CRITICAL REVIEW OF

RESEARCH PAPERS
Submitted To : Presented By:
Prof. Krishna Gopal Arpita Jadhav Bhatt

TABLE OF CONTENTS
1. Introduction
2. Implementation Details
3. Implementation Results
4. Critical Analysis
4.1 Identification and formulation of the problem(s)
4.2 Obtained Results
4.3 Strength & Weakness
4.4 Identification of Research Issues
5.Concusion
6.Future Work

PAPER - I
Paper Title User privacy and modern mobile services: are they
on the same path?
Authors D.Damopoulos, G.Kambourakis, M.Anagnostopoulos,
S.Gritzalis,J.H.Park
Published in Journal of Personal and Ubiquitous Computing
DOI 30 June 2012, 10.1007/s00779-012-0579-117:1437
1448,
Print ISSN 1617-4909
Publisher Springer London
Impact Factor 1.133
h-index 34



INTRODUCTION
The paper discusses about the use of mobile phones and the types
of the services offered by it.
It states that millions of users download mobile applications and
install on their devices.
The paper asks a very important question whether these mobile
applications preserve the privacy of the users who download the
Third party applications.
The authors have discussed about the iPhone platform security and
presented how much the data stored on these iPhone devices is
secured.


IMPLEMENTATION
Authors have implemented a DNS poisoning malware attacks
and have considered two real attack scenarios on:
Tethering Services.
Siri Services.


TETHERING SERVICES

Tethering is a network service that gives the end-user the ability to
share their mobile phone cellular data connection with other devices
(users).
This sharing can be offered over a wireless LAN (WiFi), Bluetooth, or
by a physical connection via a cable.
Currently, Tethering is available only for the two latest iPhone devices
(4 and 4S), and incorporates a software functionality known as
Personal Hotspot (PH).
The PH service transforms the device into a wireless access point (AP),
so that iPhone users are able to share their 3G connection.

SIRI SERVICES
Siri, is provided for the iPhone 4S.
It is a personal intelligent software assistant that uses a natural
language interface to interact with the user and execute their requests.
Siri is still in beta version but is able to carry out a variety of tasks (e.g.,
send SMS, e-mail, set up meetings, make questions about the weather,
points of interest, etc.).
To accomplish such tasks, Siri communicates securely via https with a
remote server residing at https://guzzoni.apple.com:443.
This server is responsible to translate user voice requests into text
commands, and text commands into actions.
SCENARIOS IMPLEMENTATION
Scenario I : Tethering DNS Hijacking:
Authors have used an already infected iPhone 4S with malware to tether its 3G
connection and enabled it to act as an IEEE 802.11 hotspot the device behaves
as a Wi-Fi router.
Once a device gets connected, it will allocate an IP address in the range of
172.20.10.2172.20.10.14 using the Dynamic Host Configuration Protocol
(DHCP).
Network DNS IP address are then been fabricated to contain the IP address of
their man in- the-middle server.
All the traffic generated by the users connected via the PH will be redirected to
a server under the control of the attacker.
Authors have built a webpage that appears exactly the same as that of
Facebook and stored the page on their server.
The functionality of their fake webpage is to log into a MySQL database, the
credentials of the user in plaintext, once they try to login into the site.
As soon as the credentials are stored, the fake website returns a message that
the page is temporally unavailable due to heavy loads.



TETHERING DNS HIJACKING
SCENARIOS IMPLEMENTATION
Scenario II : Privacy leak over Siri
The second attack scenario takes advantage of the Siri service.
The malware redirects all (or selected) Internet traffic to their
man-in-the-middle server.
Authors have placed a malicious entity between the device and
the legitimate Siri server controlled by Apple.
After that, they were able to intercept users private
information transferred over Siri.




PRIVACY LEAK OVER SIRI

IMPLEMENTATION RESULTS
Authors have demonstrated that experiments or attacks
conducted by them had 100% accuracy in :
Gathering private and critical information
Users were unaware of the malicious or abrupt behaviour
proving that users privacy is at stake.

