ANDROID BASED WS SECURITY AND MVC BASED UI REPRESENTATION OF DATA

Similar documents
Mobile Development Lecture 9: Android & RESTFUL Services

Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin

Android App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore

Progressive Authentication in ios

Open Mobile Platforms. EE 392I, Lecture-6 May 4 th, 2010

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

An Enhanced Security Policy Framework for Android

Introduction to Android Android Smartphone Programming. Outline University of Freiburg. What is Android? Background University of Freiburg.

Software Development & Education Center ANDROID. Application Development

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Systems Analysis and Design in a Changing World, Fourth Edition

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Chapter 2 Setting Up for Development

MOBILE CLIENT FOR ONLINE DICTIONARY. Constantin Lucian ALDEA 1. Abstract

Securing the future of mobility

Automotive Security An Overview of Standardization in AUTOSAR

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

Outlines. Networking in Java. Internet hardware structure. Networking Diagram. IP Address. Networking in Java. Networking basics

Security and Authentication

VirtualSwindle: An Automated Attack Against In-App Billing on Android

MOBILE THREAT LANDSCAPE. February 2018

Android App Development

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

ANDROID SYLLABUS. Advanced Android

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

MarkLogic 8 Overview of Key Features COPYRIGHT 2014 MARKLOGIC CORPORATION. ALL RIGHTS RESERVED.

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

Securing Today s Mobile Workforce

PRACTICAL NETWORK DEFENSE VERSION 1

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Design of a Simple, Distributed Network Access Control System

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

10 FOCUS AREAS FOR BREACH PREVENTION

ANDROID DEVELOPMENT. Course Details

Assignment 2. Start: 15 October 2010 End: 29 October 2010 VSWOT. Server. Spot1 Spot2 Spot3 Spot4. WS-* Spots

MOBILE DEFEND. Powering Robust Mobile Security Solutions

This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.

HP Instant Support Enterprise Edition (ISEE) Security overview

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

Comodo APT Assessment Tool

Personal Health Assistant: Final Report Prepared by K. Morillo, J. Redway, and I. Smyrnow Version Date April 29, 2010 Personal Health Assistant

When providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS

Mobile Devices prioritize User Experience

Android ATC Android Security Essentials Course Code: AND-402 version 5 Hands on Guide to Android Security Principles

Syllabus- Java + Android. Java Fundamentals

SmartSiren: Virus Detection and Alert for Smartphones. Jerry Cheung, Starsky Wong, Hao Yang and Songwu Lu MOBISYS 2007

Introduction to Programming Using Java (98-388)

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.

The Android security jungle: pitfalls, threats and survival tips. Scott

CS System Security 2nd-Half Semester Review

Programming with Android: Network Operations. Dipartimento di Scienze dell Informazione Università di Bologna

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

IEMS 5722 Mobile Network Programming and Distributed Server Architecture

LTBP INDUSTRIAL TRAINING INSTITUTE

The Evolving Threat of Internet Worms

Lecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Network Security: Firewall, VPN, IDS/IPS, SIEM

Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich

Loosely Coupled Actor Systems

COMPUTER NETWORK SECURITY

Network Security and Cryptography. 2 September Marking Scheme

Trusted Computing Group

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES

Intelligent Terminal System Based on Trusted Platform Module

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Introduction. The Safe-T Solution

Confinement (Running Untrusted Programs)

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Construction of Computer Encrypted Secure Communication Environment Based on Private Virtual Network Technology

Chapter 9. Firewalls

PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:

Exceptions. References. Exceptions. Exceptional Conditions. CSE 413, Autumn 2005 Programming Languages

CSCD 330 Network Programming Spring 2018

commtech Online Holiday Shopping Tips A Guide Presented by: CommTech Industries

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Design of Secure Location and Message Sharing System for Android Platform

HikCentral V1.3 for Windows Hardening Guide

DreamFactory Security Guide

Mobile Application Development

Exceptions. CSE 142, Summer 2002 Computer Programming 1.

Exceptions. Readings and References. Exceptions. Exceptional Conditions. Reading. CSE 142, Summer 2002 Computer Programming 1.

