Paper Unlock

Authors: Alexander Oprisnik ; Daniel Hein and Peter Teufl

Affiliation: Graz University of Technology, Austria

ISBN: 978-989-758-045-1

Keyword(s): Mobile Application Security, Machine Learning, Detection of Cryptographic Code, Container Applications, Password Managers, Data Encryption on Mobile Devices, Semantic Pattern Transformation, Correct Deployment of Symmetric and Asymmetric Cryptography.

Related Ontology Subjects/Areas/Topics: Applied Cryptography ; Cryptographic Techniques and Key Management ; Data and Application Security and Privacy ; Data Engineering ; Data Protection ; Databases and Data Security ; Information and Systems Security ; Security and Privacy in Mobile Systems ; Security Verification and Validation ; Software Security

Abstract: Mobile devices in corporate IT infrastructures are frequently used to process security-critical data. Over the past few years powerful security features have been added to mobile platforms. However, for legal and organisational reasons it is difficult to pervasively enforce using these features in consumer applications or Bring-Your-Own-Device (BYOD) scenarios. Thus application developers need to integrate custom implementations of security features such as encryption in security-critical applications. Our manual analysis of container applications and password managers has shown that custom implementations of cryptographic functionality often suffer from critical mistakes. During manual analysis, finding the custom cryptographic code was especially time consuming. Therefore, we present the Semdroid framework for simplifying application analysis of Android applications. Here, we use Semdroid to apply machine-learning techniques for detecting non-standard symmetric and asymmetric crypto graphy implementations. The identified code fragments can be used as starting points for subsequent manual analysis. Thus manual analysis time is greatly reduced. The capabilities of Semdroid have been evaluated on 98 password-safe applications downloaded from Google Play. Our evaluation shows the applicability of Semdroid and its potential to significantly improve future application analysis processes. (More)

PDF ImageFull Text


Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Oprisnik, A.; Hein, D. and Teufl, P. (2014). Identifying Cryptographic Functionality in Android Applications.In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 151-162. DOI: 10.5220/0005056301510162

author={Alexander Oprisnik. and Daniel Hein. and Peter Teufl.},
title={Identifying Cryptographic Functionality in Android Applications},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},


JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Identifying Cryptographic Functionality in Android Applications
SN - 978-989-758-045-1
AU - Oprisnik, A.
AU - Hein, D.
AU - Teufl, P.
PY - 2014
SP - 151
EP - 162
DO - 10.5220/0005056301510162

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.