Visible to the public International Conferences: WiSec 2015, New York

SoS Newsletter- Advanced Book Block


SoS Logo

International Conferences:

Security & Privacy in Wireless and Mobile Networks

2015, New York

The 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec ’15 ) was held June 22–26, 2015 in New York. The focus of the conference was on the security and privacy aspects of wireless communications, mobile networks, mobile software platforms, and mobile or wireless applications, including both theoretical and systems contributions. The articles cited here cover privacy, resilience, and metrics.  

Pieter Robyns, Peter Quax, Wim Lamotte; “Injection Attacks on 802.11n MAC Frame Aggregation,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 13. doi:10.1145/2766498.2766513
Abstract: The ability to inject packets into a network is known to be an important tool for attackers: it allows them to exploit or probe for potential vulnerabilities residing on the connected hosts. In this paper, we present a novel practical methodology for injecting arbitrary frames into wireless networks, by using the Packet-In-Packet (PIP) technique to exploit the frame aggregation mechanism introduced in the 802.11n standard. We show how an attacker can apply this methodology over a WAN -- without physical proximity to the wireless network and without requiring a wireless interface card. The practical feasibility of our injection method is then demonstrated through a number of proof-of-concept attacks. More specifically, in these proof-of-concepts we illustrate how a host scan can be performed on the network, and how beacon frames can be injected from a remote location. We then both analytically and experimentally estimate the success rate of these attacks in a realistic test setup. Finally, we present several defensive measures that network administrators can put in place in order to prevent exploitation of our frame injection methodology.
Keywords: frame aggregation, injection attack, wireless security (ID#: 15-6872)


Lucky Onwuzurike, Emiliano De Cristofaro; “Danger Is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 15. doi:10.1145/2766498.2766522
Abstract: This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim’s device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.
Keywords: Android security, information leakage, privacy (ID#: 15-6873)


Denzil Ferreira, Vassilis Kostakos, Alastair R. Beresford, Janne Lindqvist, Anind K. Dey; “Securacy: An Empirical Investigation of Android Applications’ Network Usage, Privacy And Security,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 11. doi:10.1145/2766498.2766506
Abstract: Smartphone users do not fully know what their apps do. For example, an applications’ network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users’ privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications’ communications behavior globally, indicating that the majority of apps currently use insecure network connections.
Keywords: applications, context, experience sampling, network, privacy (ID#: 15-6874)


Karim Emara, Wolfgang Woerndl, Johann Schlichter; “CAPS: Context-Aware Privacy Scheme for VANET Safety Applications,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 21. doi:10.1145/2766498.2766500
Abstract: Preserving location privacy in vehicular ad hoc networks (VANET) is an important requirement for public acceptance of this emerging technology. Many privacy schemes concern changing pseudonyms periodically to avoid linking messages. However, the spatiotemporal information contained in beacons makes vehicles traceable and the driver’s privacy breached. Therefore, the pseudonym change should be performed in a mix-context to discontinue the spatial and temporal correlation of subsequent beacons. Such mix-context is commonly accomplished by using a silence period or in predetermined locations (e.g., mix-zone). In this paper, we propose a location privacy scheme that lets vehicles decide when to change its pseudonym and enter a silence period and when to exit from it adaptively based on its context. In this scheme, a vehicle monitors the surrounding vehicles and enters silence when it finds one or more neighbors silent. It resumes beaconing with a new pseudonym when its actual state is likely to be mixed with the state of a silent neighbor. We evaluate this scheme against a global multi-target tracking adversary using simulated and realistic vehicle traces and compare it with the random silent period scheme. Furthermore, we evaluate the quality of service of a forward collision warning safety application to ensure its applicability in safety applications. We measure the quality of service by estimating the probability of correctly identifying the fundamental factors of that application using Monte Carlo analysis.
Keywords: context-aware privacy, forward collision warning, location privacy, random silent period, safety application
(ID#: 15-6875)


