A Smartphone Security Architecture for App Verification and Process Authentication

Ugus, Osman; Landsmann, Martin; Gessner, Dennis; Westhoff, Dirk

doi:10.1109/icccn.2012.6289217

Cited by 3 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A security architecture for Linux based smartphones that provides a runtime integrity measurement system proposed in [37]. The proposed architecture relies on a Mobile Trusted Module (MTM) which would only allow applications to run on the smartphone which have been signed by the MTM and would check pre-exisisting applications for modification.…”

Section: Securing Android Applicationsmentioning

confidence: 99%

On evaluating and securing firefox for Android browser extensions

Marston¹,

Weldemariam

Zulkernine

2014

Proceedings of the 1st International Conference on Mobile Software Engineering and Systems

View full text Add to dashboard Cite

Unsafely or maliciously coded extensions allow an attacker to run their own code in the victim's browser with elevated privileges. This gives the attacker a large amount of control over not only the browser but the underlying machine as well. The topic of securing desktop browsers from such threats has been well studied but mitigating the same danger on mobile devices has seen little attention. Similarly, mobile device use continues to grow world-wide at a rapid pace along with their capability and ability to perform sensitive actions. In an effort to mitigate the risks inherent with these actions, this paper details the dangers of JavaScript injection on the mobile browser. We further present a defense technique that was developed by extending from the desktop environment to work in the mobile space. Our prototype implementation is a combination of extensions on the Firefox for Android and a slightly modified browser of Firefox for Android. When the user attempts to install a new extension or update an existing one, the modified browser is called a priori. The overall extension logic, code transformation, and static analyzer components were implemented in JavaScript and SQLLite database. Our preliminary evaluation shows that our prototype implementation can effectively prevent real-world attacks against extensions on Firefox for Android without affecting users' browsing experience.

show abstract

Section: Securing Android Applicationsmentioning

confidence: 99%

On evaluating and securing firefox for Android browser extensions

Marston¹,

Weldemariam

Zulkernine

2014

Proceedings of the 1st International Conference on Mobile Software Engineering and Systems

View full text Add to dashboard Cite

show abstract

“…We assume a system where the problems of establishing trust in the mobile device, operating system and associated drivers, and the mobile client are already addressed. This includes for instance a system where a a chain of trust has been established [45], [23], [60]. The chain of trust ensures that the operating system, including the camera and sensor device drivers, and the installed apps, are trusted and have not been tampered with by an attacker, see e.g., [4], [6].…”

Section: A System Modelmentioning

confidence: 99%

Movee: Video Liveness Verification for Mobile Devices Using Built-In Motion Sensors

Rahman

Topkara²,

Cărbunar

2016

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

The ubiquitous and connected nature of cameraequipped mobile devices has greatly increased the value and importance of visual information they capture. Today, broadcasting videos from camera phones uploaded by unknown users is admissible on news networks, and banking customers expect to be able to deposit checks using mobile devices. In this paper we introduce Movee, a system that addresses the fundamental question of whether the visual stream uploaded by a user has been captured live on a mobile device, and has not been tampered with by an adversary.Movee leverages the mobile device motion sensors and the intrinsic user movements during the shooting of the video. Movee exploits the observation that the movement of the scene recorded on the video stream should be related to the movement of the device simultaneously captured by the accelerometer. Contrary to existing algorithms, Movee has the unique strength of not depending on the audio track.We introduce novel attacks that focus on Movee's defenses, to fabricate acceleration data that mimics the motion observed in targeted videos. We use smartphones and wearable smart glasses to collect both genuine and attack data from 13 users. Our experiments show that Movee is able to efficiently detect human and automatically generated plagiarized videos: Movee's accuracy ranges between 68-93% on a smartphone, and between 76-91% on a Google Glass device.1536-1233 (c)

show abstract