CRITICAL ANALYSIS
1 Identification and formulation of the problem(s)
1. Increased use of mobile, smart phones, installing third party applications and
storing personal and business information such as email, confidential data, has
attracted plenty of attackers and the number of malware attacks is increasing
day by day.

2. Authors highlight that the malware attacks rise from the fact that user privacy
and security are commonly not within the first priorities for new operating
systems and features/services for mobile devices.

3. The attacks on mobile devices are increasing year by year.


OBTAINED RESULTS
The authors have discussed the evolution of mobile phones and smart phones
the different type of intelligent services they offer like:
provision to create personal hotspots
creating personal assistant over voice
Researchers highlight that the, services described above are the prime reasons
to be an attractive target for the attackers which intend to compromise these
services and expose users private data.
The authors have concentrated on iPhone platform and via a case study have
examined the privacy level of two popularly used services tethering and Siri.

OBTAINED RESULTS
To achieve this, authors have implemented a DNS poisoning malware which
redirects all DNS request or a subset of this request to a DNS resolver which is
under the observation and control of the attacker.
The authors have created and installed fake SSL certification authority and
injected into the device and replaced the original certificate.
Such type of installation settings can brutally influence the way by which a
user experiences the Internet And can expose the user to serious threats.


STRENGTH AND WEAKNESSES
Strength:
1. Authors have discussed the run time attacks and focussed on the most primarily used
techniques like Siri and tethering.
2. They have suggested countermeasures to Apple that it must update the Siri Protocol that
should be able to support mutual authentication (between iOS device and Siri server) every
time Siri server is used.
3. Authors have suggested rectification methods to Apple that it must integrate a mechanism,
Which inspects authenticity of the installed certificates which are contained in the devices
certificate store
Ensure that the certificates are issued by a trusted authority.


WEAKNESS:
1. The authors have conceptually demonstrated the attacks but they have not
presented any practical implementation of these.
2. However if authors could have demonstrated practically it would be much
easier for the real time users to estimate, how attackers steal their data and
hence users can be more cautious when storing their private data or accessing
some personal data.
3. Authors could have suggested a certain intrusion detection mechanisms
which can be implemented at the end users device , which is capable of
identifying malware, especially for those who modify the hosts file and have
access to the system root files.
4. Authors could have suggested how DNS poisoning attacks can be prevented.
5. All the suggestions are directed towards Apple but not to end user.

IDENTIFICATION OF RESEARCH
ISSUES:
1. To carry out the man in the middle and DNS poisoning attacks the
user/hacker requires considerable amount of knowledge and
working of iOS architecture which makes it very difficult for
anyone to break iOS security.

2. The demonstration given in the paper is very difficult to
implement in real time scenario such as changing users Certificate
and use of quadruple key which is used by Siri server to authenticate
a particular user.


CONCLUSION
The authors have discussed about the use of mobile
phones and the types of the services offered by it.
The paper asks a very important question whether these
mobile applications preserve the privacy of the users who
download them.
The authors have discussed about the iPhone platform
security and presented how much the data stored on these
iPhone devices is secured.

CONCLUSION
They have implemented a DNS poisoning malware attacks and have
considered two real attack scenarios on Tethering and Siri services.
They have effectively suggested countermeasures to Apple that it must
update the Siri Protocol that should able to support mutual authentication
(between iOS device and Siri server) every time Siri server is used.
Authors have also suggested rectification methods to Apple that it must
integrate a mechanism, which inspects authenticity of the installed
certificates which are contained in the devices certificate store, and always
ensure that the certificates are issued by a trusted authority.

FUTURE WORK
As future work authors would be implementing an intrusion
detection tool for identifying smartphone malware and more
specifically those having the intent to modify the hosts file.