Construction of Trusted Computing Platform Based on Android System

Tale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS

CTS2134 Introduction to Networking. Module 08: Network Security

Overview of Layered Architectures

Confirmed VPN Privacy Audit and Open Watch Analysis Summary Report and Documentation

Usage of Honeypot to Secure datacenter in Infrastructure as a Service data

SIEMLESS THREAT DETECTION FOR AWS

Own change. TECHNICAL WHITE PAPER Data Integration With REST API

Operating Systems Design Exam 3 Review: Spring 2011

Security and privacy in the smartphone ecosystem: Final progress report

Securing the SMB Cloud Generation

Android System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015

Transcription:

ANDROID BASED WS SECURITY AND MVC BASED UI REPRESENTATION OF DATA Jitendra Ingale, Parikshit mahalle SKNCOE pune,maharashtra,india Email: jits.ingale@gmail.com ABSTRACT: Google s Android is open source; Programmable software framework is subject to typical Smartphone attacks. Such attacks can make the phone partially or fully unusable, cause unwanted changes. While accessing data over web services there should be security mechanisms like encryption of data on server side and decryption using key on client side so that attacks can cause minimal damage to device and data integrity In the second part we have tried to implement here is that representation of data in UI in MVC architecture so that data can be separated from the representation details and user can view data in a manner whichever gives him/her comfort in analyzing the data. 1. INRTODUCTION Android is a software stack for mobile devices that includes an operating system, middle-ware and key applications. The Android SDK provides the means and APIs necessary to begin developing applications on the Android platform using the Java programming language. As an operating system for mobile devices and embedded systems, Google s Android an open source framework is subject to attacks. These attacks impact users of these sophisticated systems adversely and steal their private information and in some cases damage them. These threats to mentioned sophisticated systems are growing day by day as market for smart-phones is subject to grow over the time. It is estimated that smart-phone viruses can update themselves in less time than time taken by viruses to evolve for traditional computer systems.thus; the challenge in ensuring smart-phone security is becoming similar to that confronting the traditional computer systems. So far, limited numbers of users of smart-phone has limited the scale and impact of attacks on smart-phones. But it will increase in years to come. Thus, hackers can gain access to the operating system code. Again, to represent data in an Android application method employed is very simple and is subject to attacks. But is data is separated from its representation to users then even if representation get manipulated data at server can be safe DOI : 10.5121/ijcseit.2013.3103 33

2. MOTIVATION In an Android application development arena we find that we don t have enough application o work with remote server through encrypted web service module. If we see in Appstore, to maintain UI of an application, there are very few applications that have MVC architecture implemented.in the application I am discussing here I have maintained MVC architecture by separating UI and its representation.mvc approach is an effective way to support multiple presentations of data. Users can interact to each presentation in style that is appropriate to the presentation. The data to be displayed is encapsulated in model object. Each model object may have different view objects associated with it where each view is different display representation of the model. Currently also android OS is in news for security threats that may hamper some business scenarios. I have tried to take care some of those. 3. PROPOSED WORK Android is an execution environment for simulating mobile devices. Android SDK comes in various levels of security. Various system components in the upper layers use libraries from kernel. Incorporating these libraries in Android applications is achieved via Java native interfaces(jni)..dex (Dalvik-executable) files which are compact and memory-efficient than Java class files. The application framework is written in Java, has Google-provided means as well as extensions or services. Table 1.Security Mechanisms Incorporated In Android [9] 34

At runtime Android execution environment forms.apk installation file. This is similar to a Java.jar file in the way that it holds all code and other resources (like images or manifest) for the application. Android applications are developed in Java based on the APIs the Android software development kit (SDK) provides and there is provision for ensuring correct output in emulator. Further, applications needs to be digitally signed (code and other).enclosed public key successfully verifies the signature. In general, several security mechanisms are incorporated into the Android framework (see Table 1). We can group them into three different groups: Linux mechanisms, environmental features, and Android-specific mechanisms. 4. PROJECT STATEMENT Generally, in a large application, where client server architecture has to be employed, we prefer Web Services, and then make XML based RPC calls between the client and the server. XML based RPC calls means that communication string will be in XML format. It is not advised to have tightly coupled server and client. One way to do this is to create a server that accepts commands and arguments through the use of HTTP POST and returns data as a string. The client can then make calls to the server by RPC and pass data to server. In this paper we will propose the way to implement simple client/server. As http protocol is not secure one should prefer https i.e. secure http. We have opted to use HTTP for its simplicity and convenience. The Statement is as follows: Representation of data in MVC type of UI architecture which separates data representation technique from data collection on client side with information stored on distant server. Transport layer protocols like TCP and UDP have gained lot of value in today s Internet. TCP i.e. Transmission control protocol provides connection-oriented network, reliable end-to-end communication service. TCP programming in Android uses APIs provided in java.net package. Creation of TCP server requires a Server Socket instance, and wait for (accept ) incoming connections. If there s a connection available, accept method will return open socket. For generation of client we requires IP and port number. Once connection established, one can receive and send message through the socket. 35

