Biblio

We have proposed a new Smart Meter Application (SMA) Framework. This application registers consumers at utility provider (Electricity), takes the meter reading for electricity and makes billing. The proposed application might offer higher level of flexibility and security, time saving and trustworthiness between consumers and authority offices. It’s expected that the application will be developed by Flutter to support Android and iOS Mobile Operating Systems.

The traditional approach to distributed deep neural network (DNN) training is data-distributed learning, which partitions and distributes data to workers. This approach, although has good convergence properties, has high communication cost, which puts a strain especially on edge systems and increases delay. An emerging approach is model-distributed learning, where a training model is distributed across workers. Model-distributed learning is a promising approach to reduce communication and storage costs, which is crucial for edge systems. In this paper, we design ResPipe, a novel resilient model-distributed DNN training mechanism against delayed/failed workers. We analyze the communication cost of ResPipe and demonstrate the trade-off between resiliency and communication cost. We implement ResPipe in a real testbed consisting of Android-based smartphones, and show that it improves the convergence rate and accuracy of training for convolutional neural networks (CNNs).

Third party mobile applications are dominating the business strategies of organisations and have become an integral part of personal life of individuals. These applications are used for financial transactions, sharing of sensitive data etc. The recent breaches in Android clearly indicate that use of third party applications have become a serious security threat. By design, Android framework keeps all these applications in untrusted domain. Due to this a common policy of resource control exists for all such applications. Further, user discretion in granting permissions to specific applications is not effective because users are not always aware of deep functionalities, mala fide intentions (in case of spywares) and bugs/flaws in these third-party applications. In this regard, we propose a security scheme to mitigate unauthorised access of resources by third party applications. Our proposed scheme is based on SEAndroid policies and achieves fine grained confinement with respect to access control for the third party applications. To the best of our knowledge, the proposed scheme is unique and first of its kind. The proposed scheme is integrated with Android Oreo 8.1.0 for performance and security analysis. It is compatible with any Android device with AOSP support.

This paper describes a design of IoT enabled real-time bus tracking system. In this work a bus tracking mobile phone app is developed, using that people can exactly locate the bus status and time to bus arrival at bus-stop. This work uses high-frequency RFID tags at buses and RFID receivers at busstops and with NodeMCU real-time RIFD tagging (bus running) information is collected and uploaded on the cloud. Users can access the bus running and status from the cloud on the mobile app in real-time.

Intentional interference such as spoofing is an emerging threat to GPS receivers used in both civilian and defense applications. With the majority of smartphones relying on GPS for positioning and navigation, the vulnerability of these phones to spoofing attacks is an issue of security concern. In this paper, it is demonstrated that is easy to successfully spoof a smartphone using a simplistic spoofing technique. A spoofing signal is generated using open-source signal simulator and transmitted using a low-cost SDR. In view of the tremendously increasing usage of GPS enabled smartphones, it is necessary to develop suitable countermeasures for spoofing. This work carries significance as it would help in understanding the effects of spoofing at various levels of signal processing in the receiver and develop advanced spoofing detection and mitigation techniques.

People continue to store their sensitive information in their smart-phone applications. Users seldom read an app's privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 Personally Identifiable Information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach \$1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.

Android kernel fuzzing is a research area of interest specifically for detecting kernel vulnerabilities which may allow attackers to obtain the root privilege. The number of Android mobile phones is increasing rapidly with the explosive growth of Android kernel drivers. Interface aware fuzzing is an effective technique to test the security of kernel driver. Existing researches rely on static analysis with kernel source code. However, in fact, there exist millions of Android mobile phones without public accessible source code. In this paper, we propose a hybrid interface recovery method for fuzzing kernels which can recover kernel driver interface no matter the source code is available or not. In white box condition, we employ a dynamic interface recover method that can automatically and completely identify the interface knowledge. In black box condition, we use reverse engineering to extract the key interface information and use similarity computation to infer argument types. We evaluate our hybrid algorithm on on 12 Android smartphones from 9 vendors. Empirical experimental results show that our method can effectively recover interface argument lists and find Android kernel bugs. In total, 31 vulnerabilities are reported in white and black box conditions. The vulnerabilities were responsibly disclosed to affected vendors and 9 of the reported vulnerabilities have been already assigned CVEs.

To better protect users' privacy, various authentication mechanisms have been applied on smartphones. Android pattern lock has been widely used because it is easy to memorize, however, simple ones are more vulnerable to attack such as shoulder surfing attack. In this paper, we propose a security rating evaluation scheme based on pattern lock. In particular, an entropy function of a pattern lock can be calculated, which is decided by five kinds of attributes: size, length, angle, overlap and intersection for quantitative evaluation of pattern lock. And thus, the security rating thresholds will be determined by the distribution of entropy values. Finally, we design and develop an APP based on Android Studio, which is used to verify the effectiveness of our proposed security rating evaluation scheme.

