Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

Privacy-preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment

Purpose – This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics. Design/methodology/approach – A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment. Findings – The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency. Research limitations/implications – The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services. Practical implications – PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions. Social implications – This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it. Originality/value – To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users

Quantifying Privacy: A Novel Entropy-Based Measure of Disclosure Risk

It is well recognised that data mining and statistical analysis pose a serious treat to privacy. This is true for financial, medical, criminal and marketing research. Numerous techniques have been proposed to protect privacy, including restriction and data modification. Recently proposed privacy models such as differential privacy and k-anonymity received a lot of attention and for the latter there are now several improvements of the original scheme, each removing some security shortcomings of the previous one. However, the challenge lies in evaluating and comparing privacy provided by various techniques. In this paper we propose a novel entropy based security measure that can be applied to any generalisation, restriction or data modification technique. We use our measure to empirically evaluate and compare a few popular methods, namely query restriction, sampling and noise addition.Comment: 20 pages, 4 figure

Homo Datumicus : correcting the market for identity data

Effective digital identity systems offer great economic and civic potential. However, unlocking this potential requires dealing with social, behavioural, and structural challenges to efficient market formation. We propose that a marketplace for identity data can be more efficiently formed with an infrastructure that provides a more adequate representation of individuals online. This paper therefore introduces the ontological concept of Homo Datumicus: individuals as data subjects transformed by HAT Microservers, with the axiomatic computational capabilities to transact with their own data at scale. Adoption of this paradigm would lower the social risks of identity orientation, enable privacy preserving transactions by default and mitigate the risks of power imbalances in digital identity systems and markets

Penerapan Algoritma Apriori untuk Menemukan Hubungan Data Murid dengan Nilai Sekolah

Murid merupakan salah satu komponen terpenting dari sebuah sekolah, karena tanpa adanya murid maka sekolah tidak dapatmelaksanakan kegiatan pembelajaran. Setiap murid pada sebuah sekolah memiliki data yang didapatkan pada saat awalmasuk dan juga nilai sekolah yang merupakan hasil pembelajaran. Namun, data-data tersebut belum diketahuiketerhubungannya sehingga dibutuhkan sebuah metode untuk mengolahnya. Melalui penelitian ini, sebuah metode DataMining yaitu Association dengan Algoritma Apriori digunakan untuk mencari hubungan antara data murid dengan nilaisekolah. Data murid merupakan data awal masuk murid yang terdiri dari tempat dan tahun lahir, agama, dan tahun masuk.Nilai minimal support yang digunakan sebesar 20% dan nilai confidence merupakan parameter yang menentukan seberapabesar hubungan antara data murid dengan nilai sekolah. Nilai confidence terbesar diperoleh dari hubungan antara agamaKristen dengan nilai sekolah ↑77-82 sebesar 54,5%. Penelitian ini dilakukan pada SD Kristen Kalam Kudus IV Alam Raya

DIGITAL RIGHTS MANAGEMENT AND CANADIAN PRIVACY: ALTERNATIVES FOR DIGITAL RIGHTS MANAGEMENT IMPLEMENTATION IN CANADA

Canada has signed, but not ratified, either the World Intellectual Property Organization Copyright Treaty (WCT) or the World Intellectual Property Organization Performances and Phonograms Treaty (WPPT). This thesis examines the current state of privacy and personal data protection law if Digital Rights Management system technologies were legally implemented today in Canada, in compliance with these treaties. This study emphasises in two jurisdictions: Federal and Ontario. It will be demonstrated that functionalities present in Digital Rights Management, like fingerprinting, watermarking and authentication technologies, violate privacy and personal data protection law. The idea to issue a number of alternatives for implementation of Digital Rights Management in the legal and technological fields that could enhance privacy and personal data protection. This thesis concludes that there are alternatives for implementation of Digital Rights Management in Canada that, do not require a direct implementation of the WCT and the WPPT

The entropy of keys derived from laser speckle

Laser speckle has been proposed in a number of papers as a high-entropy source of unpredictable bits for use in security applications. Bit strings derived from speckle can be used for a variety of security purposes such as identification, authentication, anti-counterfeiting, secure key storage, random number generation and tamper protection. The choice of laser speckle as a source of random keys is quite natural, given the chaotic properties of speckle. However, this same chaotic behaviour also causes reproducibility problems. Cryptographic protocols require either zero noise or very low noise in their inputs; hence the issue of error rates is critical to applications of laser speckle in cryptography. Most of the literature uses an error reduction method based on Gabor filtering. Though the method is successful, it has not been thoroughly analysed. In this paper we present a statistical analysis of Gabor-filtered speckle patterns. We introduce a model in which perturbations are described as random phase changes in the source plane. Using this model we compute the second and fourth order statistics of Gabor coefficients. We determine the mutual information between perturbed and unperturbed Gabor coefficients and the bit error rate in the derived bit string. The mutual information provides an absolute upper bound on the number of secure bits that can be reproducibly extracted from noisy measurements

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

Framework of Smart Mobile Rfid Networks

Basically RFID (radio-frequency identification) is a wireless communication technology within the L1 (Layer 1, the physical layer of the OSI 7-layer Reference Model) and L2 scopes between RFID tag and reader. The RFID reader reads the code in the RFID tag and interprets it by communicating with the IS(information services)  server via a proper communication network. This is the typical architecture defined by EPC (electronic product Code)global. RFID networks need to provide value added services in order to give better visibility to inventory movement across supply chain or closed loop applications like Asset tracking or Work In Progress tracking. The RFID reader can be stationary or mobile. A mobile RFID reader affords more applications than the stationary one. Mobile RFID is a newly emerging technology which uses the mobile phone as an RFID reader with a wireless technology and provides new valuable services to the user by integrating RFID and ubiquitous sensor network infrastructure with mobile communication and wireless internet. The mobile RFID enables business to provide new services to mobile customers by securing services and transactions from the end-user to a company's existing e-commerce and IT systems. In this paper, I describe about the core components of mobile RFID, advantages and its applications in scenario of smart networks. Although there are several types of mobile RFID readers in the market, I focused on mobile RFID technology that has several positive features including security, network architecture, operation scenario, and code resolution mechanism. Keywords: EPC network, RFID, Mobile RFID, Smart RFID networ