000000327 001__ 327
000000327 005__ 20180823100027.0
000000327 037__ $$aLERSSE-THESIS-2018-003
000000327 100__ $$aIldar Muslukhov
000000327 245__ $$aAnalysis of Data-At-Rest Security In Smartphones
000000327 260__ $$c2018-08-01
000000327 300__ $$amult. p
000000327 520__ $$aWith almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these devices prone to theft and loss. In this work we aim to broaden our understanding of how smartphone users and application developers protect sensitive data on smartphones. To understand how well users are protecting their data in smartphones, we conducted several studies. The results revealed that 50% of the subjects locked their smartphone with an unlocking secret and 95% of them chose unlocking secrets that could be guessed within minutes. To understand how well application developers protect sensitive data in smartphones, we analyzed 132K Android applications. We focused on identifying misuse of cryptography in applications and libraries. The study results revealed that developers often misuse cryptographic API. In fact, 9 out of 10 Android applications contained code that used a symmetric cipher with a static encryption key. Further, source attribution revealed that libraries are the main consumer of cryptography and the major contributor of misuse cases. Finally, an in-depth analysis of the top libraries highlighted the need for improvement in the way we define and detect misuse of cryptography. Based on these results we designed and evaluated a system for encryption keys management that uses wearable devices as an additional source of entropy. Evaluation results showed that the proposal introduces insignificant overhead in power consumption and latency.
000000327 6531_ $$aStatic Analysis
000000327 6531_ $$aSource Attribution
000000327 6531_ $$aAndroid
000000327 6531_ $$aCryptography APIs
000000327 6531_ $$aApplied Cryptography
000000327 6531_ $$aSmartphone
000000327 6531_ $$aPrivacy
000000327 6531_ $$aSecurity
000000327 8560_ $$flersse-it@ece.ubc.ca
000000327 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/327/files/ubc_2018_september_muslukhov_ildar.pdf
000000327 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/327/files/ubc_2018_september_muslukhov_ildar.pdf?subformat=pdfa$$xpdfa
000000327 909C4 $$pIldar Muslukhov, "Analysis of Data-At-Rest Security In Smartphones", PhD Dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, August, 2018
000000327 980__ $$aTHESIS