Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Smartphone: Examination of TLS protocol in Appified World
University West, Department of Engineering Science, Division of Computer, Electrical and Surveying Engineering.
2015 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

It is evident that users are more comfortable today with using mobile applications rather than web service since the rapid evolution of smartphone and communication services. Due to this, almost all companies have further enhanced, expanded and converted their services into mobile applications in order to accommodate their services with users needs.

Unfortunately, many studies have revealed that a huge amount of those applications are vulnerable to Man-In-The-Middle attack (MITMA) due to wrong coding or wrong configuration of SSL/TLS (Transport Layer Security) protocol which could leak data.

This study aims to highlight and examine the SSL/TLS protocol used by applications that are always connected from three different perspectives. Firstly, Android and iOS APIs, library and sample code were examined to evaluate the tools and code provided by both platforms. Secondly, applications were examined by applying the TLS implementation tips provided by both platforms and by performing MITMA on different users smartphones. Finally, the user behavior was examined by performing a live demo at the center of Gothenburg city to understand the users awareness of TLS certificate validation warning message.

The result concluded that misunderstanding of TLS implementation increases the level of unsecure applications that leak data. Performing different MITMA scenarios in this paper proved this. Also, both platforms suffer from high percentage of applications that uses HTTP rather than HTTPS.

The high percentage of found vulnerable applications during this study proves that developers are unaware to rightly implement the TLS protocol in smartphones applications.

Furthermore, the results of the live demo revealed that users are unaware of TLS warning message and are also unaware of how to secure their personal data

Place, publisher, year, edition, pages
2015. , 45 p.
Keyword [en]
SSL, TLS, Smartphone, Security, MITMA
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:hv:diva-7777Local ID: EXD500OAI: oai:DiVA.org:hv-7777DiVA: diva2:826939
Subject / course
Technology
Educational program
Datateknisk systemutveckling
Supervisors
Examiners
Available from: 2015-08-17 Created: 2015-06-26 Last updated: 2015-08-17Bibliographically approved

Open Access in DiVA

No full text

By organisation
Division of Computer, Electrical and Surveying Engineering
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

Total: 108 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf