78 research outputs found
A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android
In the realm of mobile security, where OS-based protections have proven
insufficient against robust attackers, Trusted Execution Environments (TEEs)
have emerged as a hardware-based security technology. Despite the industry's
persistence in advancing TEE technology, the impact on end users and developers
remains largely unexplored. This study addresses this gap by conducting a
large-scale analysis of TEE utilization in Android applications, focusing on
the key areas of cryptography, digital rights management, biometric
authentication, and secure dialogs.
To facilitate our extensive analysis, we introduce Mobsec Analytika, a
framework tailored for large-scale app examinations, which we make available to
the research community. Through the analysis of 170,550 popular Android apps,
our analysis illuminates the implementation of TEE-related features and their
contextual usage.
Our findings reveal that TEE features are predominantly utilized indirectly
through third-party libraries, with only 6.7% of apps directly invoking the
APIs. Moreover, the study reveals the underutilization of the recent TEE-based
UI feature Protected Confirmation.Comment: Additional information and artifacts on project page:
https://www.cs1.tf.fau.de/android-tee-study
Considerations for implementing electronic laboratory notebooks in an academic research environment
As research becomes predominantly digitalised, scientists have the option of using electronic laboratory notebooks to record and access entries. These systems can more readily meet volume, complexity, accessibility and preservation requirements than paper notebooks. Whilst the technology can yield many benefits these can only be realised by choosing a system that properly fulfils the requirements of a given context. This review explores the factors that should be considered when introducing electronic laboratory notebooks to an academically focused research group. We cite pertinent studies and discuss our own experience implementing a system within a multi-disciplinary research environment. We also consider how the required financial and time investment is shared between individuals and institutions. Finally, we discuss how electronic laboratory notebooks fit into the broader context of research data management. This article is not a product review; it provides a framework for both the initial consideration of an electronic laboratory notebook and the evaluation of specific software packages
An Adaptive Blockchain based Three-Tier Architecture in Fog based IoT for Personal Healthcare Data Application
To protect patient health data (PHD) and ensure the security of healthcare IoT devices, this paper presents an Advanced Signature-Based Encryption algorithm (ASE), a blockchain analytical model, a mathematical framework, and an Adaptive Fog Computing based Three-tier Architecture (AFCTTA). The aim is to enable safe access to real-time services and IoT for end users. This AFCTTA was constructed on a blockchain platform, providing trustworthy data transmission between patients, clinicians, fog nodes, and IoT. Additionally, a decentralized fog computing-based blockchain analytical model along with a mathematical framework were produced to ensure secure transfer of data and transactions within healthcare IoT. To ensure secure communication between devices and fog nodes, a private block chain was implemented in order to validate certificates and keys. As an added security measure, an ASE method was devised. This algorithm utilizes War Optimization Strategy (WOA) to select optimal keys for securing data from heterogeneous and homogeneous IoT healthcare equipment. Through its encryption process utilizing various cryptographic techniques, all traffic is encrypted before being decrypted once it reaches its intended destination. To validate its proposed approach, UCI machine library is collecting health care data. To execute this method, Python is utilized and compared to traditional algorithms such as Rivest-Shamir-Adleman (RSA), Elliptical Curve Cryptography (ECC), and Tiny Lightweight Symmetric Encryption-Aquila Optimization Algorithm (TLSE-AOA)
Safeguarding the Evidential Value of Forensic Cryptocurrency Investigations
Analyzing cryptocurrency payment flows has become a key forensic method in
law enforcement and is nowadays used to investigate a wide spectrum of criminal
activities. However, despite its widespread adoption, the evidential value of
obtained findings in court is still largely unclear. In this paper, we focus on
the key ingredients of modern cryptocurrency analytics techniques, which are
clustering heuristics and attribution tags. We identify internationally
accepted standards and rules for substantiating suspicions and providing
evidence in court and project them onto current cryptocurrency forensics
practices. By providing an empirical analysis of CoinJoin transactions, we
illustrate possible sources of misinterpretation in algorithmic clustering
heuristics. Eventually, we derive a set of legal key requirements and translate
them into a technical data sharing framework that fosters compliance with
existing legal and technical standards in the realm of cryptocurrency
forensics. Integrating the proposed framework in modern cryptocurrency
analytics tools could allow more efficient and effective investigations, while
safeguarding the evidential value of the analysis and the fundamental rights of
affected persons
- …