nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Analysing Data Security Requirements of Android Mobile Banking Application

verfasst von : Shikhar Bhatnagar, Yasir Malik, Sergey Butakov

Erschienen in: Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mobile banking applications are at high risk of cyber attacks due to security vulnerabilities in their application design and underlying operating systems. The Inter-Process Communication mechanism in Android enables applications to communicate, share data and reuse functionality between them. However, if used incorrectly, it can become an attack surface, which allows malicious applications to exploit devices and compromise sensitive financial information. In this research, we focused on addressing the intent vulnerabilities by applying a hybrid fuzzing testing technique to analyze the data security requirements of native Android financial applications. The system first automatically constructs an application behavior model and later apply hybrid fuzzing to the model to analyze the data leak vulnerabilities. Testing results help to discover the unknown exploitable entry points in the applications under test.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel An RSA-Based User Authentication Scheme for Smart-Homes Using Smart Card

Nächstes Kapitel Adaptive Mobile Keystroke Dynamic Authentication Using Ensemble Classification Methods

https://www.owasp.org/.

Drozer module fuzzinozer. https://github.com/mwrlabs/drozer-modules/blob/master/intents/fuzzinozer.py

Mobile banking applications security challenges for banks. https://www.accenture.com/t20170421T060949__w__/us-en/_acnmedia/PDF-49/Accenture-Mobile-Banking-Apps-Security-Challenges-Banks.pdf. Accessed October 2017

MWR infosecurity drozer tool. https://labs.mwrinfosecurity.com/tools/drozer/

Bojjagani, S., Sastry, V.N.: STAMBA: security testing for android mobile banking apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, K.C., Mosin, S., Ma, M. (eds.) Advances in Signal Processing and Intelligent Recognition Systems. AISC, vol. 425, pp. 671–683. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28658-7_57CrossRef

Kaka, S., Sastry, V., Maiti, R.R.: On the MitM vulnerability in mobile banking applications for android devices. In: 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6. IEEE (2016)

Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, pp. 1–6. ACM (2014)

Kouraogo, Y., Zkik, K., Orhanou, G., et al.: Attacks on android banking applications. In: International Conference on Engineering & MIS (ICEMIS), pp. 1–6. IEEE (2016)

Li, L., et al.: IccTA: detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1, pp. 280–291. IEEE Press (2015)

Ludwig, A., Mille, M.: Diverse protections for a diverse ecosystem: Android security 2016 year in review. Google Security Blog. Google. Accessed 22 March 2017

10.

Mueller, B., et al.: About the standard. Foreword by Bernhard Mueller, OWASP Mobile Project 5 Frontispiece 7 About The Standard 7 Copyright And License 7 Acknowledgements 7 (2017)

11.

Panja, B., Fattaleh, D., Mercado, M., Robinson, A., Meharia, P.: Cybersecurity in banking and financial sector: security analysis of a mobile banking application. In: 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 397–403. IEEE (2013)

12.

Sasnauskas, R., Regehr, J.: Intent fuzzer: crafting intents of death. In: Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), pp. 1–5. ACM (2014)

13.

Shezan, F.H., Afroze, S.F., Iqbal, A.: Vulnerability detection in recent android apps: an empirical study. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 55–63. IEEE (2017)

14.

Wang, J., Chen, B., Wei, L., Liu, Y.: Skyfire: data-driven seed generation for fuzzing. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 579–594. IEEE (2017)

15.

Wang, Y., Zhuge, J., Sun, D., Liu, W., Li, F.: Activityfuzzer: detecting the security vulnerabilities of android activity components

16.

Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Trans. Priv. Secur. (TOPS) 21(3), 14 (2018)

17.

Wu, T., Yang, Y.: Crafting intents to detect ICC vulnerabilities of android apps. In: 2016 12th International Conference on Computational Intelligence and Security (CIS), pp. 557–560. IEEE (2016)

18.

Yang, K., Zhuge, J., Wang, Y., Zhou, L., Duan, H.: Intentfuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM symposium on Information, computer and communications security, pp. 531–536. ACM (2014)

Titel: Analysing Data Security Requirements of Android Mobile Banking Application
verfasst von: Shikhar Bhatnagar
Yasir Malik
Sergey Butakov
Verlag: Springer International Publishing
Buch: Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments
Print ISBN: 978-3-030-03711-6

Electronic ISBN: 978-3-030-03712-3

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-03712-3_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"