Biblio

This paper proposes the implementation of progressive authentication service in smart android mobile phone. In this digital era, massive amount of work can be done in the digital form using the smart devices like smart phone , laptop, Tablets, etc. The number of smartphone users approx. reach to 299.24 million, as per the recent survey report [1] in 2019 this count will reach 2.7 billion and after 3 years, this count will increase up to 442.5 million. This article includes a cluster based progressive smart lock with a dependent combination that is short and more secure in nature. Android provides smart lock facilities with the combination of 9 dot, 6dot, 5dot, 4dot and 1-9 number. By using this mobile phone user will be able to generate pattern lock or number password for authentication. This is a single authentication system, this research paper includes a more secured multiple cluster based pattern match system.

Today, the privacy and the security of any organization are the key requirement, the digital online transaction of money or coins also needed a certain level of security not only during the broadcasting of the transaction but before the sending of the transaction. In this research paper we proposed and implemented a cryptocurrency (Bitcoin) wallet for the android operating system, by using the QR code-based android application and a secure private key storage (Cold Wallet). Two android applications have been implemented one of them is called cold wallet and the other one is hot wallet. Cold wallet (offline) is to store and generate the private key addresses for secure transaction confirmation and the hot wallet is used to send bitcoin to the network. Hot wallet application gives facility to the user view history of performed transactions, to send and compose a new bitcoin transaction, receive bitcoin, sign it and send it to the network. By using the process of cross QR code scanning of the hot and cold wallet to the identification, validation and authentication of the user made it secure.

Mobile and web application security, particularly the areas of data privacy, has raised much concerns from the public in recent years. Most applications, or apps for short, are installed without disclosing full information to users and clearly stating what the application has access to, which often raises concern when users become aware of unnecessary information being collected. Unfortunately, most users have little to no technical expertise in regards to what permissions should be turned on and can only rely on their intuition and past experiences to make relatively uninformed decisions. To solve this problem, we developed DroidNet, which is a crowd-sourced Android recommendation tool and framework. DroidNet alleviates privacy concerns and presents users with high confidence permission control recommendations based on the decision from expert users who are using the same apps. This paper explains the general framework, principles, and model behind DroidNet while also providing an experimental setup design which shows the effectiveness and necessity for such a tool.

Android operating systems have become a prime target for cyber attackers due to security vulnerabilities in the underlying operating system and application design. Recently, anomaly detection techniques are widely studied for security vulnerabilities detection and classification. However, the ability of the attackers to create new variants of existing malware using various masking techniques makes it harder to deploy these techniques effectively. In this research, we present a robust and effective vulnerabilities detection approach based on anomaly detection in a system calls of benign and malicious Android application. The anomaly in our study is type, frequency, and sequence of system calls that represent a vulnerability. Our system monitors the processes of benign and malicious application and detects security vulnerabilities based on the combination of parameters and metrics, i.e., type, frequency and sequence of system calls to classify the process behavior as benign or malign. The detection algorithm detects the anomaly based on the defined scoring function f and threshold ρ. The system refines the detection process by applying machine learning techniques to find a combination of system call metrics and explore the relationship between security bugs and the pattern of system calls detected. The experiment results show the detection rate of the proposed algorithm based on precision, recall, and f-score for different machine learning algorithms.

Dynamic Taint Analysis (DTA) technique has been developed for analysis and understanding behavior of Android applications and privacy policy enforcement. Meanwhile, implicit information flows (IIFs) are major concern of security researchers because IIFs can evade DTA technique easily and give attackers an advantage over the researchers. Some researchers suggested approaches to the issue and developed analysis systems supporting privacy policy enforcement against IIF-accompanied attacks; however, there is still no effective technique of comprehensive analysis and privacy policy enforcement against IIF-accompanied attacks. In this paper, we propose an IIF detection technique to enforce privacy policy against IIF-accompanied attacks in Android applications. We developed a new analysis tool, called Smalien, that can discover data leakage caused by IIF-contained information flows as well as explicit information flows. We demonstrated practicability of Smalien by applying it to 16 IIF tricks from ScrubDroid and two IIF tricks from DroidBench. Smalien enforced privacy policy successfully against all the tricks except one trick because the trick loads code dynamically from a remote server at runtime, and Smalien cannot analyze any code outside of a target application. The results show that our approach can be a solution to the current attacker-superior situation.