Today, authentication and non-repudiation of actions are essential requirements for almost all mobile services. In this respect, various common identity systems (such as Facebook Login, Google Sign-In, Apple ID and many other) based on OpenID Connect protocol have been introduced that support easier password management for users, and reduce potential risks by securing the service provider and the user. With the widespread use of the Internet, smartphones can offer many services with rich content. The use of common identity systems on mobile devices with a high security level is becoming a more important requirement. At this point, MNOs (Mobile Network Operators) have a significant potential and capability for providing common identity services. The existing solutions based on Mobile Connect standard provide generally low level of assurance. Accordingly, there is an urgent need for a common identity system that provide higher level of assurance and security for service providers. This study presents a multi-factor authentication mechanism called TrustedID system that is based on Mobile Connect and OpenID Connect standards, and ensures higher level of assurance. The proposed system aims to use three identity factors of the user in order to access sensitive mobile services on the smartphone. The proposed authentication system will support improvement of new value-added services and also support the development of mobile ecosystem.

In order to solve the problems of inconvenient carrying and management of the access card used in the existing market access control system, a set of intelligent access control system based on DES encrypted two-dimensional code is designed. The system consists of Android smart phone, embedded access controller and server. By sending and receiving QR code via smart phone, access to the door is obtained, which realizes centralized management of office buildings, companies, senior office buildings, luxury residences and other middle and high-rise places, effectively preventing unauthorized people from entering the high security area. In order to ensure information security, the two-dimensional code is encrypted by DES algorithm. This system has the characteristics of low cost, high security and flexible operation. It is still blank in the application field and has certain promotion value.

Nowadays, smartphones are everywhere. They play an indispensable role in our lives and makes people convenient to communicate, pay, socialize, etc. However, they also bring a lot of security and privacy risks. Keystroke operations of numeric keypad are often required when users input password to perform mobile payment or input other privacy-sensitive information. Different keystrokes may cause different finger movements that will bring different interference to WiFi signal, which may be reflected by channel state information (CSI). In this paper, we propose WiPass, a password-keystroke recognition system for numerical keypad input on smartphones, which especially occurs frequently in mobile payment APPs. Based on only a public WiFi hotspot deployed in the victim payment scenario, WiPass would extracts and analyzes the CSI data generated by the password-keystroke operation of the smartphone user, and infers the user's payment password by comparing the CSI waveforms of different keystrokes. We implemented the WiPass system by using COTS WiFi AP devices and smartphones. The average keystroke segmentation accuracy was 80.45%, and the average keystroke recognition accuracy was 74.24%.

There are some modern mobile operation systems. The main two of them are iOS and Android. However, in the past, there were two more commonly used ones: Windows Mobile and Symbian. Each of these systems has its own pros and cons, whereas none of them is the best or the worst one in different criterions. In this paper the main criterions of operation system quality are discussed. The paper defines what the mobile operating system quality is.

The aim of the study was to investigate the privacy and security of the user data on Twitter. For gathering the essential information, more than two million relevant tweets through the span of two years were used to conduct the study. In addition, we are classifying sentiment of Twitter data by exhibiting results of a machine learning by using the Naive Bayes algorithm. Although this algorithm is time consuming compared to the listing method yet can lead to effective estimation relatively. The tweets are extracted and pre-processed and then categorized them in neutral, negative and positive sentiments. By applying the chosen methodology, the study would end up in identifying the most effective mobile operating systems according to the sentiments of social media users. Additionally, the application of the algorithm needs to meet the privacy and security needs of Twitter users in order to optimize the use of social media intelligence. The approach will help in assessing the competitive intelligence of the Twitter data and the challenges in the form of privacy and- security of the user content and their contextual information simultaneously. The findings of the empirical research show that users are more concerned about the privacy and security of iOS compared to Android and Windows phone.

Android gives us opportunity to extract meaningful information from metadata. From the security point of view, the missing important information in metadata of an application could be a sign of suspicious application, which could be directed for extensive analysis. Especially the usage of dangerous permissions is expected to be explained in app descriptions. The permission-to-description fidelity problem in the literature aims to discover such inconsistencies between the usage of permissions and descriptions. This study proposes a new method based on natural language processing and recurrent neural networks. The effect of user reviews on finding such inconsistencies is also investigated in addition to application descriptions. The experimental results show that high precision is obtained by the proposed solution, and the proposed method could be used for triage of Android applications.

