Smartphone: Examination of TLS protocol in Appified World
2015 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE credits
Student thesis
Abstract [en]
It is evident that users are more comfortable today with using mobile applications rather than web service since the rapid evolution of smartphone and communication services. Due to this, almost all companies have further enhanced, expanded and converted their services into mobile applications in order to accommodate their services with users needs.
Unfortunately, many studies have revealed that a huge amount of those applications are vulnerable to Man-In-The-Middle attack (MITMA) due to wrong coding or wrong configuration of SSL/TLS (Transport Layer Security) protocol which could leak data.
This study aims to highlight and examine the SSL/TLS protocol used by applications that are always connected from three different perspectives. Firstly, Android and iOS APIs, library and sample code were examined to evaluate the tools and code provided by both platforms. Secondly, applications were examined by applying the TLS implementation tips provided by both platforms and by performing MITMA on different users smartphones. Finally, the user behavior was examined by performing a live demo at the center of Gothenburg city to understand the users awareness of TLS certificate validation warning message.
The result concluded that misunderstanding of TLS implementation increases the level of unsecure applications that leak data. Performing different MITMA scenarios in this paper proved this. Also, both platforms suffer from high percentage of applications that uses HTTP rather than HTTPS.
The high percentage of found vulnerable applications during this study proves that developers are unaware to rightly implement the TLS protocol in smartphones applications.
Furthermore, the results of the live demo revealed that users are unaware of TLS warning message and are also unaware of how to secure their personal data
Place, publisher, year, edition, pages
2015. , p. 45
Keywords [en]
SSL, TLS, Smartphone, Security, MITMA
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:hv:diva-7777Local ID: EXD500OAI: oai:DiVA.org:hv-7777DiVA, id: diva2:826939
Subject / course
Technology
Educational program
Datateknisk systemutveckling
Supervisors
Examiners
2015-08-172015-06-262015-08-17Bibliographically approved