A Model for Remote Access and Protection of Smartphones using Short Message Service

The smartphone usage among people is increasing rapidly. With the phenomenal growth of smartphone use, smartphone theft is also increasing. This paper proposes a model to secure smartphones from theft as well as provides options to access a smartphone through other smartphone or a normal mobile via Short Message Service. This model provides option to track and secure the mobile by locking it. It also provides facilities to receive the incoming call and sms information to the remotely connected device and enables the remote user to control the mobile through SMS. The proposed model is validated by the prototype implementation in Android platform. Various tests are conducted in the implementation and the results are discussed.Comment: 10 Pages, 11 Figure

Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

The New Grid

The New Grid seeks to provide mobile users with an additional method for off-grid communication, or communication without connection to Internet infrastructure. The motivation for this project was to find another alternative to Internet-dependent communication. Current Internet infrastructure is antiquated; it is expensive to maintain and expand, it has numerous vulnerabilities and high-impact points of failure, and can be rendered unusable for lengthy periods of time by natural disasters or other catastrophes. This current grid will eventually need to be replaced by a more modern, scalable, and adaptive infrastructure. The results of the projects research showed that implementing a library to allow for the creation of mobile peer-to-peer mesh networks could serve as a starting point for a transition from current Internet infrastructure to a more scalable, adaptive, and reliable Internet- independent network grid. Development of The New Grid largely followed the Rational Unified Process, in which the development process is split into four phases: requirements gathering, system design, implementation, and testing. Most of fall quarter was spent outlining functional requirements for the system, designing possible methods of implementation, and researching similar solutions that seek to transition mass mobile communication to a newer, more modern network grid. The New Grid differs from similar solutions because it has been implemented as a modular library. Current systems that allow for off-grid mobile connection exist as independent applications with a defined context and predetermined usability scope. We, the design team, found that implementing the system in the form of a modular library has multiple benefits. Primarily, this implementation would allow The New Grid to be deployed as widely as possible. Developers can both write applications around our library as well as include specific modules into existing applications without impacting other modules or introducing additional overhead into a system. Another benefit of deploying the system as a modular library is adaptability. The current, initial stable build of The New Grid uses Bluetooth Low Energy as its backbone for facilitating communication within large networks of mobile devices; however, this library could use any existing or future communication protocol to facilitate connection as long as a hook is written to allow The New Grid to interface with that protocol. Thus, The New Grid is not limited by which connection protocols currently exist, a property that other similar systems do not possess. The New Grid can be used in any application that requires connection between users. The most common applications would likely be messaging, file sharing, or social networking. While developers may find a variety of uses for The New Grid, its primary purpose is to facilitate reliable connection and secure data transfer in an environment with a large user base. Achieving this goal was proven feasible through research and testing the library with a small cluster of Android devices communicating solely with Bluetooth Low Energy. Expanding this group of a few phones to a larger mesh network of hundreds of devices was shown to be feasible through testing the librarys algorithms and protocols on a large network of virtual devices. As long as developers seek to create applications that allow users to communicate independent of Internet infrastructure, The New Grid will allow smartphone users to communicate off-grid and hopefully spur a switch from infrastructure-dependent mobile communication to user-centric, adaptive, and flexible connection

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

AndroShield:automated Android applications vulnerability detection, a hybrid static and dynamic analysis approach

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution

ONLINE MONITORING USING KISMET

Colleges and universities currently use online exams for student evaluation. Stu- dents can take assigned exams using their laptop computers and email their results to their instructor; this process makes testing more efficient and convenient for both students and faculty. However, taking exams while connected to the Internet opens many opportunities for plagiarism and cheating. In this project, we design, implement, and test a tool that instructors can use to monitor the online activity of students during an in-class online examination. This tool uses a wireless sniffer, Kismet, to capture and classify packets in real time. If a student attempts to access a site that is not allowed, the instructor is notified via an Android application or via Internet. Identifying a student who is cheating is challenging since many applications send packets without user intervention. We provide experimental results from realistic test environments to illustrate the success of our proposed approach