Browse

Security Analysis of Secure Virtual Keyboards in Android Mobile Payment Apps
안드로이드 금융앱 보안키패드 분석

Cited 0 time in Web of Science Cited 0 time in Scopus
Authors
최서윤
Advisor
전병곤
Major
공과대학 컴퓨터공학부
Issue Date
2016-02
Publisher
서울대학교 대학원
Keywords
Security Virtual KeyboardEncryptionInput Taint TrackingReverse Engineering
Description
학위논문 (석사)-- 서울대학교 대학원 : 컴퓨터공학부, 2016. 2. 전병곤.
Abstract
Mobile payment applications typically employ extra security measures due to the sensitivity of information that they handle. This paper investigates the security of secure virtual keyboards which are frequently used in South Korea. Unlike numerous studies on Android apps in the past, analyzing payment apps is particularly challenging as they use obfuscation. To overcome these difficulties, we extend TaintDroid to leverage the user interfaces that keyboards use to interact with others. With the tool, we examine how securely these apps handle encrypted user input through secure virtual keyboards. We find that although these apps encrypt user data through a third-party secure virtual keyboard library to protect against memory dumping attack, all the target apps decrypt all the sensitive information using the decryption APIs of secure virtual keyboard libraries, increasing a vulnerability time window. We conclude the paper with a discussion of possible countermeasures.
Language
English
URI
http://hdl.handle.net/10371/122665
Files in This Item:
Appears in Collections:
College of Engineering/Engineering Practice School (공과대학/대학원)Dept. of Computer Science and Engineering (컴퓨터공학부)Theses (Master's Degree_컴퓨터공학부)
  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse