论文信息 - Security analysis testing for secure instant messaging in android with study case: Telegram

Security analysis testing for secure instant messaging in android with study case: Telegram

Instant messaging activity plays a major role in our life. With increasing usage of mobile phones and instant messaging users, vulnerabilities against these devices raised exponentially. In this paper, we propose a security analysis testing for secure instant messaging apps in Android which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the testing methodology, we subsequently analyze one of the popular instant messaging that promises security and privacy for its users, Telegram. Therefore, we give detailed discussion about vulnerabilities that help developer to design for further secure application developments.

Kyung-Hyune Rhee | Yusuf Kurniawan | Aditya Candra

[1] Mohammad Iftekhar Husain,et al. iForensics: Forensic Analysis of Instant Messaging on Smart Phones , 2009, ICDF2C.

[2] David Brumley,et al. An empirical study of cryptographic misuse in android applications , 2013, CCS.

[3] Thomas Peyrin,et al. Freestart Collision for Full SHA-1 , 2015, EUROCRYPT.

[4] BhargavanKarthikeyan,et al. Imperfect forward secrecy , 2018 .

[5] Jason Moore,et al. Network and device forensic analysis of Android social-messaging applications , 2015, Digit. Investig..

[6] Swarat Chaudhuri,et al. A Study of Android Application Security , 2011, USENIX Security Symposium.

[7] Alexandre Melo Braga,et al. Design Issues in the Construction of a Cryptographically Secure Instant Message Service for Android Smartphones , 2014 .

[8] Matthew Green,et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[9] Jonathan Katz,et al. Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[10] David A. Wagner,et al. Analyzing inter-application communication in Android , 2011, MobiSys '11.