- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Analysis of data-at-rest security In smartphones
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Analysis of data-at-rest security In smartphones Muslukhov, Ildar
Abstract
With almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these devices prone to theft and loss. In this work we aim to broaden our understanding of how smartphone users and application developers protect sensitive data on smartphones. To understand how well users are protecting their data in smartphones, we conducted several studies. The results revealed that 50% of the subjects locked their smartphone with an unlocking secret and 95% of them chose unlocking secrets that could be guessed within minutes. To understand how well application developers protect sensitive data in smartphones, we analyzed 132K Android applications. We focused on identifying misuse of cryptography in applications and libraries. The study results revealed that developers often misuse cryptographic API. In fact, 9 out of 10 Android applications contained code that used a symmetric cipher with a static encryption key. Further, source attribution revealed that libraries are the main consumer of cryptography and the major contributor of misuse cases. Finally, an in-depth analysis of the top libraries highlighted the need for improvement in the way we define and detect misuse of cryptography. Based on these results we designed and evaluated a system for encryption keys management that uses wearable devices as an additional source of entropy. Evaluation results showed that the proposal introduces insignificant overhead in power consumption and latency.
Item Metadata
Title |
Analysis of data-at-rest security In smartphones
|
Creator | |
Publisher |
University of British Columbia
|
Date Issued |
2018
|
Description |
With almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these devices prone to theft and loss. In this work we aim to broaden our understanding of how smartphone users and application developers protect sensitive data on smartphones.
To understand how well users are protecting their data in smartphones, we conducted
several studies. The results revealed that 50% of the subjects locked their
smartphone with an unlocking secret and 95% of them chose unlocking secrets
that could be guessed within minutes.
To understand how well application developers protect sensitive data in smartphones,
we analyzed 132K Android applications. We focused on identifying misuse
of cryptography in applications and libraries. The study results revealed that
developers often misuse cryptographic API. In fact, 9 out of 10 Android applications
contained code that used a symmetric cipher with a static encryption key.
Further, source attribution revealed that libraries are the main consumer of cryptography
and the major contributor of misuse cases. Finally, an in-depth analysis
of the top libraries highlighted the need for improvement in the way we define and
detect misuse of cryptography.
Based on these results we designed and evaluated a system for encryption
keys management that uses wearable devices as an additional source of entropy.
Evaluation results showed that the proposal introduces insignificant overhead in
power consumption and latency.
|
Genre | |
Type | |
Language |
eng
|
Date Available |
2018-08-20
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
DOI |
10.14288/1.0371128
|
URI | |
Degree | |
Program | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2018-09
|
Campus | |
Scholarly Level |
Graduate
|
Rights URI | |
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International