Célestin Matte, Jagdish Prasad Achara, Mathieu Cunche; “Device-to-Identity Linking Attack Using Targeted Wi-Fi Geolocation Spoofing,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 20. doi:10.1145/2766498.2766521
Abstract: Today, almost all mobile devices come equipped with Wi-Fi technology. Therefore, it is essential to thoroughly study the privacy risks associated with this technology. Recent works have shown that some Personally Identifiable Information (PII) can be obtained from the radio signals emitted by Wi-Fi equipped devices. However, most of the times, the identity of the subject of those pieces of information remains unknown and the Wi-Fi MAC address of the device is the only available identifier. In this paper, we show that it is possible for an attacker to get the identity of the subject.  The attack presented in this paper leverages the geolocation information published on some geotagged services, such as Twitter, and exploits the fact that geolocation information obtained through Wi-Fi-based Positioning System (WPS) can be easily manipulated. We show that geolocation manipulation can be targeted to a single device, and in most cases, it is not necessary to jam real Wi-Fi access points (APs) to mount a successful attack on WPS.
Keywords: 802.11, geolocation, privacy (ID#: 15-6876)


Xin Chen, Sencun Zhu; “DroidJust: Automated Functionality-Aware Privacy Leakage Analysis for Android Applications,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article
No. 5. doi:10.1145/2766498.2766507
Abstract: Android applications (apps for short) can send out users’ sensitive information against users’ intention. Based on the stats from Genome and Mobile-Sandboxing, 55.8% and 59.7% Android malware families feature privacy leakage. Prior approaches to detecting privacy leakage on smartphones primarily focused on the discovery of sensitive information flows. However, Android apps also send out users’ sensitive information for legitimate functions. Due to the fuzzy nature of the privacy leakage detection problem, we formulate it as a justification problem, which aims to justify if a sensitive information transmission in an app serves any purpose, either for intended functions of the app itself or for other related functions. This formulation makes the problem more distinct and objective, and therefore more feasible to solve than before. We propose DroidJust, an automated approach to justifying an app’s sensitive information transmission by bridging the gap between the sensitive information transmission and application functions. We also implement a prototype of DroidJust and evaluate it with over 6000 Google Play apps and over 300 known malware collected from VirusTotal. Our experiments show that our tool can effectively and efficiently analyze Android apps w.r.t their sensitive information flows and functionalities, and can greatly assist in detecting privacy leakage.
Keywords: Android security, privacy leakage detection, static taint analysis (ID#: 15-6877)


Elena Pagnin, Anjia Yang, Gerhard Hancke, Aikaterini Mitrokotsa; “HB+DB, Mitigating Man-in-the-Middle Attacks Against HB+ with Distance Bounding,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 3.  doi:10.1145/2766498.2766516
Abstract: Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The HB+ protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency identification (RFID) tags. However, it has been shown that the HB+ protocol as well as many of its variants are vulnerable to a simple man-in-the-middle attack. We demonstrate that this attack could be mitigated using physical layer measures from distance-bounding and simple modifications to devices’ radio receivers. Our hybrid solution (HB+DB) is shown to provide both effective distance-bounding using a lightweight HB+-based response function, and resistance against the man-in-the-middle attack to HB+. We provide experimental evaluation of our results as well as a brief discussion on practical requirements for secure implementation.
Keywords: HB-protocol, HB+, distance bounding, physical layer security  (ID#: 15-6878)


Marcin Nagy, Thanh Bui, Emiliano De Cristofaro, N. Asokan, Jörg Ott, Ahmad-Reza Sadeghi; “How Far Removed Are You?: Scalable Privacy-Preserving Estimation of Social Path Length With Social Pal,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 18. doi:10.1145/2766498.2766501
Abstract: Social relationships are a natural basis on which humans make trust decisions. Online Social Networks (OSNs) are increasingly often used to let users base trust decisions on the existence and the strength of social relationships. While most OSNs allow users to discover the length of the social path to other users, they do so in a centralized way, thus requiring them to rely on the service provider and reveal their interest in each other.  This paper presents Social PaL, a system supporting the privacy-preserving discovery of arbitrary-length social paths between any two social network users. We overcome the bootstrapping problem encountered in all related prior work, demonstrating that Social PaL allows its users to find all paths of length two and to discover a significant fraction of longer paths, even when only a small fraction of OSN users is in the Social PaL system — e.g., discovering 70% of all paths with only 40% of the users. We implement Social PaL using a scalable server-side architecture and a modular Android client library, allowing developers to seamlessly integrate it into their apps.
Keywords: mobile social networks, privacy, proximity (ID#: 15-6879)


