کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
6890295 1445165 2017 17 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
A Survey on HTTPS Implementation by Android Apps: Issues and Countermeasures
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر علوم کامپیوتر (عمومی)
پیش نمایش صفحه اول مقاله
A Survey on HTTPS Implementation by Android Apps: Issues and Countermeasures
چکیده انگلیسی
As more and more sensitive data is transferred from mobile applications across unsecured channels, it seems imperative that transport layer encryption should be used in any non-trivial instance. Yet, research indicates that many Android developers do not use HTTPS or violate rules which protect user data from man-in-the-middle attacks. This paper seeks to find a root cause of the disparities between theoretical HTTPS usage and in-the-wild implementation of the protocol by looking into Android applications, online resources, and papers published by HTTPS and Android security researchers. From these resources, we extract a set of barrier categories that exist in the path of proper TLS use. These barriers not only include improper developer practices, but also server misconfiguration, lacking documentation, flaws in libraries, the fundamentally complex TLS PKI system, and a lack of consumer understanding of the importance of HTTPS. Following this discussion, we compile a set of potential solutions and patches to better secure Android HTTPS and the TLS/SSL protocol in general. We conclude our survey with gaps in current understanding of the environment and suggestions for further research.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Applied Computing and Informatics - Volume 13, Issue 2, July 2017, Pages 101-117
نویسندگان
, ,