on Peer-to-Peer NFC technology for Android mobile devices

Journal of Communications Software and Systems ◽

10.24138/jcomss.v8i4.166 ◽

2012 ◽

Vol 8 (4) ◽

pp. 117 ◽

Cited By ~ 12

Author(s):

Luca Mainetti ◽

Luigi Patrono ◽

Roberto Vergallo

Keyword(s):

Mobile Devices ◽

Near Field ◽

Operating Mode ◽

Peer To Peer ◽

Payment System ◽

Third Party ◽

Payment Systems ◽

Shopping Experience ◽

And Performance ◽

System Effectiveness

The evolution of modern mobile devices towards novel Radio Frequency (RF) capabilities, such as Near Field Communication, leads to a potential for delivering innovative mobile services, which is still partially unexplored. Mobile proximity payment systems are going to enhance the daily shopping experience, but the access to payment security resources of a mobile device (e.g. the “Secure Element”) by third party applications is still blocked by smartphone and Operating System manufacturers. In this paper, the IDA-Pay system is presented, an innovative and secure NFC micro-payment system based on Peer-to-Peer NFC operating mode for Android mobile phones. It allows to deliver mobile-to-POS micro-payment services, bypassing the need for special hardware. A validation scenario and a system evaluation are also reported to demonstrate the system effectiveness and performance.

Download Full-text

CYBERSECURITY ARCHITECTURE FOR THE INTERNET OF MEDICAL THINGS AND CONNECTED DEVICES USING BLOCKCHAIN

Biomedical Engineering Applications Basis and Communications ◽

10.4015/s1016237221500137 ◽

2021 ◽

pp. 2150013

Author(s):

Muhammad Elsayeh ◽

Kadry Ali Ezzat ◽

Hany El-Nashar ◽

Lamia Nabil Omran

Keyword(s):

Healthcare Providers ◽

Vital Signs ◽

Third Party ◽

Security And Privacy ◽

The Internet ◽

Security Architecture ◽

Healthcare Organizations ◽

Blockchain Technology ◽

Huge Data ◽

Internet Of Medical Things

The internet of medical things (IoMT) has a great role in improving the health around the world. IoMT is having a great impact in our life in which the clinical data of the patient is observed and checked and then can be transferred to the third party for using in the future such as the cloud. IoMT is a huge data system with a continuous developing rate, which implies that we should keep a lot of data secure. We propose a combined security architecture that fuses the standard architecture and new blockchain technology. Blockchain is a temper digital ledger which gives peer-to-peer communication and provides communication between non-trust individuals. Using standard in-depth strategy and blockchain, we are able to develop a method to collect vital signs data from IoMT and connected devices and use blockchain to store and retrieve the collected data in a secure and decentralized fashion within a closed system, suitable for healthcare providers such as private clinics, hospitals, and healthcare organizations were sharing data with each other is required. Right now initially examine the innovation behind Blockchain then propose IoMT-based security architecture utilizing Blockchain to guarantee the security of information transmission between associated nodes. Experimental analysis shows that the proposed scheme presents a non-significant overhead; yet it brings major advantages to meet the standard security and privacy requirements in IoMT.

Download Full-text

Mobile Accessibility in Touchscreen Devices

Advances in Wireless Technologies and Telecommunication - Research and Design Innovations for Mobile User Experience ◽

10.4018/978-1-4666-4446-5.ch010 ◽

2014 ◽

pp. 182-202

Author(s):

Volkan Çalışkan ◽

Özgürol Öztürk ◽

Kerem Rızvanoğlu

Keyword(s):

Mobile Devices ◽

Video Recording ◽

Assistive Technologies ◽

Third Party ◽

Future Research ◽

Screen Reader ◽

Observation Methods ◽

Mobile Accessibility ◽

Usage Patterns ◽

Multi Method Approach

Mobile technology is a new frontier for accessibility. Although mobile developers need solid guidelines to provide accessible experiences, there is a limited number of empirical research on mobile accessibility of different mobile platforms that work through various assistive technologies. In this context, more information is needed to understand both usage patterns and hardware/software platforms to guide decisions to meet the needs of people with disabilities who use mobile devices. This study, which is a pilot study of a long-term research, evaluates the accessibility of selected built-in and third party iOS applications in the iPhone and iPad through an extensive accessibility test with two blind users who are novice users of touchscreen mobile devices. This qualitative study is based on a multi-method approach, which consists of a background questionnaire, task observation, and a structured debriefing interview. The study also employs observation methods of data collection in order to gain better insight in mobile accessibility. The participants are demanded to execute three different tasks on each platform by using VoiceOver, which is the built-in screen reader in iOS. The participants are observed during the task executions and the “think aloud” procedure and video recording of the participants collected additional data. A short debriefing interview was also made to gain a detailed insight into the user experience. The findings reveal significant accessibility problems caused specifically by design of the graphical user interface features of the applications and limitations of the screen reader. Finally, as part of future research directions, preliminary guidelines are proposed to improve accessibility for iOS applications in both platforms.

Download Full-text

Mobile Commerce Security and Its Prevention

Mobile Commerce ◽

10.4018/978-1-5225-2599-8.ch023 ◽

2018 ◽

pp. 433-449

Author(s):

Mona Adlakha

Keyword(s):

Mobile Devices ◽

Best Practice ◽

Personal Data ◽

Mobile Commerce ◽

Mitigation Strategies ◽

Risk Prevention ◽

Third Party ◽

Security Measures ◽

Security Risk ◽

Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

Download Full-text

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Security and Communication Networks ◽

10.1155/2019/9629034 ◽

2019 ◽

Vol 2019 ◽

pp. 1-21 ◽

Cited By ~ 1

Author(s):

Neline van Ginkel ◽

Willem De Groef ◽

Fabio Massacci ◽

Frank Piessens

Keyword(s):

Programming Language ◽

Third Party ◽

Security Evaluation ◽

Security Architecture ◽

Policy Enforcement ◽

Security Threats ◽

Server Side ◽

Design And Implementation ◽

The Past ◽

Access Control Policies

The popularity of the JavaScript programming language for server-side programming has increased tremendously over the past decade. The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures. One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise an entire server. In order to support the secure integration of libraries, we developed NODESENTRY, the first security architecture for server-side JavaScript. Our policy enforcement infrastructure supports an easy deployment of web hardening techniques and access control policies on interactions between libraries and their environment, including any dependent library. We discuss the design and implementation of NODESENTRY and present its performance and security evaluation.

Download Full-text

Effective Key Distribution Scheme using Paillier Cryptosystem in Wireless Sensor Networks

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8164.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 1531-1535

Keyword(s):

Wireless Sensor Networks ◽

Mobile Devices ◽

Sensor Node ◽

Sensor Nodes ◽

Wireless Sensor ◽

Security Architecture ◽

Key Generation ◽

Crucial Feature ◽

Distribution Scheme ◽

Paillier Cryptosystem

Main problem is when setting up Wireless(W)-Sensor(S)-Network(N) intended for node communication arises for security. Discussed here is a three-tier architecture with two polynomial pools containing wireless routers, key generation center and few access points which are also sensor nodes that can be mobile devices that intend to get better security. The crucial feature of three tier architecture authentication, where communication between WN to access(A) point(P) is established from AP to the sensor node, resulted by pair(P)wise(W) key(K) pre-distribution (PD) methodology and the nodes are authenticated utilizing polynomial keys and Paillier cryptosystem algorithm. Presently, the WN attacks the duplication, such as seeing the nodes in the network. In the event that a nasty node is found and if you want to send packets within the network, you need to store many of keys from both pools for validation. But because there are no sufficient keys available and therefore can't communicate with other nodes in the network. This paper describes an effective contrivance for accomplishing security between node communications by formulating three-level security architecture.

Download Full-text

Blockchain Based Detection of Android Malware using Ranked Permissions

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.e2593.0610521 ◽

2021 ◽

Vol 10 (5) ◽

pp. 68-75

Author(s):

Siddhant Gupta ◽

Siddharth Sethi ◽

Srishti Chaudhary ◽

Anshul Arora

Keyword(s):

Mobile Devices ◽

Language Processing ◽

High Reliability ◽

Low Cost ◽

Information Value ◽

Third Party ◽

Detection Accuracy ◽

Financial Loss ◽

Android Malware ◽

Malicious Apps

Android mobile devices are a prime target for a huge number of cyber-criminals as they aim to create malware for disrupting and damaging the servers, clients, or networks. Android malware are in the form of malicious apps, that get downloaded on mobile devices via the Play Store or third-party app markets. Such malicious apps pose serious threats like system damage, information leakage, financial loss to user, etc. Thus, predicting which apps contain malicious behavior will help in preventing malware attacks on mobile devices. Identifying Android malware has become a major challenge because of the ever-increasing number of permissions that applications ask for, to enhance the experience of the users. And most of the times, permissions and other features defined in normal and malicious apps are generally the same. In this paper, we aim to detect Android malware using machine learning, deep learning, and natural language processing techniques. To delve into the problem, we use the Android manifest files which provide us with features like permissions which become the basis for detecting Android malware. We have used the concept of information value for ranking permissions. Further, we have proposed a consensus-based blockchain framework for making more concrete predictions as blockchain have high reliability and low cost. The experimental results demonstrate that the proposed model gives the detection accuracy of 95.44% with the Random Forest classifier. This accuracy is achieved with top 45 permissions ranked according to Information Value.

Download Full-text

Protecting Data on Mobile Cloud Computing

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k2574.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 3453-3459

Keyword(s):

Cloud Computing ◽

Mobile Computing ◽

Mobile Devices ◽

Data Center ◽

Mobile Cloud Computing ◽

Third Party ◽

Battery Life ◽

Mobile Cloud ◽

Cloud Data Center ◽

Cloud Data

Mobile Cloud Computing is a combination of general Cloud Computing and Mobile Computing in which we have to access resources from the remote cloud data center with the help of mobile electronics and peripherals like mobile smartphones, laptops, gadgets, etc. via Cellular Technology or Wireless Communication. Mobile devices have lots of resource constraints like storage capacity, processing speed, and battery life. Hence through simple mobile computing software and programming, we cannot manipulate on mobile devices of cloud data center information. Because of such kinds of difficulty, we have to process information or data through external mobile devices. Accessing and processing of data with the help of Trusted Third Party Agency (TPA) outside the cloud data center and mobile devices have lots of security challenges. To make cloud data secure over outside resources, lots of terminologies and theory are put forward by various researchers. In this paper, we will analyze their theory and its limitations and offer our security algorithm proposal. In this thesis article, we analyze the security framework for storing data on Cloud Server by Mobile and limitation of this process. Also, we review the theory of how data can be secure our data on cloud administrators

Download Full-text