This paper proposes the implementation of progressive authentication service in smart android mobile phone. In this digital era, massive amount of work can be done in the digital form using the smart devices like smart phone , laptop, Tablets, etc. The number of smartphone users approx. reach to 299.24 million, as per the recent survey report [1] in 2019 this count will reach 2.7 billion and after 3 years, this count will increase up to 442.5 million. This article includes a cluster based progressive smart lock with a dependent combination that is short and more secure in nature. Android provides smart lock facilities with the combination of 9 dot, 6dot, 5dot, 4dot and 1-9 number. By using this mobile phone user will be able to generate pattern lock or number password for authentication. This is a single authentication system, this research paper includes a more secured multiple cluster based pattern match system.

Recent research has proposed middleware to enable efficient distributed apps over mobile-cloud platforms. This paper presents a Context-Aware File Discovery Service (CAFDS) that allows distributed mobile-cloud applications to find and access files of interest shared by collaborating users. CAFDS enables programmers to search for files defined by context and content features, such as location, creation time, or the presence of certain object types within an image file. CAFDS provides low-latency through a cloud-based metadata server, which uses a decision tree to locate the nearest files that satisfy the context and content features requested by applications. We implemented CAFDS in Android and Linux. Experimental results show CAFDS achieves substantially lower latency than peer-to-peer solutions that cannot leverage context information.

While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To detect malware and its variants, it is essential to adopt behavior-based detection for efficient malware classification. This paper presents a system that classifies malware by using common behavioral characteristics along with malware families. We measure the similarity between malware families with carefully chosen features commonly appeared in the same family. With the proposed similarity measure, we can classify malware by malware's attack behavior pattern and tactical characteristics. Also, we apply community detection algorithm to increase the modularity within each malware family network aggregation. To maintain high classification accuracy, we propose a process to derive the optimal weights of the selected features in the proposed similarity measure. During this process, we find out which features are significant for representing the similarity between malware samples. Finally, we provide an intuitive graph visualization of malware samples which is helpful to understand the distribution and likeness of the malware networks. In the experiment, the proposed system achieved 97% accuracy for malware classification and 95% accuracy for prediction by K-fold cross-validation using the real malware dataset.

This paper aims to explain static analysis techniques in detail, and to highlight the weaknesses and challenges which face it. To this end, more than 80 static analysis-based framework have been studied, and in their light, the process of detecting malicious applications has been divided into four phases that were explained in a schematic manner. Also, the features that is used in static analysis were discussed in detail by dividing it into four categories namely, Manifest-based features, code-based features, semantic features and app's metadata-based features. Also, the challenges facing methods based on static analysis were discussed in detail. Finally, a case study was conducted to test the strength of some known commercial antivirus and one of the stat-of-art academic static analysis frameworks against obfuscation techniques used by developers of malicious applications. The results showed a significant impact on the performance of the most tested antiviruses and frameworks, which is reflecting the urgent need for more accurately tools.

Exfiltrating sensitive information from smartphones has become one of the most significant security threats. We have built a system to identify HTTP-based information exfiltration of malicious Android applications. In this paper, we discuss the method to track the propagation of sensitive information in Android applications using static taint analysis. We have studied the leaked information, destinations to which information is exfiltrated, and their correlations with types of sensitive information. The analysis results based on 578 malicious Android applications have revealed that a significant portion of these applications are interested in identity-related sensitive information. The vast majority of malicious applications leak multiple types of sensitive information. We have also identified servers associated with three country codes including CN, US, and SG are most active in collecting sensitive information. The analysis results have also demonstrated that a wide range of non-default ports are used by suspicious URLs.

Today, computing on various Android devices is pervasive. However, growing security vulnerabilities and attacks in the Android ecosystem constitute various threats through user apps. Taint analysis is a common technique for defending against these threats, yet it suffers from challenges in attaining practical simultaneous scalability and effectiveness. This paper presents a novel approach to fast and precise taint checking, called incremental taint analysis, by exploiting the evolving nature of Android apps. The analysis narrows down the search space of taint checking from an entire app, as conventionally addressed, to the parts of the program that are different from its previous versions. This technique improves the overall efficiency of checking multiple versions of the app as it evolves. We have implemented the techniques as a tool prototype, EVOTAINT, and evaluated our analysis by applying it to real-world evolving Android apps. Our preliminary results show that the incremental approach largely reduced the cost of taint analysis, by 78.6% on average, yet without sacrificing the analysis effectiveness, relative to a representative precise taint analysis as the baseline.

We introduce MobiCeal, the first practical Plausibly Deniable Encryption (PDE) system for mobile devices that can defend against strong coercive multi-snapshot adversaries, who may examine the storage medium of a user's mobile device at different points of time and force the user to decrypt data. MobiCeal relies on "dummy write" to obfuscate the differences between multiple snapshots of storage medium due to existence of hidden data. By incorporating PDE in block layer, MobiCeal supports a broad deployment of any block-based file systems on mobile devices. More importantly, MobiCeal is secure against side channel attacks which pose a serious threat to existing PDE schemes. A proof of concept implementation of MobiCeal is provided on an LG Nexus 4 Android phone using Android 4.2.2. It is shown that the performance of MobiCeal is significantly better than prior PDE systems against multi-snapshot adversaries.

In this paper, we discuss the digital forensic procedure and techniques for analyzing the local artifacts from four popular Instant Messaging applications in Android. As part of our findings, the user chat messages details and contacts were investigated for each application. By using two smartphones with different brands and the latest Android operating systems as experimental objects, we conducted digital investigations in a forensically sound manner. We summarize our findings regarding the different Instant Messaging chat modes and the corresponding encryption status of artifacts for each of the four applications. Our findings can be helpful to many mobile forensic investigations. Additionally, these findings may present values to Android system developers, Android mobile app developers, mobile security researchers as well as mobile users.

Most mobile applications generate local data on internal memory with SharedPreference interface of an Android operating system. Therefore, many possible loopholes can access the confidential information such as passwords. We propose a hybrid encryption approach for SharedPreferences to protect the leaking confidential information through the source code. We develop an Android application and store some data using SharedPreference. We produce different experiments with which this data could be accessed. We apply Hybrid encryption approach combining encryption approach with Android Keystore system, for providing better encryption algorithm to hide sensitive data.

Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.

Robotics and the Internet of Things (IoT) are enveloping our society at an exponential rate due to lessening costs and better availability of hardware and software. Additionally, Cloud Robotics and Robot Operating System (ROS) can offset onboard processing power. However, strong and fundamental security practices have not been applied to fully protect these systems., partially negating the benefits of IoT. Researchers are therefore tasked with finding ways of securing communications and systems. Since security and convenience are oftentimes at odds, securing many heterogeneous components without compromising performance can be daunting. Protecting systems from attacks and ensuring that connections and instructions are from approved devices, all while maintaining the performance is imperative. This paper focuses on the development of security best practices and a mesh framework with an open-source, multipoint-to-multipoint virtual private network (VPN) that can tie Linux, Windows, IOS., and Android devices into one secure fabric, with heterogeneous mobile robotic platforms running ROSPY in a secure cloud robotics infrastructure.

Many companies within the Internet of Things (IoT) sector rely on the personal data of users to deliver and monetize their services, creating a high demand for personal information. A user can be seen as making a series of transactions, each involving the exchange of personal data for a service. In this paper, we argue that privacy can be described quantitatively, using the game- theoretic concept of value of information (VoI), enabling us to assess whether each exchange is an advantageous one for the user. We introduce PrivacyGate, an extension to the Android operating system built for the purpose of studying privacy of IoT transactions. An example study, and its initial results, are provided to illustrate its capabilities.

The analysis of multiple Android malware families indicates malware instances within a common malware family always have similar call graph structures. Based on the isomorphism of sensitive API call graph, we propose a method which is used to construct malware family features via combining static analysis approach with graph similarity metric. The experiment is performed on a malware dataset which contains 1326 malware samples from 16 different malware families. The result shows that the method can differentiate distinct malware family features and divide suspect malware samples into corresponding families with a high accuracy of 96.77% overall and even defend a certain extent of obfuscation.

IoT Network Monitor is an intuitive and user-friendly interface for consumers to visualize vulnerabilities of IoT devices in their home. Running on a Raspberry Pi configured as a router, the IoT Network Monitor analyzes the traffic of connected devices in three ways. First, it detects devices with default passwords exploited by previous attacks such as the Mirai Botnet, changes default device passwords to randomly generated 12 character strings, and reports the new passwords to the user. Second, it conducts deep packet analysis on the network data from each device and notifies the user of potentially sensitive personal information that is being transmitted in cleartext. Lastly, it detects botnet traffic originating from an IoT device connected to the network and instructs the user to disconnect the device if it has been hacked. The user-friendly IoT Network Monitor will enable homeowners to maintain the security of their home network and better understand what actions are appropriate when a certain security vulnerability is detected. Wide adoption of this tool will make consumer home IoT networks more secure.

