Добірка наукової літератури з теми "Android Keystore"

A multichannel data acquisition device connected to a linux ubuntu computer was used to measure environmental gamma rays intensity and energy spectrum. LabVIEW program stored the data in memory mapped MySQL table during acquisition, java server program sent data to android client through secure sockets layer (SSL). Generation of keystore files and implementation of SSL communication were discussed.

With the rapid development of mobile internet, the projector becomes the terminal of mobile internet because of the network module embedded in smart projectors, which can provide a more convenient viewing experience. For traditional mini projector just as simple display equipment, the integration of Android operating system makes mini projector smarter, it is equivalent to a simple PC with projection function. This paper discusses the projection screen keystone distortion phenomenon of mini projector equipped with Android operating system under limiting projection environment because of different placement angle and how to eliminate the above-mentioned distortion, after elaborating the software and hardware architecture of smart mini projector, it focuses upon an analysis on how to achieve automatic correction of the projection screen using the digital acceleration sensor in hardware driver of the Android operating system.

Nowadays, smart devices have become a part of ourlives, hold our data, and are used for sensitive transactions likeinternet banking, mobile banking, etc. Therefore, it is crucial tosecure the data in these smart devices from theft or misplacement.The majority of the devices are secured with password/PINbaseduser authentication methods, which are already proveda less secure or easily guessable user authentication method.An alternative technique for securing smart devices is keystrokedynamics. Keystroke dynamics (KSD) is behavioral biometrics,which uses a natural typing pattern unique in every individualand difficult to fake or replicates that pattern. This paperproposes a user authentication model based on KSD as an additionalsecurity method for increasing the smart devices’ securitylevel. In order to analyze the proposed model, an android-basedapplication has been implemented for collecting data from fakeand genuine users. Six machine learning algorithms have beentested on the collected data set to study their suitability for usein the keystroke dynamics-based authentication model.

With the rise of mobile devices and the high number of instant messaging applications available in the stores, it is necessary to evaluate the usability of such applications to provide a more satisfying user experience. To this end, this paper presents a methodical usability evaluation of instant messaging applications both in iOS and Android platforms. A predefined evaluation was used, which was created to detect the main usability issues of mobile applications, regardless of the device used and the evaluated applications. Consequently, two methods were used: the keystroke level model and the mobile heuristic evaluation. Also, the results suggest that the main problems of this type of applications are difficulties in performing tasks (some of them were not agile nor easy to complete), lack of element cohesion (some icons and buttons did not follow the style of the operating system, bad translations, and too much information on the screen), problems with the user interface (pop-ups overlapping the status bar, clipped elements, sometimes the interface did not rotate, and, in other cases, the interface changed considerably when the device was rotated), and lack of information about privacy and security features. Finally, based on the results, we propose a set of recommendations that will be helpful for developers of this kind of applications.

The keystroke dynamic authentication (KDA) technique was proposed in the literature to develop a more effective authentication technique than traditional methods. KDA analyzes the rhythmic typing of the owner on a keypad or keyboard as a source of verification. In this study, we extend the findings of the system by analyzing the existing literature and validating its effectiveness in Arabic. In particular, we examined the effectiveness of the KDA system in Arabic for touchscreen-based digital devices using two KDA classes: fixed and free text. To this end, a KDA system was developed and applied to a selected device operating on the Android platform, and various classification methods were used to assess the similarity between log-in and enrolment sessions. The developed system was experimentally evaluated. The results showed that using Arabic KDA on touchscreen devices is possible and can enhance security. It attains a higher accuracy with average equal error rates of 0.0% and 0.08% by using the free text and fixed text classes, respectively, implying that free text is more secure than fixed text.

