Smartphone Security

#Institute of IT Security Research #National third-party funding

This research project focuses on more or less neglected topics of cyber security (IT security) concerning smartphones, tablet-PCs and BYOD (bring your own device).

The availability of smartphones and tablet-PCs is rising steadily (with more than 3.3 billion devices predicted for 2016), bringing new challenges for the field of cyber security. A detailed analysis of current R&D projects and available achievements shows a lack of focus on certain important security problems. Additionally, many concepts were taken over from desktop PCs to mobile devices regardless of the distinctive features of the latter. This research project focuses on more or less neglected topics of cyber security concerning smartphones, tablet-PCs and BYOD (bring your own device).

An aim of this project is to develop new biometric methods of user authentication via a continuous verification of user specific dynamic behavior patterns, e.g. the user’s movement patterns while manipulating the mobile device. Those movement patterns include typical user movements like device handling, walking motion and gestures like “wiping” and “zooming”. As a further result, a biometry-based data authentication (which is a current security problem of telebanking/ netbanking) should be made possible, improving e.g. the security of the well-known mTAN approach through a biometric component. Another aim of the project is to enhance data security, especially for data stored externally.

Such services are often offered in an online/ cloud context and are very important for mobile devices whose storage space is mostly limited. Additionally, the synchronization of user data via several devices by the cloud services has its drawbacks concerning security. Current solutions require the user to warrant their provider control over the data, an often unacceptable situation. In this project, a new cryptography-based system will be developed that allows the user to preserve control of their data according to their requirements and that is easy to implement and to operate in mobile devices.

Acknowledging the increasing problem of malware (malicious software) in mobile devices, especially BYOD (increase in 2012 of more than 4,000% for android OS), and being aware that classical virus scanners will become rather inefficient in the future, this project focuses on optimized and specific detection in this environment based on behavior. The behavior detection should be built on the results of the KIRAS project MalwareDef, has to be specifically suited for the hardware requirements of smartphones and especially has to detect threats typical for BYOD. MalwareDef was based on the idea of formulating formal typical actions of malware on a conceptional level in order to detect malware dynamically. As the use of the technique of sandboxing is increasing in mobile devices, behavior based approaches are especially applicable to them. This allows controlling the behavior during runtime.

A method variant with hardware support will be investigated for all the project aims mentioned above. In order to achieve this, integrated high security hardware (SIM card and/ or TPM chip/ NFC secure element of the mobile device) will be added to the experimental set-up via supplemental software. The project results will be released in form of scientific publications, algorithms, methods and proof-of-concept implementations for the required function and efficiency tests