Smartphone Security

This research project focuses on more or less neglected topics of cyber security (IT security) concerning smartphones, tablet-PCs and BYOD (bring your own device).

The availability of smartphones and tablet-PCs is rising steadily (with more than 3.3 billion devices predicted for 2016), bringing new challenges for the field of cyber security. A detailed analysis of current R&D projects and available achievements shows a lack of focus on certain important security problems. Additionally, many concepts were taken over from desktop PCs to mobile devices regardless of the distinctive features of the latter. This research project focuses on more or less neglected topics of cyber security concerning smartphones, tablet-PCs and BYOD (bring your own device).

An aim of this project is to develop new biometric methods of user authentication via a continuous verification of user specific dynamic behavior patterns, e.g. the user’s movement patterns while manipulating the mobile device. Those movement patterns include typical user movements like device handling, walking motion and gestures like “wiping” and “zooming”. As a further result, a biometry-based data authentication (which is a current security problem of telebanking/ netbanking) should be made possible, improving e.g. the security of the well-known mTAN approach through a biometric component. Another aim of the project is to enhance data security, especially for data stored externally.

Such services are often offered in an online/ cloud context and are very important for mobile devices whose storage space is mostly limited. Additionally, the synchronization of user data via several devices by the cloud services has its drawbacks concerning security. Current solutions require the user to warrant their provider control over the data, an often unacceptable situation. In this project, a new cryptography-based system will be developed that allows the user to preserve control of their data according to their requirements and that is easy to implement and to operate in mobile devices.

Acknowledging the increasing problem of malware (malicious software) in mobile devices, especially BYOD (increase in 2012 of more than 4,000% for android OS), and being aware that classical virus scanners will become rather inefficient in the future, this project focuses on optimized and specific detection in this environment based on behavior. The behavior detection should be built on the results of the KIRAS project MalwareDef, has to be specifically suited for the hardware requirements of smartphones and especially has to detect threats typical for BYOD. MalwareDef was based on the idea of formulating formal typical actions of malware on a conceptional level in order to detect malware dynamically. As the use of the technique of sandboxing is increasing in mobile devices, behavior based approaches are especially applicable to them. This allows controlling the behavior during runtime.

A method variant with hardware support will be investigated for all the project aims mentioned above. In order to achieve this, integrated high security hardware (SIM card and/ or TPM chip/ NFC secure element of the mobile device) will be added to the experimental set-up via supplemental software. The project results will be released in form of scientific publications, algorithms, methods and proof-of-concept implementations for the required function and efficiency tests.

Publications

Temper, M., & Tjoa, S. (2016). The Applicability of Fuzzy Rough Classifier for Continuous Person Authentication. the 2016 International Conference on Software Security and Assurance (ICSSA). https://doi.org/10/gh3747
Kaiser, M. (2015, November 4). BioMe - Kontinuierliche Authentifizierung am Smartphone. Young Researchers Day, St. Pölten, Austria.
Ouedraogo, M., Kuo, C.-T., Tjoa, S., Preston, D., Dubois, E., Simoes, P., & Tiago, C. (2014). Keeping an Eye on Your Security Through Assurance Indicators. 12th International Conference on Security and Cryptography (SECRYPT). https://doi.org/10/gh375c
Rybnicek, M., Lang-Muhr, C., & Haslinger, D. (2014). A Roadmap to Continuous Biometric Authentication on Mobile Devices. 10th International Wireless Communications and Mobile Computing Conference (IWCMC), Nikosia, Zypern. https://doi.org/10/gh375b
Fischer, M., Rybnicek, M., & Tjoa, S. (2012). A Novel Palm Vein Recognition Approach Based on Enhanced Local Gabor Binary Patterns Histogram Sequence. 19th International Conference on Systems, Signals and Image Processing (IWSSIP"12), 429–432. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6208168
Rybnicek, M., Fischer, C., & Kaufmann, J. (2011). Evaluierung von Lebenderkennungsverfahren. D-A-CH Security, 435–444.
External Staff
FH-Prof. Dipl.-Ing. Dr. Paul Tavolato
Prof. Andreas Westfeld, Hochschule Dresden
Jürgen Wurzer
Partners
  • A1 Telekom Austria AG
  • Austria Card Plastikkarten und Ausweissysteme GmbH
  • BeeOne GmbH (Tochterunternehmen der ERSTE Group)
  • Bundesministerium für Inneres (BM.I)
  • Bundesministerium für Landesverteidigung und Sport (BMLVS)
  • Cryptas IT-Security GmbH
Funding
FFG programme KIRAS (security research), funded by BMVIT
Runtime
09/30/2013 – 06/29/2015
Status
finished
Involved Institutes, Groups and Centers
Forschungsgruppe Secure Societies
Institute for Innovation Systems
Institute of IT Security Research