This way DNS poisoning attacks can be overcomed.
PAPER II

Paper Title Dangerous Wi-Fi access point: attacks to benign
Smartphone applications
Authors Min-Woo Park,Young-Hyun Choi,Jung-Ho Eom,Tai-Myoung
Chung
Published in Journal of Personal and Ubiquitous Computing
DOI 26 September 2013,10.1007/s00779-013-0739-y
Print ISSN 1617-4909
Publisher Springer London
Impact Factor 1.133
h-index 34
INTRODUCTION
The paper describes the roles and functionalities of smartphone in the
Ubiquitous Computing environments.
It states that the smart phone has done a remarkable and considerable
development to satisfy the core requirements of Ubiquitous Computing
such as context-aware computing, recording, monitoring, GPS tracking
environment.
Paper highlights that smartphone contains users personal data such as
emails, message, passwords, photographs etc. hence smartphone become
lucrative for malicious users.
This is the reason that security of smartphones has become very important.

INTRODUCTION
The growth and increased usage of the smartphones is sufficient to
attract the attention of adversaries.
Personalization of a smartphone by using third apps is biggest
strength of a smartphone.
However these third party applications require internet to download
and manage data, for this user requires using a mobile or wireless
network.
Since mobile networks are costly, users prefer to use free wi-fi
networks which in turn can be malicious.
Paper demonstrates how connecting to such hostile Access points
(Wi-Fi zones) can cause smartphone applications to send data to
adversaries.

IMPLEMENTATION
Test bed for the MITM attack : Five devices are used:
Two Samsung Galaxy S3s are Android handsets for running applications, A laptop serves
as the compromised AP, a benign wireless AP, and a server for MITM attack.
Two Android handsets connect to each AP through Wireless Local Area Network based
on IEEE 802.11.
The Android handset 1 is connected to the benign AP, and the other handset is connected
to compromise AP.
Each AP and the spoofing server which serves as the DNS spoofing server and web proxy
server connect to the Internet through same gateway.
Authors have set DNS configuration of compromised AP to the spoofing server for DNS
spoofing.
An adversary is able to catch every packets pass through these compromised AP and
divert some packets by using DNS spoofing.

IMPLEMENTATION
Fig . Abstract operation
process of the application which
imports pop-up advertisement
Fig . Man-in-the-Middle
attack progress
IMPLEMENTATION
Fig . MITM attack process

Fig . Images of the target applications pop-up
advertisement


CRITICAL ANALYSIS
1 Identification and formulation of the problem(s)
1. Users using the free Wi-fi access points in public places like Airports, shopping malls
instead of personal mobile network which is more secured.
2. Android operating system is open platform and hence vulnerable to run time attacks.
3. Android platform posses the following security vulnerabilities:
3.1 Operating System of Android verifies the permission just when a user application
calls the Application Programming Interface (API) that may have a risk of being
compromised.
3.2 Permission based security model adopted by Android is vulnerable to increased
privilege attacks.
3.3 Permission-based security model is unable to secure application-level vulnerability.


IDENTIFICATION AND FORMULATION OF
THE PROBLEM(S)
4. Security threats are growing in parallel with wireless
communication systems such as free Wi-fi zones.
5. Medium used by wireless communication systems to
transmit information is air which is more vulnerable to
external intervention than in case of wired
communication, that transmits information via cables.

OBTAINED RESULTS
In this paper, authors have demonstrated the risk of the using free Wi-fi or Access Points.
Their experimental set up or test-bed consists of two android handsets, a laptop, a
desktop, and a wireless Access Point.
Authors have shown that friendly applications, which run on genuine devices, can be
exploited by simply connecting to compromise Access Points hence authors have used
Man in the middle attack for simulation.
Man in the middle attack is used by adversaries to compromise on users personal
information and cause financial or personal data loss.
To overcome the Man in the Middle attacks, the authors have suggested that the
developers while developing an application should use mutual authentication process,
whenever an application communicates with external devices.
This would prevent the call and usage of authorized APIs.

