TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

WANG Qi-hua,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.02.049

2005-01-01

Abstract:The GSM and GPRS system provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. An analysis of the security features provided in a GSM and GPRS network is given.

Xu Qiting,Wang Xin,Gao Chuanshan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.08.063

2007-01-01

Abstract:The security architecture of J2ME is introduced.through two aspects:JVM Security and Application Security;brings up how to exchange senstive datas in wireless network by analyzing the methods about wireless security provided by J2ME MIDP2.0.Then,considering the existing security problems,some viable suggestions are presented.

许峰,崔隽,黄皓

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.10.022

2008-01-01

Computer Science

Abstract:The security protocols which are crucial to the mobile payment system(MPS),especially to the authentication of the user(mobile hand-held devices)in the wireless environment,determine the security properties or even the fate of whole system.We investigate the existent mobile payment systems,study the characteristic and security requirement of the macro-payment,and consider the inherent security of the J2ME platform,and hereby propose a security protocol for mobile payment based on J2ME,emphasizing the authentication to the user.Then we analyze and test the security and feasibility of the security protocols and the conclusion we have drawn is that security protocol achieves its security goals,has the ability to resist usual attacks and enjoys high efficiency.

廖旭,凌力

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.19.043

2003-01-01

Abstract:This paper introduces wireless applications and J2ME security architecture, shows how to exchange sensitive data more securely over wireless links for end-to-end m-commerce applications by using data encryption and SSL protocol.

Kecheng Liu,Wenlong Shen,Yu Cheng,Lin X. Cai,Qing Li,Sheng Zhou,Zhisheng Niu

DOI: https://doi.org/10.1109/jiot.2018.2877174

IF: 10.6

2019-04-01

IEEE Internet of Things Journal

Abstract:Mobile device-to-device (D2D) network has now become a standardized feature in many mobile devices, by which mobile devices can communicate with each other even when commercial Internet access is not available. Because D2D network is expected to be an intrinsic part of the Internet of Things (IoT) and mobile device is the smartest and the most advanced commercial device in everyday usage, the D2D feature and related security protocols it adopts influences the design and implementation of many other IoT devices. While D2D network provides tangible benefits to users, it also raises the security risks of information leaking. This paper presents an in-depth empirical security analysis on mobile D2D network among Android devices. Android apps could establish a mobile D2D network in various ways, including Wi-Fi hotspot, Wi-Fi Direct, and Bluetooth. Those mobile D2D protocols normally take different protection mechanisms, which makes security investigation considerably challenging. In this paper, we focus on most popular apps in the Google Play Store, with aggregated downloads more than 500 million. Our analysis reveals some critical vulnerabilities. The key findings are bi-fold. First, the current mobile D2D network framework enabled by Android has significant flaw of overprivilege issue. Second, we have identified that most data transfer over mobile D2D network is unencrypted. Furthermore, we exploit the identified Android framework flaws to construct three proof-of-concept attacks and we conclude this paper with security lessons and suggestions of possible solutions against the identified security issues.

computer science, information systems,telecommunications,engineering, electrical & electronic

MAO Hai-xia,CHEN Tian-zhou,DAI Hong-jun

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.029

2006-01-01

Abstract:This article briefly analyses the security mechanisms of GSM and UMTS and finds the faults in them.To solve these faults,a mobile security middleware architecture in high strength based on end-to-end security mechanism is proposed.This article introduces the middleware architecture and its security mechanism,including the design of authentication and key agreement,discusses the encryption algorithm and the scheme of integrity control.

Mingjun Xin,Zhangwei Huang,Quan Qian

DOI: https://doi.org/10.1109/NSWCTC.2009.252

2009-01-01

Abstract:In this paper, it first analyzes the present security protocol for mobile communications. Furthermore, a security framework for the Mobile E-Service is proposed. In the mean time, using the inherent security and expansibility of J2ME, we design a security message flow model to support communication protocol for the Mobile E-Service Oriented Architecture (MSOA), which emphasizes the authentication and the security of information transmission to the cooperative mobile users. Finally, under the background application of county-level mobile E-Service platform, we validate the security and feasibility of the communication protocol, thus providing firm and satisfactory technical support for the county-level mobile E-Government system.

Chen Tianzhou,Mao Haixia,Dai Hongjun

2006-01-01

Abstract:This paper briefly analyzes the security mechanisms of GSM/UMTS and finds their security defects, such as unidirectional authentication and cipher key transmission without encryption. For these defects, existing mobile communication systems can not prevent hostile attacks to satisfy high-level security demands. To solve these problems, we propose the robust Middleware Architecture for Mobile Communication Security (MAMCS), which employs new Authentication and Key Agreement (AKA) protocols, chooses different encryption algorithms for different applications and implements integrity control mechanism. In the end, we analyze the performance of MAMCS and show that MAMCS gets a 200%~2% improvement in security only at the cost of 1.51% descent in bandwidth and 18.14 ms extra latency.

