554 research outputs found
Proposed Framework for Securing Mobile Banking Applications from Man in the Middle Attacks
Mobile phone banking and payments continues to not only be a popular way of transacting business but it also seems to evolve rapidly. Despite its popularity however there seem to be some very genuine concerns on the security issues revolving around it, particularly in regard to man in the middle attacks. This paper seeks to propose a secure framework for communication between a mobile device and the back end server for protecting mobile banking applications from man-in-the-middle attacks without introducing further threats to the communication channel. Keywords: Defense- in-depth, Security, man in the middle attack, secure framework, bank serve
Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis
Today's mobile devices contain densely packaged system-on-chips (SoCs) with
multi-core, high-frequency CPUs and complex pipelines. In parallel,
sophisticated SoC-assisted security mechanisms have become commonplace for
protecting device data, such as trusted execution environments, full-disk and
file-based encryption. Both advancements have dramatically complicated the use
of conventional physical attacks, requiring the development of specialised
attacks. In this survey, we consolidate recent developments in physical fault
injections and side-channel attacks on modern mobile devices. In total, we
comprehensively survey over 50 fault injection and side-channel attack papers
published between 2009-2021. We evaluate the prevailing methods, compare
existing attacks using a common set of criteria, identify several challenges
and shortcomings, and suggest future directions of research
FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
Modern smartphones support FIDO2 passwordless authentication using either
external security keys or internal biometric authentication, but it is unclear
whether users appreciate and accept these new forms of web authentication for
their own accounts. We present the first lab study (N=87) comparing platform
and roaming authentication on smartphones, determining the practical strengths
and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most
participants were willing to adopt passwordless authentication during our
in-person user study, but closer analysis shows that participants prioritize
usability, security, and availability differently depending on the account
type. We identify remaining adoption barriers that prevent FIDO2 from
succeeding password authentication, such as missing support for contemporary
usage patterns, including account delegation and usage on multiple clients.Comment: 16 pages, 6 figures, the dataset is available at
https://doi.org/10.5281/zenodo.7572697 and the source code is available at
https://github.com/seemoo-lab/fido2-the-smartphon
Leveraging the Cloud for Software Security Services.
This thesis seeks to leverage the advances in cloud computing in order to address modern
security threats, allowing for completely novel architectures that provide dramatic
improvements and asymmetric gains beyond what is possible using current approaches.
Indeed, many of the critical security problems facing the Internet and its users are inadequately
addressed by current security technologies. Current security measures often are deployed
in an exclusively network-based or host-based model, limiting their efficacy against
modern threats. However, recent advancements in the past decade in cloud computing and
high-speed networking have ushered in a new era of software services. Software services
that were previously deployed on-premise in organizations and enterprises are now being
outsourced to the cloud, leading to fundamentally new models in how software services are
sold, consumed, and managed.
This thesis focuses on how novel software security services can be deployed that leverage
the cloud to scale elegantly in their capabilities, performance, and management. First,
we introduce a novel architecture for malware detection in the cloud. Next, we propose
a cloud service to protect modern mobile devices, an ever-increasing target for malicious
attackers. Then, we discuss and demonstrate the ability for attackers to leverage the same
benefits of cloud-centric services for malicious purposes. Next, we present new techniques
for the large-scale analysis and classification of malicious software. Lastly, to demonstrate
the benefits of cloud-centric architectures outside the realm of malicious software,
we present a threshold signature scheme that leverages the cloud for robustness and resiliency.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/91385/1/jonojono_1.pd
The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia
The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year.
The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication.
We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences.
To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference
- …