Identifying Cryptographic Functionality in Android Applications

Alexander Oprisnik; Daniel Hein; Peter Teufl

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Identifying Cryptographic Functionality in Android Applications

Topics: Applied Cryptography; Data Protection; Security and Privacy in Mobile Systems; Security Verification and Validation; Software Security

In Proceedings of the 11th International Conference on Security and Cryptography - Volume 0ICETE, 151-162, 2014 , Vienna, Austria

Authors: Alexander Oprisnik ; Daniel Hein and Peter Teufl

Affiliation: Graz University of Technology, Austria

Keyword(s): Mobile Application Security, Machine Learning, Detection of Cryptographic Code, Container Applications, Password Managers, Data Encryption on Mobile Devices, Semantic Pattern Transformation, Correct Deployment of Symmetric and Asymmetric Cryptography.

Related Ontology Subjects/Areas/Topics: Applied Cryptography ; Cryptographic Techniques and Key Management ; Data and Application Security and Privacy ; Data Engineering ; Data Protection ; Databases and Data Security ; Information and Systems Security ; Security and Privacy in Mobile Systems ; Security Verification and Validation ; Software Security

Abstract: Mobile devices in corporate IT infrastructures are frequently used to process security-critical data. Over the past few years powerful security features have been added to mobile platforms. However, for legal and organisational reasons it is difficult to pervasively enforce using these features in consumer applications or Bring-Your-Own-Device (BYOD) scenarios. Thus application developers need to integrate custom implementations of security features such as encryption in security-critical applications. Our manual analysis of container applications and password managers has shown that custom implementations of cryptographic functionality often suffer from critical mistakes. During manual analysis, finding the custom cryptographic code was especially time consuming. Therefore, we present the Semdroid framework for simplifying application analysis of Android applications. Here, we use Semdroid to apply machine-learning techniques for detecting non-standard symmetric and asymmetric crypt ography implementations. The identified code fragments can be used as starting points for subsequent manual analysis. Thus manual analysis time is greatly reduced. The capabilities of Semdroid have been evaluated on 98 password-safe applications downloaded from Google Play. Our evaluation shows the applicability of Semdroid and its potential to significantly improve future application analysis processes. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.226.82.81

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Oprisnik, A., Hein, D. and Teufl, P. (2014). Identifying Cryptographic Functionality in Android Applications. In Proceedings of the 11th International Conference on Security and Cryptography (ICETE 2014) - SECRYPT; ISBN 978-989-758-045-1; ISSN 2184-3236, SciTePress, pages 151-162. DOI: 10.5220/0005056301510162

@conference{secrypt14,
author={Alexander Oprisnik and Daniel Hein and Peter Teufl},
title={Identifying Cryptographic Functionality in Android Applications},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography (ICETE 2014) - SECRYPT},
year={2014},
pages={151-162},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005056301510162},
isbn={978-989-758-045-1},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 11th International Conference on Security and Cryptography (ICETE 2014) - SECRYPT
TI - Identifying Cryptographic Functionality in Android Applications
SN - 978-989-758-045-1
IS - 2184-3236
AU - Oprisnik, A.
AU - Hein, D.
AU - Teufl, P.
PY - 2014
SP - 151
EP - 162
DO - 10.5220/0005056301510162
PB - SciTePress