Guan-Shi ZHENG,Zheng ZHANG,Wei-Hua ZHANG

DOI: https://doi.org/10.15888/j.cnki.csa.005354

2016-01-01

Abstract:The popularity of mobile system has attracted malware developers. To ensure the security of users’ privacy and property, there has been numerous solutions targeting current security issues of mobile system. In this paper, it introduces the prevalent mobile operating systems and the mobile application security analysis methodologies. In addition, it makes analysis and discussion. At last, it proposes the prospects of possible directions of mobile application analysis approaches and endswith a conclusion.

Jinxiang Dong

2007-01-01

Abstract:The paper firstly addresses the existing security problems in current JMS-based message-oriented middleware.Then,paper introduces JMS specification and the framework of the MSTP(Message Security Transport Protocol) which can solve those security problems.Finally,paper shows a application instance JTangMQ based on MSTP which can protect message from unauthorized access in any distributed environment with little penalty of efficiency reduced and acceptable performance.

M. Toorani,A. A. Beheshti

DOI: https://doi.org/10.1109/NGMAST.2008.88

2012-03-17

Abstract:Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.

Cryptography and Security,Networking and Internet Architecture

Chen Tianzhou,Huang Yu,Chen Feng,Hu Wei

2006-01-01

Abstract:There are many security defects in existing mobile communication systems, such as unidirectional authentication and cipher key transmission in plaintext. With the expansion of the mobile communication services, the mobile security becomes more and more important, but the existing communication systems can not prevent hostile attacks to supply high-quality service because of their defects in security. To solve these problems, we propose a new Security Architecture for Mobile Communication (SAMC), which employs new authentication protocols, chooses different encryption algorithms for different requirements and implements integrity control mechanism. Good security is developed in an open environment with the collaboration of experts. It has the robust security and the outstanding performance, just a slight and acceptable loss.

Zhicong Li,Li Ling

DOI: https://doi.org/10.3969/j.issn.1007-757X.2018.04.019

2018-01-01

Abstract:Compared with the traditional Native card,the Java smart card is more open and versatile,and has been widely used abroad.In the field of domestic mobile payment,if Java Card technology is applied,mobile payment can take advantage of its rich functionality and high security to deal with the new requirements emerging from the development of mobile payment industry.The first part of this paper briefly introduces the Java Card platform.The second part discusses the technical architecture of Java Card.Then the third part analyzes the advanced features of the Java Card platform.And the fourth part is about the security of the Java Card platform.The application of Java Card technology in mobile payment field is discussed in the fifth part.

Kai Sun

2002-01-01

Abstract:In current mobile agent systems, the research of protecting a host from possibly malicious mobile agents has made great progress, but reverse problem, namely protecting the agent from malicious hosts has not. This paper puts forward a scheme that uses JavaCard to provide a secure execution environment. First, attack of agent is analyzed. Then the detailed solution based on JavaCard is given.

Satish Narayana Srirama,Matthias Jarke,Wolfgang Prinz

DOI: https://doi.org/10.48550/arXiv.1007.3644

2010-07-21

Abstract:It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. The market capture of mobile web services also has increased significantly, in the past years. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. Even though a lot of standardized security specifications like WS-Security, SAML exist for web services in the wired networks, not much has been analyzed and standardized in the wireless environments. In this paper we give our analysis of adapting some of the security standards, especially WS-Security to the cellular domain, with performance statistics. The performance latencies are obtained and analyzed while observing the performance and quality of service of our Mobile Host.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Wajeb Gharibi

DOI: https://doi.org/10.48550/arXiv.1201.0945

2012-01-04

Cryptography and Security

Abstract:Modern technologies are becoming ever more integrated with each other. Mobile phones are becoming increasing intelligent, and handsets are growing ever more like computers in functionality. We are entering a new era - the age of smart houses, global advanced networks which encompass a wide range of devices, all of them exchanging data with each other. Such trends clearly open new horizons to malicious users, and the potential threats are self evident. In this paper, we study and discuss one of the most famous mobile operating systems 'Symbian'; its vulnerabilities and recommended protection technologies.

Ruicong Huang

DOI: https://doi.org/10.48550/arXiv.2109.00805

2021-09-02

Cryptography and Security

Abstract:Due to the continuous improvement of performance and functions, Android remains the most popular operating system on mobile phone today. However, various malicious applications bring great threats to the system. Over the past few years, significant changes occured in both malwares and counter measures. Specifically, malwares are continuously evolving, and advanced approaches are adopted for more accurate detection. To keep up with the latest situation, in this paper, we conduct a wide range of analysis, including latest malwares, Android security features, and approaches. We also provide some finding when we are gathering information and carrying on experiments, which we think is useful for further researches and has not been mentioned in previous works.

Wenqi Bu,Minhui Xue,Lihua Xu,Yajin Zhou,Zhushou Tang,Tao Xie

DOI: https://doi.org/10.1145/3106237.3117764

2017-08-21

Abstract:Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection. We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

Lin Sun,ShuTao Huang,YunWu Wang,MeiMei Huo

DOI: https://doi.org/10.1109/hpcc.2012.258

2012-01-01

Abstract:This article describes the basic structure of the Android and mobile devices on the application environment. A preliminary analysis of the Android security control structure and sandbox model are presented. We describe the features of Java security model. Mobile code security enhancements in Java are also discussed briefly. The policy-based sandbox code access security is designed to apply special policy on application individually in runtime.