Meiko Jensen; “Applying the Protection Goals for Privacy Engineering to Mobile Devices,” in WiSec ’15 Proceedings
of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks
, June 2015, Article No. 26. doi:10.1145/2766498.2774986
Abstract: In this paper, we propose to use a set of common core principles (the protection goals for privacy engineering) for measuring and comparing privacy features of mobile device systems. When utilized as a baseline for mobile phone software development, these protection goals can help with acting in legal compliance independent from the exact juridical location of the user.
Keywords: (not provided) (ID#: 15-6880)


Guqian Dai, Jigang Ge, Minghang Cai, Daoqian Xu, Wenjia Li; “SVM-Based Malware Detection for Android Applications,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 33. doi:10.1145/2766498.2774991
Abstract: In this paper, we study a SVM-based malware detection scheme for Android application, which integrates both risky permission combinations and vulnerable API calls and use them as features in the SVM algorithm. Preliminary experiments have validated the proposed malware detection scheme.
Keywords: Android, TF-IDF, malware, support vector machine (SVM) (ID#: 15-6881)


Xingmin Cui, Jingxuan Wang, Lucas C. K. Hui, Zhongwei Xie, Tian Zeng, S. M. Yiu; “WeChecker: Efficient and Precise Detection of Privilege Escalation Vulnerabilities in Android Apps,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 25. doi:10.1145/2766498.2766509
Abstract: Due to the rapid increase of Android apps and their wide usage to handle personal data, a precise and large-scaling checker is in need to validate the apps’ permission flow before they are listed on the market. Several tools have been proposed to detect sensitive data leaks in Android apps. But these tools are not applicable to large-scale analysis since they fail to deal with the arbitrary execution orders of different event handlers smartly. Event handlers are invoked by the framework based on the system state, therefore we cannot pre-determine their order of execution. Besides, since all exported components can be invoked by an external app, the execution orders of these components are also arbitrary. A naive way to simulate these two types of arbitrary execution orders yields a permutation of all event handlers in an app. The time complexity is O(n!) where n is the number of event handlers in an app. This leads to a high analysis overhead when n is big. To give an illustration, CHEX [10] found 50.73 entry points of 44 unique class types in an app on average. In this paper we propose an improved static taint analysis to deal with the challenge brought by the arbitrary execution orders without sacrificing the high precision. Our analysis does not need to make permutations and achieves a polynomial time complexity. We also propose to unify the array and map access with object reference by propagating access paths to reduce the number of false positives due to field-insensitivity and over approximation of array access and map access.  We implement a tool, WeChecker, to detect privilege escalation vulnerabilities in Android apps. WeChecker achieves 96% precision and 96% recall in the state-of-the-art test suite DriodBench (for compairson, the precision and recall of FlowDroid  are 86% and 93%, respectively). The evaluation of WeChecker on real apps shows that it is efficient (average analysis time of each app: 29.985s) and fits for large-scale checking.
Keywords: Android, control flow, data flow checking, privilege escalation attack, taint analysis (ID#: 15-6882)


Daniel T. Wagner, Daniel R. Thomas, Alastair R. Beresford, Andrew Rice; “Device Analyzer: A Privacy-Aware Platform to Support Research on the Android Ecosystem,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 34. doi:10.1145/2766498.2774992
Abstract: Device Analyzer is an Android app available from the Google Play store. It is designed to collect a large range of data from the handset and, with agreement from our contributors, share it with researchers around the world. Researchers can access the data collected, and can also use the platform to support their own user studies. In this paper we provide an overview of the privacy-enhancing techniques used in Device Analzyer, including transparency, consent, purpose, access, withdrawal, and accountability. We also demonstrate the utility of our platform by assessing the security of the Android ecosystem to privilege escalation attacks and determine that 88% of Android devices are, on average, vulnerable to one or more of these type of attacks.
Keywords: (not provided) (ID#: 15-6883)


Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang; “Harvesting Developer Credentials in Android Apps,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 23. 
Abstract: Developers often integrate third-party services into their apps. To access a service, an app must authenticate itself to the service with a credential. However, credentials in apps are often not properly or adequately protected, and might be easily extracted by attackers. A leaked credential could pose serious privacy and security threats to both the app developer and app users.  In this paper, we propose CredMiner to systematically study the prevalence of unsafe developer credential uses in Android apps. CredMiner can programmatically identify and recover (obfuscated) developer credentials unsafely embedded in Android apps. Specifically, it leverages data flow analysis to identify the raw form of the embedded credential, and selectively executes the part of the program that builds the credential to recover it. We applied CredMiner to 36,561 apps collected from various Android markets to study the use of free email services and Amazon AWS. There were 237 and 196 apps that used these two services, respectively. CredMiner discovered that 51.5% (121/237) and 67.3% (132/196) of them were vulnerable. In total, CredMiner recovered 302 unique email login credentials and 58 unique Amazon AWS credentials, and verified that 252 and 28 of these credentials were still valid at the time of the experiments, respectively.
Keywords: Amazon AWS, CredMiner, information flow, static analysis (ID#: 15-6884)


