Publications
Detailed Information
Security Analysis of Secure Virtual Keyboards in Android Mobile Payment Apps : 안드로이드 금융앱 보안키패드 분석
Cited 0 time in
Web of Science
Cited 0 time in Scopus
- Authors
- Advisor
- 전병곤
- Major
- 공과대학 컴퓨터공학부
- Issue Date
- 2016-02
- Publisher
- 서울대학교 대학원
- Description
- 학위논문 (석사)-- 서울대학교 대학원 : 컴퓨터공학부, 2016. 2. 전병곤.
- Abstract
- Mobile payment applications typically employ extra security measures due to the sensitivity of information that they handle. This paper investigates the security of secure virtual keyboards which are frequently used in South Korea. Unlike numerous studies on Android apps in the past, analyzing payment apps is particularly challenging as they use obfuscation. To overcome these difficulties, we extend TaintDroid to leverage the user interfaces that keyboards use to interact with others. With the tool, we examine how securely these apps handle encrypted user input through secure virtual keyboards. We find that although these apps encrypt user data through a third-party secure virtual keyboard library to protect against memory dumping attack, all the target apps decrypt all the sensitive information using the decryption APIs of secure virtual keyboard libraries, increasing a vulnerability time window. We conclude the paper with a discussion of possible countermeasures.
- Language
- English
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.