The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be the most reliable. To generate the APIs that an application calls is not an easy task. This is because most malicious applications are obfuscated and do not come with the source code. This makes the problem of identifying the API methods invoked by an application an interesting research issue. In this paper, we present HyDroid, a hybrid approach that combines static and dynamic analysis to generate API call traces from the execution of an application's services. We focus on services because they contain key characteristics that allure attackers to misuse them. We show that HyDroid can be used to extract API call trace signatures of several malware families.

Currently, mobile botnet attacks have shifted from computers to smartphones due to its functionality, ease to exploit, and based on financial intention. Mostly, it attacks Android due to its popularity and high usage among end users. Every day, more and more malicious mobile applications (apps) with the botnet capability have been developed to exploit end users' smartphones. Therefore, this paper presents a new mobile botnet classification based on permission and Application Programming Interface (API) calls in the smartphone. This classification is developed using static analysis in a controlled lab environment and the Drebin dataset is used as the training dataset. 800 apps from the Google Play Store have been chosen randomly to test the proposed classification. As a result, 16 permissions and 31 API calls that are most related with mobile botnet have been extracted using feature selection and later classified and tested using machine learning algorithms. The experimental result shows that the Random Forest Algorithm has achieved the highest detection accuracy of 99.4% with the lowest false positive rate of 16.1% as compared to other machine learning algorithms. This new classification can be used as the input for mobile botnet detection for future work, especially for financial matters.

Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) or WiFi (when indoors). We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify the contribution of each modality to the overall performance.

In this paper, we present a security and privacy enhancement (SPE) framework for unmodified mobile operating systems. SPE introduces a new layer between the application and the operating system and does not require a device be jailbroken or utilize a custom operating system. We utilize an existing ontology designed for enforcing security and privacy policies on mobile devices to build a policy that is customizable. Based on this policy, SPE provides enhancements to native controls that currently exist on the platform for privacy and security sensitive components. SPE allows access to these components in a way that allows the framework to ensure the application is truthful in its declared intent and ensure that the user's policy is enforced. In our evaluation we verify the correctness of the framework and the computing impact on the device. Additionally, we discovered security and privacy issues in several open source applications by utilizing the SPE Framework. From our findings, if SPE is adopted by mobile operating systems producers, it would provide consumers and businesses the additional privacy and security controls they demand and allow users to be more aware of security and privacy issues with applications on their devices.

Third-party IME (Input Method Editor) apps are often the preference means of interaction for Android users' input. In this paper, we first discuss the insecurity of IME apps, including the Potentially Harmful Apps (PHA) and malicious IME apps, which may leak users' sensitive keystrokes. The current defense system, such as I-BOX, is vulnerable to the prefix-substitution attack and the colluding attack due to the post-IME nature. We provide a deeper understanding that all the designs with the post-IME nature are subject to the prefix-substitution and colluding attacks. To remedy the above post-IME system's flaws, we propose a new idea, pre-IME, which guarantees that "Is this touch event a sensitive keystroke?" analysis will always access user touch events prior to the execution of any IME app code. We designed an innovative TrustZone-based framework named IM-Visor which has the pre-IME nature. Specifically, IM-Visor creates the isolation environment named STIE as soon as a user intends to type on a soft keyboard, then the STIE intercepts, translates and analyzes the user's touch input. If the input is sensitive, the translation of keystrokes will be delivered to user apps through a trusted path. Otherwise, IM-Visor replays non-sensitive keystroke touch events for IME apps or replays non-keystroke touch events for other apps. A prototype of IM-Visor has been implemented and tested with several most popular IMEs. The experimental results show that IM-Visor has small runtime overheads.

Opportunistic Networks are delay-tolerant mobile networks with intermittent node contacts in which data is transferred with the store-carry-forward principle. Owners of smartphones and smart objects form such networks due to their social behaviour. Opportunistic Networking can be used in remote areas with no access to the Internet, to establish communication after disasters, in emergency situations or to bypass censorship, but also in parallel to familiar networking. In this work, we create a mobile network application that connects Android devices over Wi-Fi, offers identification and encryption, and gathers information for routing in the network. The network application is constructed in such a way that third party applications can use the network application as network layer to send and receive data packets. We create secure and reliable connections while maintaining a high transmission speed, and with the gathered information about the network we offer knowledge for state of the art routing protocols. We conduct tests on connectivity, transmission range and speed, battery life and encryption speed and show a proof of concept for routing in the network.