Publications
Detailed Information
Security Analysis of Secure Virtual Keyboards in Android Mobile Payment Apps : 안드로이드 금융앱 보안키패드 분석
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 전병곤 | - |
| dc.contributor.author | 최서윤 | - |
| dc.date.accessioned | 2019-03-13 | - |
| dc.date.available | 2019-03-13 | - |
| dc.date.issued | 2016-02 | - |
| dc.identifier.other | 000000133866 | - |
| dc.identifier.uri | https://hdl.handle.net/10371/122665 | - |
| dc.description | 학위논문 (석사)-- 서울대학교 대학원 : 컴퓨터공학부, 2016. 2. 전병곤. | - |
| dc.description.abstract | Mobile payment applications typically employ extra security measures due to the sensitivity of information that they handle. This paper investigates the security of secure virtual keyboards which are frequently used in South Korea. Unlike numerous studies on Android apps in the past, analyzing payment apps is particularly challenging as they use obfuscation. To overcome these difficulties, we extend TaintDroid to leverage the user interfaces that keyboards use to interact with others. With the tool, we examine how securely these apps handle encrypted user input through secure virtual keyboards. We find that although these apps encrypt user data through a third-party secure virtual keyboard library to protect against memory dumping attack, all the target apps decrypt all the sensitive information using the decryption APIs of secure virtual keyboard libraries, increasing a vulnerability time window. We conclude the paper with a discussion of possible countermeasures. | - |
| dc.description.tableofcontents | Chapter 1 Introduction 7
1.1 Motivation 8 1.2 Approach 8 1.3 Contribution 9 1.4 Outline of the paper 9 Chapter 2 Background 10 2.1 Android Mobile Payment Apps 10 2.2 Security Threats in Payment Apps 11 2.3 Security Virtual Keyboards 11 Chapter 3 Methods 13 3.1 App Selection 13 3.2 Analysis Methodology 13 3.3 Analysis Targets 16 Chapter 4 App Analysis 18 Chapter 5 Discussion 24 Chapter 6 Related Work 26 Chapter 7 Conclusion 29 Bibliography 30 Abstract (Korean) 33 | - |
| dc.format | application/pdf | - |
| dc.format.extent | 1708065 bytes | - |
| dc.format.medium | application/pdf | - |
| dc.language.iso | en | - |
| dc.publisher | 서울대학교 대학원 | - |
| dc.subject | Security Virtual Keyboard | - |
| dc.subject | Encryption | - |
| dc.subject | Input Taint Tracking | - |
| dc.subject | Reverse Engineering | - |
| dc.subject.ddc | 621 | - |
| dc.title | Security Analysis of Secure Virtual Keyboards in Android Mobile Payment Apps | - |
| dc.title.alternative | 안드로이드 금융앱 보안키패드 분석 | - |
| dc.type | Thesis | - |
| dc.description.degree | Master | - |
| dc.citation.pages | 33 | - |
| dc.contributor.affiliation | 공과대학 컴퓨터공학부 | - |
| dc.date.awarded | 2016-02 | - |
- Appears in Collections:
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.