Enhanced Code-Signing Scheme for Smartphone Applications

  • Inkyung Jeun
  • Kwangwoo Lee
  • Dongho Won
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7105)

Abstract

Recently, the number of incidents by malicious codes designed to suspend services and abuse personal information has grown rapidly, and the installation of applications on smart phones has emerged as one of the most common ways by which such malicious codes are spread. Anti-virus programs can be used to curb the spread of such codes, but these have limitations in terms of speed and efficiency. Accordingly, we need to strengthen the safety of application distribution and verification procedures in order to prevent the spread of malicious codes. To this end, this paper examines the problems of existing application distribution procedures, and suggests an enhanced code-signing scheme using the public key infrastructure (PKI) certificate for an application distribution method. It offers improved reliability and security by using code signing technology to secure the integrity of software and developer authentication functions.

Keywords

Smart Phone Security Requirement Security Threat Malicious Code Code Signing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ballagas, R., et al.: The smart phone: a ubiquitous input device. IEEE Pervasive Computing (2006)Google Scholar
  2. 2.
    Mobile Threats, https://www.mylookout.com
  3. 3.
    The Korea Times, Personal info of 35 mil. Nate, Cyworld users feared leaked (July 28, 2011)Google Scholar
  4. 4.
    Raor, L.: Lookout Identifies Which iPhone And Android Apps Want Your Sensitive Data (July 27, 2010), http://techcrunch.com
  5. 5.
    Guo, C., Wang, H.J., Zhu, W.: Smart-Phone Attacks and Defenses. In: HotNets III (November 2004)Google Scholar
  6. 6.
    Mulliner, C.R.: Security of Smart Phone, Master’s Thesis of University of California (June 2006)Google Scholar
  7. 7.
    Jeon, W., Kim, J., Lee, Y., Won, D.: A Practical Analysis of Smartphone Security. In: Smith, M.J., Salvendy, G. (eds.) HCII 2011, Part I. LNCS, vol. 6771, pp. 311–320. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
  9. 9.
  10. 10.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A State of the Art Review of Security Mechanisms, arXiv 2009 (November 2009)Google Scholar
  11. 11.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A State-of-the-Art Review of Security Mechanisms, http://arxiv.org/ftp/arxiv/papers/0912/0912.5101.pdf
  12. 12.
    Housley, R., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (April 2002)Google Scholar
  13. 13.
    An RSA Laboratories Technical note, PKCS7 : Cryptographic Message Syntax Standard (November 1, 1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Inkyung Jeun
    • 1
  • Kwangwoo Lee
    • 1
  • Dongho Won
    • 1
  1. 1.Sungkyunkwan UniversitySuwonKorea

Personalised recommendations