دانلود رایگان مقاله انگلیسی امنیت ذخیره سازی داده های اندروید - الزویر 2018

abstract

The broad adoption of smartphones has superseded the desktop computers and laptops as a primary computing platform, due to mobility, constant connectivity and application diversity. Mobile devices encompass storage of extensive information including sensitive ones such as authentication credentials, pictures, videos, personal data, work information, and many more. Thus, securing data stored on mobile devices becomes a critical issue. In this review, we investigate the security of Android storage model between 2013 and 2018. Several threats are found in the literature that can be categorized as physical or software threats. Additionally, the existing solutions for each category are highlighted. Although Android provides valuable encryption systems including full disk encryption and keychain to enhance the data storage security, the encryption key, which is stored in the device, is still vulnerable to physical threats.

Conclusion

The literature exposes a set of identified threats on Android data storage, along with solutions to mitigate the risk and improve the security. We can deduce that users can influence the security of the data either by deciding to root the device, which is a risky process, or by disabling the FDE option. Besides, the developer influences the security of the data by building legitimate vulnerable apps, or by building malware apps that can access sensitive data. Cryptography is the primary defense against data disclosure; it is highly recommended to encrypt data on the device. Android provides two types of encryption systems, FDE and KeyChain that use passwordbased encryption method and depend on user’s passcode. Choosing a strong lock screen passcode is a critical issue, but requiring the user to type encryption password every time to unlock the screen, renders it unlikely to choose a secure password. Moreover, security of conventional cryptographic techniques relies on the assumption that only a legitimate user knows the cryptographic keys, hence, maintaining the secrecy of keys is a big challenge. In the password-based encryption method, the key is vulnerable to offline brute force attack when the encrypted key stored in the device (Kaspersky Lab, 2017). An attacker who gains physical possession of the smartphone can extract the data and mount an offline attack, trying passcodes until one is found that produces a key, which decrypts the data successfully (Bianchi et al., 2017). Moreover, it is dangerous to depend on user’s passwords since it can be easily lost, stolen, forgotten, or guessed. Thus, how to protect data on mobile devices against software and physical attacks, is still a significant and urgent problem. A promising solution would be to use biometric cryptosystem to protect the storage of the encryption key in the device. Biometric cryptosystem substitutes passwordbased encryption method; the user is not prompting to enter a password, s/he is requested to present his/her biometric template instead. It can be used to secure data against software attacks since data is encrypted, and against physical attacks because the cryptographic key is never stored in the device, only an auxiliary data will be stored (Kanade et al., 2012). As a future work, we will investigate the threats and vulnerabilities of using biometrics for authentication and data encryption on Android. Besides, Android is continuously updated, and new versions are published endlessly. New versions might prevent some of the vulnerabilities discussed in this survey and open others. Thus, Android security and its threats should continuously be investigated.