In the current state of communication technology, the abuse of VoIP has led to the emergence of telecommunications fraud. We urgently need an end-to-end identity authentication mechanism to verify the identity of the caller. This paper proposes an end-to-end, dual identity authentication mechanism to solve the problem of telecommunications fraud. Our first technique is to use the Hermes algorithm of data transmission technology on an unknown voice channel to transmit the certificate, thereby authenticating the caller's phone number. Our second technique uses voice-print recognition technology and a Gaussian mixture model (a general background probabilistic model) to establish a model of the speaker to verify the caller's voice to ensure the speaker's identity. Our solution is implemented on the Android platform, and simultaneously tests and evaluates transmission efficiency and speaker recognition. Experiments conducted on Android phones show that the error rate of the voice channel transmission signature certificate is within 3.247 %, and the certificate signature verification mechanism is feasible. The accuracy of the voice-print recognition is 72%, making it effective as a reference for identity authentication.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

Smart mobile devices such as smartphones and tablets have become an integral part of our society. However, it also becomes a prime target for attackers with malicious intents. There have been a number of efforts on developing innovative courseware to promote cybersecurity education and to improve student learning; however, hands-on labs are not well developed for smart mobile devices and for mobile security topics. In this paper, we propose to design and develop a mobile security labware with smart mobile devices to promote the cybersecurity education. The integration of mobile computing technologies and smart devices into cybersecurity education will connect the education to leading-edge information technologies, motivate and engage students in security learning, fill in the gap with IT industry need, and help faculties build expertise on mobile computing. In addition, the hands-on experience with mobile app development will promote student learning and supply them with a better understanding of security knowledge not only in classical security domains but also in the emerging mobile security areas.

Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.

It is now a fact that human is the weakest link in the cybersecurity chain. Many theories from behavioural science like the theory of planned behaviour and protection motivation theory have been used to investigate the factors that affect the cybersecurity behaviour and practices of the end-user. In this paper, the researchers have used Fogg behaviour model (FBM) to study factors affecting the cybersecurity behaviour and practices of smartphone users. This study found that the odds of secure behaviour and practices by respondents with high motivation and high ability were 4.64 times more than the respondents with low motivation and low ability. This study describes how FBM may be used in the design and development of cybersecurity awareness program leading to a behaviour change.

The interface permits the client to scan for a subjective utility on the Play Store; the authorizations posting and the protection arrangement are then routinely recovered, on all events imaginable. The client has then the capability of choosing an interesting authorization, and a posting of pertinent sentences are separated with the guide of the privateer's inclusion and introduced to them, alongside a right depiction of the consent itself. Such an interface allows the client to rapidly assess the security-related dangers of an Android application, by utilizing featuring the pertinent segments of the privateer's inclusion and by introducing helpful data about shrewd authorizations. A novel procedure is proposed for the assessment of privateer's protection approaches with regards to Android applications. The gadget actualized widely facilitates the way toward understanding the security ramifications of placing in 1/3 birthday celebration applications and it has just been checked in a situation to feature troubling examples of uses. The gadget is created in light of expandability, and correspondingly inclines in the strategy can without trouble be worked in to broaden the unwavering quality and adequacy. Likewise, if your application handles non-open or delicate individual information, it would be ideal if you also allude to the extra necessities in the “Individual and Sensitive Information” territory underneath. These Google Play necessities are notwithstanding any prerequisites endorsed by method for material security or data assurance laws. It has been proposed that, an individual who needs to perform the establishment and utilize any 1/3 festival application doesn't perceive the significance and which methods for the consents mentioned by method for an application, and along these lines sincerely gives all the authorizations as a final product of which unsafe applications furthermore get set up and work their malevolent leisure activity in the rear of the scene.

Security for authentication is required to give a superlative secure users' personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued-recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall-based n ×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space ( 2.4 ×104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone.

Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

This paper deals with the design and development of a Li-Fi (light fidelity) simplex communication system for data exchange between Android mobile devices. Li-Fi is an up-to-date technology in the modern world, since it uses visible light for data exchange, allowing for high-speed communication. The paper includes a brief review of Li-Fi technology, a review of the literature used, and a study of technological methods for implementing such systems, based on scientific sources. We propose the algorithms for data exchange, packet formation, and encryption-decryption. The paper presents the developed mobile application and the transceiver device, the development results, as well as experiments with the developed prototype. The results show that Li-Fi technology is workable and is a good alternative to existing communication methods.

In the northern gas fields, most data are transmitted via wireless networks, which requires special transmission security measures. Herewith, the gas field infrastructure dictates cybersecurity modules to not only meet standard requirements but also ensure reduced energy consumption. The paper discusses the issue of building such a module for a process control system based on the RTP-04M recorder operating in conjunction with an Android-based mobile device. The software options used for the RSA and Diffie-Hellman data encryption and decryption algorithms on both the RTP-04M and the Android-based mobile device sides in the Keil μVision4 and Android Studio software environments, respectively, have shown that the Diffie-Hellman algorithm is preferable. It provides significant savings in RAM and CPU resources and power consumption of the recorder. In terms of energy efficiency, the implemented programs have been analyzed in the Android Studio (Android Profiler) and Simplicity Studio (Advanced Energy Monitor) environments. The integration of this module into the existing software will improve the field's PCS cybersecurity level due to protecting data transmitted from third-party attacks.