Secure Information Technology Center – Austria

Fingerprinting Code of Mobile Applications

Kategorie: IT-Security

The analysis of applications for mobile platforms (Android, iOS) has shown that security-relevant problems are often not to be found in the application code itself, but are introduced by components of third-party software. Often, these problematic code parts are made freely available and are thus found in many applications. If the program code is obfuscated by the manufacturer, it becomes very difficult to find precarious code parts.
Weiter lesen…

Device Enrolment Using Flexible Authentication

Kategorie: IT-Security

Managed devices are already established in corporate environments. Small businesses and end users, however, rarely benefit from such complex systems and dedicated infrastructures.
This project compiled concepts for authenticating devices, with a focus on the initial authentication as part of enrolment processes as well as easy and convenient revocation of permissions. This initial authentication needs to be flexible in order to take the different characteristics and features of current devices into account and possible create device policies on-demand.
The actual communication between enrolled devices and a service, on the other hand, should be kept as simple as possible. This is feasible due to virtually all (client) devices supporting technologies like TLS. A demonstrator illustrates that an OS-independent implementation of the proposed concepts is possible.
Weiter lesen…