Fig 2 TCP connection Above diagram shows communication between client and server 5. SOLUTION TO THE PROBLEM Rather than using the 3rd party API s, json classes etc. we will use default HttpClient from org.apache.http package. The code will be as follows: HttpClient httpclient = new DefaultHttpClient(); HttpGet httpget = new HttpGet("http://example.com/script.php?var1=androidprogramming"); try { HttpResponse response = httpclient.execute(httpget); if(response!= null) { String line = ""; InputStream inputstream = response.getentity().getcontent(); line = convertstreamtostring(inputstream); Toast.makeText(this, line, Toast.LENGTH_SHORT).show(); else { Toast.makeText(this, "Unable to complete your request", Toast.LENGTH_LONG).show(); catch (ClientProtocolException e) { Toast.makeText(this, "Caught ClientProtocolException", Toast.LENGTH_SHORT).show(); 36

catch (IOException e) { Toast.makeText(this, "Caught IOException", Toast.LENGTH_SHORT).show(); catch (Exception e) { Toast.makeText(this, "Caught Exception", Toast.LENGTH_SHORT).show(); Client server communication is easy in android environment.this is done as follows Create HttpClient with the default constructor. Create a HttpGet or HttpPost object as per requirement, here we have made a GET object so that we can know the status Object initialization. Execute the GET/POST object through the Http and server will response in the response object of HttpResponse. Fetching Data From HttpResponse: To receive data from HttpResponse we should parse it into Inputstream. private String convertstreamtostring(inputstream is) { String line = ""; StringBuilder total = new StringBuilder(); BufferedReader rd = new BufferedReader(new InputStreamReader(is)); try { while ((line = rd.readline())!= null) { total.append(line); catch (Exception e) { Toast.makeText(this, "Stream Exception", Toast.LENGTH_SHORT).show(); return total.tostring(); below given is MD5 hashing in java for encryption of string data. public String MD5(String md5) { try { java.security.messagedigest md = java.security.messagedigest.getinstance("md5"); byte[] array = md.digest(md5.getbytes()); StringBuffer sb = new StringBuffer(); for (int i = 0; i < array.length; ++i) { sb.append(integer.tohexstring((array[i] & 0xFF) 0x100).substring(1,3)); return sb.tostring(); catch (java.security.nosuchalgorithmexception e) { return null; 37

6. CONCLUSION Security mechanisms incorporated in Android aim to tackle a broad range of security threats. To further harden up Android devices and enable them to cope with high-risk threats, we proposed several security countermeasures. We subsequently tried for communication between client and server through encrypted md5 hashing and displayed the data in MVC way. For MVC i.e. model view control we separated data from representation Android security should provide a way that can avoid damage to Linux-kernel layer. Several vulnerabilities and bugs have already exploited these pathways to gain and maintain root permission on the device. Second, the platform needs better protection for hardening the Android permission mechanism or for detecting misuse of granted permissions. We recommend the remote management, VPN, and login solutions to provide telecom operators with a competitive edge when targeting corporate customers. 7. REFERENCES: [1] Google Android: A Comprehensive Security Assessment Published by IEEE Computer and Reliability Societies [2] C. Dagon, T. Martin, and T. Starner, Mobile Phones as Computing Devices: the Viruses Are Coming, IEEE Pervasive Computing, vol. 3, no. 4, 2004, pp.11 15. [3] J. Cheng et al., SmartSiren: Virus Detection and Alert for Smartphones, Proc. 5th Int l Conf. Mobile Systems, Applications and Services (MobiSys 07), ACM Press, 2007, pp. 258 271. [4] A. Gostev, Mobile Malware Evolution: An Overview, Viruslist.com, 2006; www.viruslist.com/en/analysis?pubid=200119916. [5] E.E. Schultz, Where Have the Worms and Viruses Gone? New Trends in Malware, Computer Fraud and Security, vol. 2006, no. 7, 2006, pp. 4 8. [6] S.Z. Beguelin,G.Brtarte,and C.luna A formal specification of MIDP 2.0 security model in the fourth international Workshop of Formal aspects in security and trust [7] EA. Shabtai, Y. Fledel, U. Kanonov, et al. Google Android: A Comprehensive Security Assessment, IEEE Security and Privacy, 8(2):35-44, 2010 [8] X. Zhang, O. Aciiçmez, and J. Seifert. A Trusted Mobile Phone Reference Architecture via Secure Kernel. In Proceedings of ACM workshop on Scalable Trusted Computing, November 2007. 38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback