Advertisement

Evaluation of Cryptographic Capabilities for the Android Platform

  • David González
  • Oscar EsparzaEmail author
  • Jose L. Muñoz
  • Juanjo Alins
  • Jorge Mata
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 523)

Abstract

Future networks will be formed by millions of devices, many of them mobile, sharing information and running applications. Android is currently the most widely used operating system in smartphones, and it is becoming more and more popular in other devices. Providing security to these mobile devices and applications is a must for the proper deployment of future networks. For this reason, this paper studies the cryptographic structure and built-in tools in Android, and shows that the operating system has been specially designed for plugging-in external cryptographic modules. We conclude that the best option for providing cryptographic capabilities is using these external modules. We show the existent options and compare some features, like licensing, source code availability and price. We define some requirements, evaluate each module, and provide guidelines for developers who want to use properly security primitives.

Keywords

Mobile Device Source Code Outlier Measure Cryptographic Algorithm Android Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

This work was supported partially by the Spanish Research Council with Project SERVET TEC2011-26452, and by Generalitat de Catalunya with Grant 2014-SGR-1504 and 2014-SGR-375 to consolidated research groups.

References

  1. 1.
    Android Git repositories. https://android.googlesource.com/
  2. 2.
    Bouncy Castle repository. Android Git repositories. https://android.googlesource.com/platform/external/bouncycastle/
  3. 3.
    Abusharekh, A.: Comparative Analysis of Multi-Precision Arithmetic Libraries for Public Key Cryptography. Ph.D. thesis, George Mason University, Washington, DC (2004)Google Scholar
  4. 4.
    Bingmann, T.: Speedtest and comparsion of open-source cryptography libraries and compiler flags. https://panthema.net/2008/0714-cryptography-speedtest-comparison/
  5. 5.
    Campione, M., Walrath, K., Huml, A.: The Java Tutorial: A Short Course on the Basics, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (2000)Google Scholar
  6. 6.
    Carroll, A., Heiser, G.: An analysis of power consumption in a smartphone. In: Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, USENIXATC 2010, pp. 21–21. USENIX Association, Berkeley (2010)Google Scholar
  7. 7.
    eMarketer Inc.: 2 billion consumers worldwide to get smartphones by 2016 (2014). http://www.emarketer.com/Article/2-Billion-Consumers-Worldwide-Smartphones-by-2016/1011694
  8. 8.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, pp. 21–21. USENIX Association, Berkeley (2011)Google Scholar
  9. 9.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)CrossRefGoogle Scholar
  10. 10.
    Institute for Applied Information Processing and Communication. Gratz University of Technology. Core Crypto Toolkits. https://jce.iaik.tugraz.at/sic/Products/Core-Crypto-Toolkits
  11. 11.
    Free Software Foundation. The GNU Crypto project. http://www.gnu.org/software/gnu-crypto/
  12. 12.
    Goasduff, L., Rivera, J.: Gartner says smartphone sales surpassed one billion units in 2014 (2015). http://www.gartner.com/newsroom/id/2623415
  13. 13.
    Jones, C.: Google Play catching up to Apple’s App Store (2013). http://www.forbes.com/sites/chuckjones/2013/12/19/google-play-catching-up-to-apples-app-store/
  14. 14.
    Laverty, J.P., Wood, D.F., Kohun, F.G., Turchek, J.: Comparative analysis of mobile application development and security models. Issues Inf. Syst. 12(1), 301–312 (2011)Google Scholar
  15. 15.
    Nightingale, J.S.: Comparative analysis of Java cryptographic libraries for public key cryptography (2006). http://teal.gmu.edu/courses/ECE746/project/reports_2006/JAVA_MULTIPRECISION_report.pdf
  16. 16.
    The Legion of Bouncy Castle. Boncy Castle. http://www.bouncycastle.org/java.html
  17. 17.
    Research Group of Prof. Dr. Johannes Buchmann. FlexiProvider. http://www.flexiprovider.de/
  18. 18.
    Android Open Source Project. BigInteger class, Android API. http://developer.android.com/reference/java/math/BigInteger.html
  19. 19.
    Android Open Source Project. Crypto Provider, Android platform ‘libcore’ repository. Android Git repositories. https://android.googlesource.com/platform/libcore/+/master/luni/src/main/java/org/apache/harmony/security/provider/crypto/CryptoProvider.java
  20. 20.
    Android Open Source Project. javax.net.ssl package, Android API. http://developer.android.com/reference/javax/net/ssl/package-summary.html
  21. 21.
    Android Open Source Project. JSSE Provider, Android platform ‘conscrypt’ repository. Android Git repositories. https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/java/org/conscrypt/JSSEProvider.java
  22. 22.
    Android Open Source Project. OpenSSL Provider, Android platform ‘conscrypt’ repository. Android Git repositories. https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/java/org/conscrypt/OpenSSLProvider.java
  23. 23.
    Android Open Source Project. OpenSSL repository. Android Git repositories. https://android.googlesource.com/platform/external/openssl/+/master
  24. 24.
  25. 25.
    Android Open Source Project. Processes and threads. http://developer.android.com/guide/components/processes-and-threads.html
  26. 26.
    Android Open Source Project. Android Developers (2014). http://developer.android.com/index.html
  27. 27.
    The Cryptix Project. Cryptix. http://www.cryptix.org/
  28. 28.
    Ragnarsson, L.: The logi.crypto Java package. http://www.logi.org/logi.crypto/devel/
  29. 29.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)CrossRefGoogle Scholar
  30. 30.
    National Institute Standards and Technology. Cryptographic Toolkit. http://csrc.nist.gov/groups/ST/toolkit/index.html
  31. 31.
    Roberto Tyley. SpongyCastle. http://rtyley.github.io/spongycastle/
  32. 32.
    Viega, J., Chandra, P., Messier, M.: Network Security with Openssl, 1st edn. O’Reilly & Associates Inc., Sebastopol (2002)Google Scholar
  33. 33.
    Walker, M.A.: Standard method of evaluating cryptographic capabilities and efficiency for devices with the Android platform (2010). https://www.truststc.org/education/reu/10/Papers/WalkerM_paper.pdf

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • David González
    • 1
  • Oscar Esparza
    • 1
    Email author
  • Jose L. Muñoz
    • 1
  • Juanjo Alins
    • 1
  • Jorge Mata
    • 1
  1. 1.Network Engineering DepartmentUniversitat Politècnica de CatalunyaBarcelonaSpain

Personalised recommendations