Sadegh Farhang, Yezekael Hayel, Quanyan Zhu; “Physical Layer Location Privacy Issue in Wireless Small Cell Networks,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 32. doi:10.1145/2766498.2774990
Abstract: High data rates are essential for next-generation wireless networks to support a growing number of computing devices and networking services. Small cell base station (SCBS) (e.g., picocells, microcells, femtocells) technology is a cost-effective solution to address this issue. However, one challenging issue with the increasingly dense network is the need for a distributed and scalable access point association protocol. In addition, the reduced cell size makes it easy for an adversary to map out the geographical locations of the mobile users, and hence breaching their location privacy. To address these issues, we establish a game-theoretic framework to develop a privacy-preserving stable matching algorithm that captures the large scale and heterogeneity nature of 5G networks. We show that without the privacy-preserving mechanism, an attacker can infer the location of the users by observing wireless connections and the knowledge of physical-layer system parameters. The protocol presented in this work provides a decentralized differentially private association algorithm which guarantees privacy to a large number of users in the network. We evaluate our algorithm using case studies, and demonstrate the tradeoff between privacy and system-wide performance for different privacy requirements and a varying number of mobile users in the network. Our simulation results corroborate the result that the total number of mobile users should be lower than the overall network capacity to achieve desirable levels of privacy and QoS.
Keywords: (not provided) (ID#: 15-6885)


Dan Ping, Xin Sun, Bing Mao; “TextLogger: Inferring Longer Inputs on Touch Screen Using Motion Sensors,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 24. doi:10.1145/2766498.2766511
Abstract: Today’s smartphones are equipped with precise motion sensors like accelerometer and gyroscope, which can measure tiny motion and rotation of devices. While they make mobile applications more functional, they also bring risks of leaking users’ privacy. Researchers have found that tap locations on screen can be roughly inferred from motion data of the device. They mostly utilized this side-channel for inferring short input like PIN numbers and passwords, with repeated attempts to boost accuracy. In this work, we study further for longer input inference, such as chat record and e-mail content, anything a user ever typed on a soft keyboard. Since people increasingly rely on smartphones for daily activities, their inputs directly or indirectly expose privacy about them. Thus, it is a serious threat if their input text is leaked. To make our attack practical, we utilize the shared memory side-channel for detecting window events and tap events of a soft keyboard. The up or down state of the keyboard helps triggering our Trojan service for collecting accelerometer and gyroscope data. Machine learning algorithms are used to roughly predict the input text from the raw data and language models are used to further correct the wrong predictions. We performed experiments on two real-life scenarios, which were writing emails and posting Twitter messages, both through mobile clients. Based on the experiments, we show the feasibility of inferring long user inputs to readable sentences from motion sensor data. By applying text mining technology on the inferred text, more sensitive information about the device owners can be exposed.
Keywords: edit distance model, keystroke inference using motion sensors, language model, machine learning, shared memory side-channel, side-channel attacks, smartphone security (ID#: 15-6886)


Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng; “CICC: A Fine-Grained, Semantic-Aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers,” in WiSec ’15 Proceedings
of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks
, June 2015, Article No. 6. doi:10.1145/2766498.2766518
Abstract: Android’s permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption.
Keywords: Android, call-chain, permission leaks, permission manager (ID#: 15-6887)