Purpose The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities and is available on GitHub. Interested researchers and practitioners may use it to create their datasets for research purposes. Design/methodology/approach One major challenge for BB and continuous authentication (CA) research is the lack of actual BB datasets for research purposes. The compilation and refinement of an appropriate set of BB data constitute a challenge and an open problem. The issue is aggravated by the fact that most users are reluctant to participate in long demanding procedures entailed in the collection of research biometric data. As a result, they do not complete the data collection procedure, or they do not complete it correctly. Therefore, the authors propose a new paradigm and introduce a BB collection tool, which they call BioGames, for the extraction of biometric features in a convenient way. The BioGames paradigm proposes a methodology where users play games without participating in an experimental painstaking process. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities. Findings The authors proposed a new paradigm for the collection of BB on mobile devices and created the BioGames application. The BioGames App is an Android application that collects BB data on mobile devices and sends them to a database. The database design allows multiple users to store their sensor data at any time. Thus, there is no concern about data separation and synchronization. BioGames App is General Data Protection Regulation (GDPR) compliant as it collects and processes only anonymous data. Originality/value The BioGames App is a publicly available tool that combines the keystroke dynamics, touch gestures, and motion modalities. In addition, it uses a methodology where users play games without participating in an experimental painstaking process.

Keystroke dynamics is the study of how people can be distinguished based on their typing rhythms. It is considered as a real alternative to several authentication mechanisms. In order to improve authentication security in mobile applications, especially mobile chat applications , we propose in this work an approach of user keystroke-based authentication which is based on two important mechanisms, firstly the authentication is done on the basis of a supervised classification model trained on the dynamic keystroke database (android platform) the prediction accuracy has reached high values. When the attacker used the same behavior as the legitimate user we are strengthening security by another authentication mechanism based on three parameters during the opening of a communication session between two users (the number of messages per session, connection time and inter-click time). The proposed system has shown satisfactory results by combining user behaviours and connection parameters during an open session between two users to reinforce the authentication aspect.

