Forensic Analysis of the ChatSecure Instant Messaging Application on Android Smartphones

We present the forensic analysis of the artifacts generated on Android smartphones by ChatSecure, a secure Instant Messaging application that provides strong encryption for transmitted and locally-stored data to ensure the privacy of its users. We show that ChatSecure stores local copies of both exchanged messages and files into two distinct, AES-256 encrypted databases, and we devise a technique able to decrypt them when the secret passphrase, chosen by the user as the initial step of the encryption process, is known. Furthermore, we show how this passphrase can be identified and extracted from the volatile memory of the device, where it persists for the entire execution of ChatSecure after having been entered by the user, thus allowing one to carry out decryption even if the passphrase is not revealed by the user. Finally, we discuss how to analyze and correlate the data stored in the databases used by ChatSecure to identify the IM accounts used by the user and his/her buddies to communicate, as well as to reconstruct the chronology and contents of the messages and files that have been exchanged among them. For our study we devise and use an experimental methodology, based on the use of emulated devices, that provides a very high degree of reproducibility of the results, and we validate the results it yields against those obtained from real smartphones

PRIMA — Privacy research through the perspective of a multidisciplinary mash up

Based on a summary description of privacy protection research within three fields of inquiry, viz. social sciences, legal science, and computer and systems sciences, we discuss multidisciplinary approaches with regard to the difficulties and the risks that they entail as well as their possible advantages. The latter include the identification of relevant perspectives of privacy, increased expressiveness in the formulation of research goals, opportunities for improved research methods, and a boost in the utility of invested research efforts

Reengineering the user: Privacy concerns about personal data on smartphones.

Purpose: This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed. Design/methodology/approach: The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed. Findings: The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices. Research limitations/implications: The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions. Practical implications: The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices. Social implications: The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware. Originality/value: This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy

Obstacles to the Adoption of Secure Communication Tools

The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance. Several popular personal communication tools (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched with security as a key selling point. However it remains unclear if users understand what protection these tools offer, and if they value that protection. In this study, we interviewed 60 participants about their experience with different communication tools and their perceptions of the tools' security properties. We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools. Furthermore, the vast majority of participants did not understand the essential concept of end-to-end encryption, limiting their motivation to adopt secure tools. We identified a number of incorrect mental models that underpinned participants' beliefs

Contributory Negligence, Technology, and Trade Secrets

In tort law, the doctrine of contributory negligence captures conduct by the plaintiff that falls below the standard to which he should conform for his own protection. Whether one has been contributorily negligent is determined by an objective standard of reasonableness under the circumstances. This Article, for the first time, applies contributory negligence principles to trade secret law. It draws upon this doctrine to frame and analyze a challenge posed by modem technology. The very technological tools in use today that increase the efficiency with which companies do business also create challenges for trade secret protection. What might have been a reasonable precaution ten years ago to protect a trade secret is not necessarily reasonable today in light of the changed circumstances created by technology. These changes increase the risk of trade secret misappropriation, and trade secret owners must be mindful to have adequate security measures, both technical and process-based, to deal with these enhanced risks

Exploring children's social and moral behaviour in a technology context

The central argument of this thesis is that disclosure of certain information via computer-mediated communication technologies influence specific behaviours in relation to trust, and betrayal for children and young people. The main aim of this thesis is to extend the computer mediated communication literature by investigating young people‘s use of digital communication devices in an effort to explore interactions between methods of computer mediated communication and young people‘s subsequent social and moral behaviour. The thesis begins with qualitative analyses of data gathered via focus groups to raise a broad range of issues important to the young user rather than the issues deemed important by parents and educators. Young people indicate clearly that they are aware of the safety issues that concern parents and academics eager to protect them from predators. Whilst the single most popular reason they identify for engaging with technology is to communicate, they identify three key areas of concern related to technology use; usage preferences, positive aspects of technology use and negative aspects of technology use. The topics relating to the latter two themes combine social and moral behaviours forming a preliminary framework for understanding behaviour within the HCI agenda. Subjective and objective methodology is implemented, typically via questionnaires and content analysis. In depth examination and assessment of those concerns deemed important to the young user is achieved via questionnaire studies developed from the issues raised in the focus groups. Building upon the preliminary framework identified in the first study, the thesis employs a questionnaire study to examine whether technology has an impact on trust by young people and how any betrayal of trust might impact on their subsequent behaviour. The questionnaire studies reveal that for young people dynamics of trust and forgiveness are functions of both type of medium chosen to convey information, as well as the recipient to whom the information is related. Further investigation confirms that similar elements exist for older users communicating via digital communication technologies. Subsequent investigation reveals that as young users of computer mediated communication adopt each new alternative communication medium, they then manipulate that new medium to fit their communication needs by using them in such a way as to enhance the speed and quality of communication