A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android

In the realm of mobile security, where OS-based protections have proven insufficient against robust attackers, Trusted Execution Environments (TEEs) have emerged as a hardware-based security technology. Despite the industry's persistence in advancing TEE technology, the impact on end users and developers remains largely unexplored. This study addresses this gap by conducting a large-scale analysis of TEE utilization in Android applications, focusing on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs. To facilitate our extensive analysis, we introduce Mobsec Analytika, a framework tailored for large-scale app examinations, which we make available to the research community. Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage. Our findings reveal that TEE features are predominantly utilized indirectly through third-party libraries, with only 6.7% of apps directly invoking the APIs. Moreover, the study reveals the underutilization of the recent TEE-based UI feature Protected Confirmation.Comment: Additional information and artifacts on project page: https://www.cs1.tf.fau.de/android-tee-study

Considerations for implementing electronic laboratory notebooks in an academic research environment

As research becomes predominantly digitalised, scientists have the option of using electronic laboratory notebooks to record and access entries. These systems can more readily meet volume, complexity, accessibility and preservation requirements than paper notebooks. Whilst the technology can yield many benefits these can only be realised by choosing a system that properly fulfils the requirements of a given context. This review explores the factors that should be considered when introducing electronic laboratory notebooks to an academically focused research group. We cite pertinent studies and discuss our own experience implementing a system within a multi-disciplinary research environment. We also consider how the required financial and time investment is shared between individuals and institutions. Finally, we discuss how electronic laboratory notebooks fit into the broader context of research data management. This article is not a product review; it provides a framework for both the initial consideration of an electronic laboratory notebook and the evaluation of specific software packages

An Adaptive Blockchain based Three-Tier Architecture in Fog based IoT for Personal Healthcare Data Application

To protect patient health data (PHD) and ensure the security of healthcare IoT devices, this paper presents an Advanced Signature-Based Encryption algorithm (ASE), a blockchain analytical model, a mathematical framework, and an Adaptive Fog Computing based Three-tier Architecture (AFCTTA). The aim is to enable safe access to real-time services and IoT for end users. This AFCTTA was constructed on a blockchain platform, providing trustworthy data transmission between patients, clinicians, fog nodes, and IoT. Additionally, a decentralized fog computing-based blockchain analytical model along with a mathematical framework were produced to ensure secure transfer of data and transactions within healthcare IoT. To ensure secure communication between devices and fog nodes, a private block chain was implemented in order to validate certificates and keys. As an added security measure, an ASE method was devised. This algorithm utilizes War Optimization Strategy (WOA) to select optimal keys for securing data from heterogeneous and homogeneous IoT healthcare equipment. Through its encryption process utilizing various cryptographic techniques, all traffic is encrypted before being decrypted once it reaches its intended destination. To validate its proposed approach, UCI machine library is collecting health care data. To execute this method, Python is utilized and compared to traditional algorithms such as Rivest-Shamir-Adleman (RSA), Elliptical Curve Cryptography (ECC), and Tiny Lightweight Symmetric Encryption-Aquila Optimization Algorithm (TLSE-AOA)

Safeguarding the Evidential Value of Forensic Cryptocurrency Investigations

Analyzing cryptocurrency payment flows has become a key forensic method in law enforcement and is nowadays used to investigate a wide spectrum of criminal activities. However, despite its widespread adoption, the evidential value of obtained findings in court is still largely unclear. In this paper, we focus on the key ingredients of modern cryptocurrency analytics techniques, which are clustering heuristics and attribution tags. We identify internationally accepted standards and rules for substantiating suspicions and providing evidence in court and project them onto current cryptocurrency forensics practices. By providing an empirical analysis of CoinJoin transactions, we illustrate possible sources of misinterpretation in algorithmic clustering heuristics. Eventually, we derive a set of legal key requirements and translate them into a technical data sharing framework that fosters compliance with existing legal and technical standards in the realm of cryptocurrency forensics. Integrating the proposed framework in modern cryptocurrency analytics tools could allow more efficient and effective investigations, while safeguarding the evidential value of the analysis and the fundamental rights of affected persons