David Förster, Frank Kargl, Hans Löhr; “A Framework for Evaluating Pseudonym Strategies in Vehicular Ad-Hoc Networks,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 19. doi:10.1145/2766498.2766520
Abstract: The standard approach to privacy-friendly authentication in vehicular ad-hoc networks is the use of pseudonym certificates. The level of location privacy users can enjoy under the threat of an attacker depends on the attacker’s coverage and strategy as well as on the users’ strategy for changing their pseudonym certificates.  With this paper, we propose a generic framework for evaluation and comparison of different pseudonym change strategies with respect to the privacy level they provide under the threat of a realistic, local, passive attacker. To illustrate the applicability of this framework, we propose a new tracking strategy that achieves unprecedented success in vehicle tracking and thus lowers the achievable location privacy significantly. We use this attacker as a means to evaluate different pseudonym change strategies and highlight the need for more research in this direction.
Keywords: location privacy, pseudonym systems, vehicular ad-hoc networks (ID#: 15-6888)


Daniel Steinmetzer, Matthias Schulz, Matthias Hollick; “Lockpicking Physical Layer Key Exchange: Weak Adversary Models Invite the Thief,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 1. doi:10.1145/2766498.2766514
Abstract: Physical layer security schemes for wireless communications are currently crossing the chasm from theory to practice. They promise information-theoretical security, for instance by guaranteeing the confidentiality of wireless transmissions. Examples include schemes utilizing artificial interference—that is ‘jamming for good’—to enable secure physical layer key exchange or other security mechanisms. However, only little attention has been payed to adjusting the employed adversary models during this transition from theory to practice. Typical assumptions give the adversary antenna configurations and transceiver capabilities similar to all other nodes: single antenna eavesdroppers are the norm. We argue that these assumptions are perilous and ‘invite the thief’. In this work, we evaluate the security of a representative practical physical layer security scheme, which employs artificial interference to secure physical layer key exchange. Departing from the standard single-antenna eavesdropper, we utilize a more realistic multi-antenna eavesdropper and propose a novel approach that detects artificial interferences. This facilitates a practical attack, effectively ‘lockpicking’ the key exchange by exploiting the diversity of the jammed signals. Using simulation and real-world software-defined radio (SDR) experimentation, we quantify the impact of increasingly strong adversaries. We show that our approach reduces the secrecy capacity of the scheme by up to 97% compared to single-antenna eavesdroppers. Our results demonstrate the risk unrealistic adversary models pose in current practical physical layer security schemes.
Keywords: OFDM, SDR, WARP, artificial interference, friendly jamming, key exchange, physical layer security (ID#: 15-6889)


Max Maass, Uwe Müller, Tom Schons, Daniel Wegemer, Matthias Schulz; “NFCGate: An NFC Relay Application for Android,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 27. doi:10.1145/2766498.2774984
Abstract: Near Field Communication (NFC) is a technology widely used for security-critical applications like access control or payment systems. Many of these systems rely on the security assumption that the card has to be in close proximity to communicate with the reader. We developed NFCGate, an Android application capable of relaying NFC communication between card and reader using two rooted but otherwise unmodified Android phones. This enables us to increase the distance between card and reader, eavesdrop on, and even modify the exchanged data. The application should work for any system built on top of ISO 14443-3 that is not hardened against relay attacks, and was successfully tested with a popular contactless card payment system and an electronic passport document.
Keywords: Android, near field communication, relay attack (ID#: 15-6890)


Roberto Gallo, Patricia Hongo, Ricardo Dahab, Luiz C. Navarro, Henrique Kawakami, Kaio Galvão, Glauber Junqueira, Luander Ribeiro; “Security and System Architecture: Comparison of Android Customizations,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 12. doi:10.1145/2766498.2766519
Abstract: Smartphone manufacturers frequently customize Android distributions so as to create competitive advantages by adding, removing and modifying packages and configurations. In this paper we show that such modifications have deep architectural implications for security. We analysed five different distributions: Google Nexus 4, Google Nexus 5, Sony Z1, Samsung Galaxy S4 and Samsung Galaxy S5, all running OS versions 4.4.X (except for Samsung S4 running version 4.3). Our conclusions indicate that serious security issues such as expanded attack surface and poorer permission control grow sharply with the level of customization.
Keywords: Android customizations, permissions, security architecture (ID#: 15-6891)


Wanqing You, Kai Qian, Minzhe Guo, Prabir Bhattacharya, Ying Qian, Lixin Tao,”A Hybrid Approach for Mobile Security Threat Analysis,” in WiSec ’15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 2015, Article No. 28 doi:10.1145/2766498.2774987
Abstract: Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation; nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on Android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.
Keywords: Android application analysis, data path tracing, dynamic analysis, static analysis, symbolic execution (ID#: 15-6892)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.