STRENGTH AND WEAKNESSES
Strength:
1. Researchers have demonstrated the man in the middle attacks very well and
they have simulated the attacks by using third party apps which gives deeper
insight to the readers how the attackers exploit the vulnerabilities in different
operating systems and perform run time attacks.
2. Code snippets used for demonstration gives a clear representation of the original
HTML documents and the ones which are malicious and contain embedded links.
3. Screen shots simulating real time attacks helps to analyze the vulnerabilities at
application level, OS level easily.
4. Researchers have created Test bed environment which helps a user to practically
launch a run time attack and monitor network parameters like packets transmitted,
packets lost, network traffic.


WEAKNESS
1. The authors have not clearly suggested the ways by which a
user can protect their private data when connecting to free or
unknown Wi-fi access points.
They have just demonstrated the man in the middle attack and
not suggested any counter measures to prevent it.

2. Authors could have suggested the developers developing an
application to follow secure coding practices when
developing an application.


IDENTIFICATION OF RESEARCH ISSUES:
1. Many applications use Secure Socket Layer APIs to check
user permissions, which has not been taken into account while
researching the topic.

2. Authors could have suggested the key points a user can
remember when accessing unknown Wi-Fi or access points.


CONCLUSION
The paper describes the roles and functionalities of smartphone in the Ubiquitous
Computing environments.
Personalization of a smartphone by using third apps is biggest strength of a
smartphone.
Authors have mentioned that these third party applications require internet to
download and manage data, for this user requires using a mobile or wireless
network.
Since mobile networks are costly, users prefer to use free wi-fi networks which in
turn can be malicious.
Paper demonstrates how connecting to such hostile Access points (Wi-Fi zones)
can cause smartphone applications to send data to adversaries. Authors have
demonstrated the risk of the using free Wi-fi or Access Points.


CONCLUSION
To overcome the Man in the Middle attacks, the authors have suggested that the
developers while developing an application should use mutual authentication process,
whenever an application communicates with the external devices. This would prevent the
call and usage of authorized APIs.
The authors have written a technically sound paper and have discussed the evolution of
Smartphone in ubiquitous environment and stated the reason why they have become easy
targets for adversaries with increased utilization of free Wi-fi networks.
Authors have highlighted about security threats which are growing in parallel with
wireless communication systems such as free Wi-fi zones and have demonstrated that
Wireless communication is more prone to external intervention than wired medium.
They have demonstrated situations when a malicious user can easily eavesdrop on real
time conversations and can intercept the incoming or outgoing messages.



FUTURE WORK
In future work, authors will research about the MITM attack
for attack-protected sessions such as SSL.

For the development of smartphone security, authors would be
continuously studying for finding out the vulnerability of
smartphone platform and resolving these threats.

REFERENCES

1. D.Damopoulos, G.Kambourakis, M.Anagnostopoulos, S.Gritzalis,J.H.Park 'User privacy and
modern mobile services:are they on the same path?'Published in Journal of Personal and
Ubiquitous Computing DOI 10.1007/s00779-012-0579-117:14371448, Print ISSN 1617-4909,
Online ISSN, 1617-4917, Publisher Springer London.Impact Factor: 1.133, h-index 34
2. Min-Woo Park,Young-Hyun Choi,Jung-Ho Eom,Tai-Myoung Chung,'Dangerous Wi-Fi access
point: attacks to benign Smartphone applications' published in Journal of Personal and
Ubiquitous Computing DOI:10.1007/s00779-013-0739-y,Print ISSN 1617-4909,Publisher
Springer London. Impact Factor: 1.133, h-index 34
3. Vaibhav Ranchhoddas Pandya, Mark Stamp, 'iPhone Security Analysis 'published in Journal of
Information Security, 2010,1, 74-87 doi:10.4236/jis.2010.12009,Published October 2010
(http://www.SciRP.org/journal/jis). Impact factor: 1.12, h-index 19
4. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee 'Jekyll on iOS: When
Benign Apps Become Evil' Included in the Proceedings of the 22nd USENIX Security
Symposium. August 1416, 2013, Washington, D.C., USA ISBN 978-1-931971-03-4 CIF: 3.95