• Title/Summary/Keyword: App Security Verification

Search Result 9, Processing Time 0.027 seconds

Security Verification Framework for e-GOV Mobile App (전자정부 모바일 앱 보안성 검증체계)

  • Bang, Ji-Ho;Ha, Rhan;Kang, Pil-Yong;Kim, Hong-Geun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.2C
    • /
    • pp.119-131
    • /
    • 2012
  • Recently smart phones have been proliferating widely and quickly. Since the number of mobile apps that are being developed and deployed to domestic/international app stores is rising, more apps are being installed and deleted by users without any difficulty. The deployed apps are each attested through distinct verification framework of specific app stores. However, such verification frameworks are insufficient in checking security concerns. Unfortunately, the security verification framework is necessary since the incidents of leaking privacy and confidential information are being increased in lately. The aim of this paper is to provide the security verification framework that assures security and reliability of the e-government mobile apps. In order to verify proposed verification framework, a few apps were selected and inspected through proposed framework and these inspection results are included in this paper.

A Proposal for "Security Verification Method for Implementation of Secure Android Mobile Application" (안전한 안드로이드 어플리케이션 개발을 위한 구현 단계별 보안성 검증 방안 제시)

  • Hur, Hwan Seok;Kang, Sung Hoon;Kim, Seung Joo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.10
    • /
    • pp.445-460
    • /
    • 2013
  • Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

A Guidelines for Establishing Mobile App Management System in Military Environment - focus on military App store and verification system - (국방환경에서 모바일 앱 관리체계 구축방안 제시 - 국방 앱스토어 및 검증시스템 중심으로 -)

  • Lee, Gab-Jin;Goh, Sung-Cheol
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.3
    • /
    • pp.525-532
    • /
    • 2013
  • Recently. smartphones have been popularized rapidly and now located deep in our daily life, providing a variety of services from banking, SNS (Social Network Service), and entertainment to smart-work mobile office through apps. Such smartphone apps can be easily downloaded from what is known as app store which, however, bears many security issues as software developers can just as easily upload to it. Military apps will be exposed to a myriad of security threats if distributed through internet-basis commercial app store. In order to mitigate such security concerns, this paper suggests a security guidelines for establishing a military-excusive app store and security verification system which prevent the security hazards that can occur during the process of development and distribution of military-use mobile apps.

Enhancing the Cybersecurity Checklist for Mobile Applications in DTx based on MITRE ATT&CK for Ensuring Privacy

  • Gee-hee Yun;Kyoung-jin Kim
    • Journal of Internet Computing and Services
    • /
    • v.24 no.4
    • /
    • pp.15-24
    • /
    • 2023
  • Digital therapeutics (DTx) are utilized to replace or supplement drug therapy to treat patients. DTx are developed as a mobile application for portability and convenience. The government requires security verification to be performed on digital medical devices that manage sensitive information during the transmission and storage of patient data. Although safety verification is included in the approval process for DTx, the cybersecurity checklist used as a reference does not reflect the characteristics of mobile applications. This poses the risk of potentially overlooking vulnerabilities during security verification. This study aims to address this issue by comparing and analyzing existing items based on the mobile tactics, techniques, and procedures of MITRE ATT&CK, which manages globally known and occurring vulnerabilities through regular updates. We identify 16 items that require improvement and expand the checklist to 29 items to propose improvement measures. The findings of this study may contribute to the safe development and advancement of DTx for managing sensitive patient information.

Security Threats in the Mobile Cloud Service Environment (모바일 클라우드 서비스 환경에서의 보안위협에 관한 연구)

  • Han, Jung-Soo
    • Journal of Digital Convergence
    • /
    • v.12 no.5
    • /
    • pp.263-269
    • /
    • 2014
  • Mobile Cloud Service will provide cloud services through mobile devices. Because storage space constraints and computing process performance limitations of mobile devices, this service will process in the cloud environment after moving works and data that have to process in mobile terminal. The obstacles of mobile cloud service activity will have concerned high about the reliability service, data security, and the confidentiality security. In particular, in convergence of mobile services and cloud services, each threats are expected to be generated complicatedly. In this paper, we define the type of mobile cloud services as well as security threats that can occur in mobile cloud. Also we suggest security countermeasures in mobile app. and enterprises countermeasures. We suggest verification of mobile applications for user information protection about security countermeasures in mobile app. Also we describe the cloud providers responsibility and user responsibility about enterprises countermeasures.

A Strengthened Android Signature Management Method

  • Cho, Taenam;Seo, Seung-Hyun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.3
    • /
    • pp.1210-1230
    • /
    • 2015
  • Android is the world's most utilized smartphone OS which consequently, also makes it an attractive target for attackers. The most representative method of hacking used against Android apps is known as repackaging. This attack method requires extensive knowledge about reverse engineering in order to modify and insert malicious codes into the original app. However, there exists an easier way which circumvents the limiting obstacle of the reverse engineering. We have discovered a method of exploiting the Android code-signing process in order to mount a malware as an example. We also propose a countermeasure to prevent this attack. In addition, as a proof-of-concept, we tested a malicious code based on our attack technique on a sample app and improved the java libraries related to code-signing/verification reflecting our countermeasure.

A Probabilistic Test based Detection Scheme against Automated Attacks on Android In-app Billing Service

  • Kim, Heeyoul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.3
    • /
    • pp.1659-1673
    • /
    • 2019
  • Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.

A Study on the Effect of Integrated Leakage Rate Testing of Containment Vessel due to the Type A Testing Time (격납건물 ILRT 본시험시간이 시험에 미치는 영향에 관한 연구)

  • Kim, Chang-Soo;Moon, Yong-Sig
    • Transactions of the Korean Society of Pressure Vessels and Piping
    • /
    • v.8 no.3
    • /
    • pp.1-6
    • /
    • 2012
  • The containment Integrated Leakage Rate Testing(ILRT) of nuclear power plants in Korea is performed in accordance with NSSC(Nuclear Safety and Security Commission) code 2012-16 and ANSI/ANS 56.8-1994. Nuclear power plants in Korea and the United States are to apply same test criteria, ANSI/ANS 56.8-1994, except type A testing time. NPPs in Korea apply 24 hours according to NSSC code 2012-16, but NPPs in United States apply 8 hours according to 10CFR50 App. J for type A test. So, there are many difficulties in order to perform ILRT in Korea. In this study, I review the impact on the ILRT results and the effect of ILRT due to type A testing time. The future, we will continue study to enhance the test reliability and improve these problems.

Design and Implementation of Verification System for Malicious URL and Modified APK File on Cloud Platform (클라우드 플랫폼을 이용한 악성 URL 및 수정된 APK 파일 검증 시스템 설계 및 구현)

  • Je, Seolah;Nguyen, Vu Long;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.921-928
    • /
    • 2016
  • Over the past few years, Smishing attacks such as malicious url and malicious application have been emerged as a major problem in South Korea since it caused big problems such as leakage of personal information and financial loss. Users are susceptible to Smishing attacks due to the fact that text message may contain curios content. Because of that reason, user could follow the url, download and install malicious APK file without any doubt or verification process. However currently Anti-Smishing App that adopted post-processing method is difficult to respond quickly. Users need a system that can determine whether the modification of the APK file and malicious url in real time because the Smishing can cause financial damage. This paper present the cloud-based system for verifying malicious url and malicious APK file in user device to prevent secondary damage such as smishing attacks and privacy information leakage.