Abstract
In this paper, security vulnerabilities that can be found in hybrid apps, by which important data are downloaded from a web server, were analyzed and HIGHT algorithm based on OTP delimiter modification and bit slicing was proposed to enhance security of hybrid apps. The hybrid app, to which the proposed method was applied before analysis, is a medical app for research and monitors biometric data of patients in the healthcare field. This app is monitoring patient’s biometric data continuously. Thus, this app generates considerable mobile traffic and transmission delay. After installing the app in a mobile device, reverse engineering was used to check the address from which the app requests important data, and a web server analysis tool was used to obtain important data that enables security attacks including the sitemap, type and version of application, and open source. To solve these problems, the security protocol proposed in this paper was applied, as a result important data were protected without transmission delay and it shows that proposed protocol can adopt high speed mobile communications.
Similar content being viewed by others
References
Kim YJ, Kim KJ, Yu YJ, Park SH (2011) Implementation of XML-based open API for Smartphone Middleware. J Korea Inst Inf Commun Eng 15(1):869–876. doi:10.6109/jkiice.2011.15.4.869
Do KM, Kim YH, Kim DI, Kim CB (2013) Application design using hybrid app in mobile environment. In: Korean Institute of Information Technology summer conference, pp 35–38
Jung WJ, Oh JH, Yoon DW (2012) Design and implementation of hybrid app framework. J Korea Inst Inf Commun Eng 16(9):1990–1996
Cho YH, Kim SW, Jeong PS (2013) A study on the implementation of mobile healthcare system using hybrid app. J Korea Inst Inf Commun Eng 17(2):503–514. doi:10.6109/jkiice.2013.17.2.503
Carlos R, Afonso J, Tomé P (2011) Mobile application webservice performance analysis: restful services with JSON and XML. In: ENTERprise information systems, pp 162–169. doi:10.1007/978-3-642-24355-4_17
Nurseitov N, Paulson M, Reynolds R, Izurieta C (2009) Comparison of JSON and XML data interchange formats: a case study. In: Proceedings of the ISCA 22nd international conference on computer applications in industry and engineering, pp 157–162
Berena AJ, Chunwijitra S, Okada H, Ueno H (2013) Shared virtual presentation board for e-Meeting in higher education on the WebELS platform. Hum Centric Comput Inf Sci 3(3). doi:10.1186/2192-1962-3-6
Kim GY, Cho SJ (2010) Security vulnerability trends in smartphones. Korean Inst Inf Sci Eng Conf 37(2B):90–94
Kun P (2013) A secure network for mobile wireless service. J Inf Process Syst 9(2):247–258. doi:10.3745/JIPS.2013.9.2.247
Tsai C-L, Chen C-J, Zhuang D-J (2012) Trusted M-banking verification scheme based on a combination of OTP and biometrics. J Converg 3(3):23–30
Agarwal S, Lau CT (2010) Remote health monitoring using mobile phones and Web services. Telemed e-Health 16(2):603–607. doi:10.1089/tmj.2009.0165
Kim YH, Lim IK, Lee JK (2014) A study on algorithm to identify the abnormal status of a patient using acceleration algorithm. Personal Ubiquitous Comput 18(3):1337–1350. doi:10.1007/s00779-013-0736-1
Melendi D, Pañeda XG, García R, García VG (2009) Sistema para la realización y evaluación de prácticas de protocolos de nivel de aplicación. IEEE-RITA 4(2):109–116
Kelly MR (2012) An extensible framework for creating personal archives of web resources requiring authentication. PhD Thesis, Old Dominion University
Charland A, Leroux B (2011) Mobile application development: web vs. native. Commun ACM 54(2):49–53. doi:10.1145/1941487.1941504
Samet H, Adelfio MD, Fruin BC, Lieberman MD, Teitler BE (2011) Porting a web-based mapping application to a smartphone app. In: Proceedings of the 19th ACM SIGSPATIAL international conference on advances in geographic information systems, pp 525–528. doi:10.1145/2093973.2094065
Godwin-Jones R (2011) Emerging technologies: mobile apps for language learning. Lang Learn Technol 15(2):2–11
Kim JB (2012) Study on construction method of hybrid web-based smart learning systems. J Inst Electron Inf Eng 49(9):370–378. doi:10.5573/ieek.2012.49.9.370
Na Daniel Y (2011) The what, why, and how of mobile applications. Sigma 11(1):20–26
Gavalas D, Economou D (2011) Development platforms for mobile applications: status and trends. Softw IEEE 38(1):77–86. doi:10.1109/MS.2010.155
Lu J (2007) Cryptanalysis of reduced versions of the HIGHT block cipher from CHES 2006. In: Information security and cryptology-ICISC 2007, pp 11–26. doi:10.1007/978-3-540-76788-6_2
Koo BW, Hong DJ, Kwon DS (2011) Related-key attack on the full HIGHT. Information security and cryptology-ICISC 2010, pp 49–67. doi:10.1007/978-3-642-24209-0_4
Biswas K, Muthukkumarasamy V, Sithirasenan E, Singh K (2014) A simple lightweight encryption scheme for wireless sensor networks. In: Distributed computing and networking, pp 499–504. doi:10.1007/978-3-642-45249-9_33
Ozen O, Varici K, Tezcan C, Kocair C (2009) Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT. In: Information security and privacy, pp 90–107. doi:10.1007/978-3-642-02620-1_7
AlDabbagh SSM, Al Shaikhli IFT (2012) Lightweight block ciphers: a comparative study. J Adv Comput Sci Technol Res 2(1):159–165
Zhang P, Sun B, Li C (2009) Saturation attack on the block cipher HIGHT. In: Cryptology and network security, pp 76–86. doi:10.1007/978-3-642-10433-6_6
TTA, TTAS.KO-12.0040/R1: 64-bit block cipher HIGHT
ISO/IEC 18033-3:2010, Information technology—security techniques—encryption algorithms-Part 3: Block ciphers
Karuppiah AB, Rajaram S (2012) Energy efficient encryption algorithm for wireless sensor network. Int J Eng Res Technol 1(3):1–7
Hong DJ, Koo BW, Kwon DS (2012) Biclique attack on the full HIGHT. Information security and cryptology-ICISC 2011, pp 365–374. doi:10.1007/978-3-642-31912-9_24
Hong DJ, Sung JC, Hong SH, Lim JI, Lee SJ, Koo BS, Lee CH, Chang DH, Lee JS, Jeong KT, Kim H, Kim JS, Chee ST (2006) HIGHT: a new block cipher suitable for low-resource device. In: Cryptographic hardware and embedded systems-CHES 2006, pp 46–59. doi:10.1007/11894063_4
Biham E (1997) A fast new DES implementation in software. In: Fast software encryption, pp 260–272. doi:10.1007/BFb0052352
Baek ET, Lee MK (2012) Speed-optimized implementation of HIGHT block cipher algorithm. J Korea Inst Inf Secur Cryptol 22(3):495–504
Lee DG (2011) Kim HW (2011) FPGA implementation of HIGHT block cipher. Inst Electron Eng Korea Summer Conf 34(1):1603–1606
Oppliger R, Hauser R, Basin D (2006) SSL/TLS session-aware user authentication-or how to effectively thwart the man-in-the-middle. Comput Commun 29(12):2238–2246. doi:10.1016/j.comcom.2006.03.004
Me G, Pirro D, Sarrecchia R (2006) A mobile based approach to strong authentication on web. In: ICCGI ’06 proceedings of the international multi-conference on computing in the global information technology, p 67. doi:10.1109/ICCGI.2006.8
Oppliger R, Hauser R, Basin D (2008) SSL/TLS session-aware user authentication revisited. Comput Secur 27(3):64–70. doi:10.1016/j.cose.2008.04.005
Dulidall JL, Godfrey MS, Harrison KA, Munro WJ, Rarity JG (2006) Low cost and compact quantum key distribution. New J Phys 8(10):1–16. doi:10.1088/1367-2630/8/10/249
Eldefrawy MH, Khan MK, Alghathbar K, Kim TH, Elkamchouchi H (2012) Mobile one-time passwords: two-factor authentication using mobile phones. Secur Commun Netw 5(2):508–516. doi:10.1002/sec.340
Gurav TH, Dhage M (2012) Remote client authentication using mobile phone generated OTP. Int J Sci Res Publ 2(2):1–4
Lee JP, Kim YH, Lee JK (2013) The traffic performance evaluation between remote server and mobile for applying to encryption protocol in the Wellness environment. J Digit Converg 11(11):415–420. doi:10.14400/JDPM.2013.11.11.415
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, SH., Kim, YH., Lee, JK. et al. Hybrid app security protocol for high speed mobile communication. J Supercomput 72, 1715–1739 (2016). https://doi.org/10.1007/s11227-014-1318-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-014-1318-3