TY - JOUR
T1 - Efficient protection of android applications through user authentication using Peripheral Devices
AU - Kim, Jinseong
AU - Jung, Im Y.
N1 - Publisher Copyright:
© 2018 by the authors.
PY - 2018/4/22
Y1 - 2018/4/22
N2 - Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme-User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications' execution significantly.We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.
AB - Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme-User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications' execution significantly.We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.
KW - Android protection
KW - Android security
KW - Android vulnerability
KW - Same Identifier Attack
KW - User Authentication using Peripheral Devices
UR - http://www.scopus.com/inward/record.url?scp=85045733605&partnerID=8YFLogxK
U2 - 10.3390/su10041290
DO - 10.3390/su10041290
M3 - Article
AN - SCOPUS:85045733605
SN - 2071-1050
VL - 10
JO - Sustainability (Switzerland)
JF - Sustainability (Switzerland)
IS - 4
M1 - 1290
ER -