Efficient protection of android applications through user authentication using Peripheral Devices

Jinseong Kim, Im Y. Jung

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme-User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications' execution significantly.We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.

Original languageEnglish
Article number1290
JournalSustainability (Switzerland)
Volume10
Issue number4
DOIs
StatePublished - 22 Apr 2018

Keywords

  • Android protection
  • Android security
  • Android vulnerability
  • Same Identifier Attack
  • User Authentication using Peripheral Devices

Fingerprint

Dive into the research topics of 'Efficient protection of android applications through user authentication using Peripheral Devices'. Together they form a unique fingerprint.

Cite this