Le paysage du monde des téléphones mobiles a changé avec l’introduction des ordiphones (de l’anglais smartphones). En effet, depuis leur avènement, les ordiphones sont devenus incontournables dans des différents aspects de la vie quotidienne. Cela a poussé de nombreux fournisseurs de services de rendre leurs services disponibles sur mobiles. Malgré cette croissante popularité, l’adoption des ordiphones pour des applications sensibles n’a toujours pas eu un grand succès. La raison derrière cela est que beaucoup d’utilisateurs, de plus en plus concernés par la sécurité de leurs appareils, ne font pas confiance à leur ordiphone pour manipuler leurs données sensibles. Cette thèse a pour objectif de renforcer la confiance des utilisateurs en leur mobile. Nous abordons ce problème de confiance en suivant deux approches complémentaires, à savoir la sécurité prouvée et la sécurité ancrée à des dispositifs matériels. Dans la première partie, notre objectif est de montrer les limitations des technologies actuellement utilisées dans les architectures des ordiphones. À cette fin, nous étudions deux systèmes largement déployés et dont la sécurité a reçu une attention particulière dès la conception : l’entrepôt de clés d’Android, qui est le composant protégeant les clés cryptographiques stockées sur les mobiles d’Android, et la famille des protocoles sécurisés SCP (de l’anglais Secure Channel Protocol) qui est définie par le consortium GlobalPlatform. Nos analyses se basent sur le paradigme de la sécurité prouvée. Bien qu’elle soit perçue comme un outil théorique voire abstrait, nous montrons que cet outil pourrait être utilisé afin de trouver des vulnérabilités dans des systèmes industriels. Cela atteste le rôle important que joue la sécurité prouvée pour la confiance en étant capable de formellement démontrer l’absence de failles de sécurité ou éventuellement de les identifier quand elles existent. Quant à la deuxième partie, elle est consacrée aux systèmes complexes qui ne peuvent pas être formellement vérifiés de manière efficace en termes de coût. Nous commençons par examiner l’approche à double environnement d’exécution. Ensuite, nous considérons le cas où cette approche est instanciée par des dispositifs matériels particuliers, à savoir le ARM TrustZone, afin de construire un environnement d’exécution de confiance (TEE de l’anglais Trusted Execution Environment). Enfin, nous explorons deux solutions palliant quelques limitations actuelles du TEE. Premièrement, nous concevons une nouvelle architecture du TEE qui en protège les données sensibles même quand son noyau sécurisé est compromis. Cela soulage les fournisseurs des services de la contrainte qui consiste à faire pleinement confiance aux fournisseurs du TEE. Deuxièmement, nous proposons une solution dans laquelle le TEE n’est pas uniquement utilisé pour protéger l’exécution des applications sensibles, mais aussi pour garantir à des grands composants logiciels (comme le noyau d’un système d’exploitation) des propriétés de sécurité plus complexes, à savoir l’auto-protection et l’auto-remédiation
The landscape of mobile devices has been changed with the introduction of smartphones. Sincetheir advent, smartphones have become almost vital in the modern world. This has spurred many service providers to propose access to their services via mobile applications. Despite such big success, the use of smartphones for sensitive applications has not become widely popular. The reason behind this is that users, being increasingly aware about security, do not trust their smartphones to protect sensitive applications from attackers. The goal of this thesis is to strengthen users trust in their devices. We cover this trust problem with two complementary approaches: provable security and hardware primitives. In the first part, our goal is to demonstrate the limits of the existing technologies in smartphones architectures. To this end, we analyze two widely deployed systems in which careful design was applied in order to enforce their security guarantee: the Android KeyStore, which is the component shielding users cryptographic keys in Android smartphones, and the family of Secure Channel Protocols (SCPs) defined by the GlobalPlatform consortium. Our study relies on the paradigm of provable security. Despite being perceived as rather theoretical and abstract, we show that this tool can be handily used for real-world systems to find security vulnerabilities. This shows the important role that can play provable security for trust by being able to formally prove the absence of security flaws or to identify them if they exist. The second part focuses on complex systems that cannot cost-effectively be formally verified. We begin by investigating the dual-execution-environment approach. Then, we consider the case when this approach is built upon some particular hardware primitives, namely the ARM TrustZone, to construct the so-called Trusted Execution Environment (TEE). Finally, we explore two solutions addressing some of the TEE limitations. First, we propose a new TEE architecture that protects its sensitive data even when the secure kernel gets compromised. This relieves service providers of fully trusting the TEE issuer. Second, we provide a solution in which TEE is used not only for execution protection, but also to guarantee more elaborated security properties (i.e. self-protection and self-healing) to a complex software system like an OS kernel

碩士
國立彰化師範大學
數位學習研究所
99
Since the touch screen handheld mobile devices have become widely used, people are able to conveniently access various data　and information anywhere. Most user authentication methods for these mobile devices are PIN-based (Person Identification Number) authentication. However, PINs consist of 4 to 8 numbers and then it suffers from guessing and shoulder surfing attacks easily. Many studies have employed the KDA (Keystroke Dynamics-based Authentication) system, which verifies PIN correctness and also verifies the corresponding individual keystroke features. It provides additional security verification for PIN-based authentication. Unfortunately, unlike the text-based password KDA systems in QWERTY keyboards, different keypad sizes or layouts of mobile devices affect the PIN-based KDA system utility. In this study, the accuracy of authenticating the keystroke features are not affected by inconsistent keypads since the PINs is entered via the identical size of human-computer interface. Moreover, except for the original keystroke time features in the KDA systems, two novel keystroke features are found in touch screen handheld mobile devices, which are called "pressure" features and "size" features. This study uses these features to improve the keystroke data quality of PIN-based KDA system. On the other hand, we propose a new graphical-based password KDA system for touch screen handheld mobile devices. The proposed system uses graphical password to enlarge the password space size and uses the pressure features to improve the keystroke data quality. A user also enter his/her graphical password via the identical size of human-computer interface. Under this situation, the graphical-based password KDA system is able to promote the PIN-based KDA system utility in touch screen handheld mobile devices.