iOS Short Message Service (SMS) transmits messages in plaintext, which would lead to potential security threats of data. It is meaningful to design a safe and effective SMS. In this paper, all iOS Security Guides are referred to and all the cryptographic algorithms in iOS data protection are analyzed. Because there is no homomorphic encryption, a library of homomorphic encryption algorithms for iOS based on RSA and Paillier is developed. Using this library, a protection scheme PS-HOMO for protecting iOS SMS data is proposed and implemented. Under the premise of ensuring the data confidentiality, PS-HOMO also has the function of ciphertext operation due to the multiplicative homomorphism of RSA and additive homomorphism of Paillier. A comprehensive performance test was performed on PS-HOMO. The results show that the performance is in line with our expectations and will not have a major impact on the original system. The security of PS-HOMO is theoretically analyzed from man-in-the-middle attack, replay attack, and traffic analysis attack. Two application scenarios of the PS-HOMO, remote anonymous voting and privacy telemedicine service are envisaged. We hope PS-HOMO would play a significant role in privacy protection.
Embedded devices such as routers not only bring convenience to people’s daily life, but also increase the attack surface and security risks of devices. Embedded device applications tend to be closed source and therefore cannot be searched for vulnerabilities through source code audits. Even open source applications can be insecure because they reference third-party libraries. Binary file vulnerability mining is an important means to solve this kind of problem, but it has the problems of path explosion and low efficiency. This article uses the static stain analysis with the method of combining the vulnerability characteristics, in the type of stain into classes and class assignment holes for testing. Based on function call graph, this paper uses atomic combinational optimization to detect the vulnerability of router firmware. The prototype tool -- CSChecker is implemented in D-Link, Tenda, the test was carried out on 267 firmware files of Netgear and other well-known brands, and the experimental results showed that the accuracy of CSChecker in the data set reached 92.51%, indicating that CSChecker could effectively search the injection vulnerabilities and assignment vulnerabilities of binary files.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.