Publications

2024

E. Leierzopf, M. Roland, R. Mayrhofer, W. Studier, L. Dean, M. Seiffert, F. Putz, L. Becker, and D. R. Thomas: “A Data-Driven Evaluation of the Current Security State of Android Devices”, in 2024 IEEE Conference on Communications and Network Security (CNS), Taipei, Taiwan, IEEE, 2024.
Event
IEEE Conference on Communications and Network Security (CNS 2024)
Taipei, Taiwan
30 September – 03 October 2024
Abstract

Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software security and privacy aspects do not remain static after initial device release, but need to be measured on live devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make available a website to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and displayed attributes. To improve usability, we further propose a security score based on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weightings for general use cases and suggest possible examples for more specialist weightings for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs.

@inproceedings{bib:2024-leierzopf-cns, title = {{A Data-Driven Evaluation of the Current Security State of Android Devices}}, author = {Leierzopf, Ernst and Roland, Michael and Mayrhofer, René and Studier, Wolfgang and Dean, Lawrence and Seiffert, Martin and Putz, Florentin and Becker, Lucas and Thomas, Daniel R.}, booktitle = {2024 IEEE Conference on Communications and Network Security (CNS)}, location = {Taipei, Taiwan}, numpages = {9}, publisher = {IEEE}, doi = {10.1109/CNS62487.2024.10735682}, year = {2024}, month = SEP }
S. Kempinger: “Assessing the Feasibility of Developing a Secure Digital Identity Wallet for Android”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2024. Advisors: R. Mayrhofer and M. Roland.
Abstract

This master thesis explores the feasibility and security aspects of implementing a digital identity wallet on Android smartphones. With the increasing prominence of digital wallets in various domains, the security of these wallets, which store and manage sensitive data, is of paramount importance. The research project Digidow aims to develop decentralized digital identity systems for the physical world, with the digital wallet being a crucial component of this system. This thesis assesses the current state of protection capabilities on Android smartphones and aims to define a pathway for implementing a secure digital identity wallet. The research involves redefining the requirements for and threats to a digital identity wallet, analyzing best practice advice and theoretical capabilities, dissecting actual wallets to understand their implementation, and refining the list of theoretical capabilities based on the evaluation. The findings of this research could potentially contribute to the development of more secure digital identity wallets and enhance the overall security of digital identification systems.

@mastersthesis{bib:2024-kempinger-masterthesis, title = {{Assessing the Feasibility of Developing a Secure Digital Identity Wallet for Android}}, author = {Kempinger, Stefan}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René and Roland, Michael}, numpages = {75}, address = {Linz, Austria}, year = {2024}, month = JUL }
R. Mayrhofer, J. V. Stoep, C. Brubaker, D. Hackborn, B. Bonné, G. S. Tuncay, R. P. Jover, and M. A. Specter: “The Android Platform Security Model (2023)”, Preprint, Computing Research Repository (CoRR), arXiv:1904.05572v3 [cs.CR], 2024.
DOIarXiv
Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. To support this flexibility, Android’s security model must strike a difficult balance between security, privacy, and usability for end users; provide assurances for app developers; and maintain system performance under tight hardware constraints. This paper aims to both document the assumed threat model and discuss its implications, with a focus on the ecosystem context in which Android exists. We analyze how different security measures in past and current Android implementations work together to mitigate these threats, and, where there are special cases in applying the security model in practice; we discuss these deliberate deviations and examine their impact.

Previous version

This work presents a major revision of the article “The Android Platform Security Model” originally published in ACM Transactions on Privacy and Security, Volume 24, Issue 3, Article No. 19, 2021, pp. 1-35, https://doi.org/10.1145/3448609.

@online{bib:2024-mayrhofer-androidplatformsecurity2023, title = {{The Android Platform Security Model (2023)}}, author = {Mayrhofer, René and Stoep, Jeffrey Vander and Brubaker, Chad and Hackborn, Dianne and Bonné, Bram and Tuncay, Güliz Seray and Jover, Roger Piqueras and Specter, Michael A.}, numpages = {51}, howpublished = {Computing Research Repository (CoRR), arXiv:1904.05572v3 [cs.CR]}, doi = {10.48550/arXiv.1904.05572}, year = {2024}, month = JAN }

2023

E. Leierzopf, M. Roland, F. Putz, and R. Mayrhofer: “A Large-Scale Data Collection and Evaluation Framework for Android Device Security Attributes”, in IDIMT-2023: New Challenges for ICT and Management, Hradec Králové, Czech Republic, Schriftenreihe Informatik, vol. 52, Trauner Verlag, pp. 63–​72, 2023.
Event
31st Interdisciplinary Information Management Talks (IDIMT-2023)
Hradec Králové, Czech Republic
06–08 September 2023
Abstract

Android’s fast-lived development cycles and increasing amounts of manufacturers and device models make a comparison of relevant security attributes, in addition to the already difficult comparison of features, more challenging. Most smartphone reviews only consider offered features in their analysis. Smartphone manufacturers include their own software on top of the Android Open Source Project (AOSP) to improve user experience, to add their own pre-installed apps or apps from third-party sponsors, and to distinguish themselves from their competitors. These changes affect the security of smartphones. It is insufficient to validate device security state only based on measured data from real devices for a complete assessment. Promised major version releases, security updates, security update schedules of devices, and correct claims on security and privacy of pre-installed software are some aspects, which need statistically significant amounts of data to evaluate. Lack of software and security updates is a common reason for shorter lifespans of electronics, especially for smartphones. Validating the claims of manufacturers and publishing the results creates incentives towards more sustainable maintenance and longevity of smartphones. We present a novel scalable data collection and evaluation framework, which includes multiple sources of data like dedicated device farms, crowdsourcing, and webscraping. Our solution improves the comparability of devices based on their security attributes by providing measurements from real devices.

@inproceedings{bib:2023-leierzopf-idimt, title = {{A Large-Scale Data Collection and Evaluation Framework for Android Device Security Attributes}}, author = {Leierzopf, Ernst and Roland, Michael and Putz, Florentin and Mayrhofer, René}, booktitle = {IDIMT-2023: New Challenges for ICT and Management}, series = {Schriftenreihe Informatik}, volume = {52}, location = {Hradec Králové, Czech Republic}, pages = {63--72}, publisher = {Trauner Verlag}, doi = {10.35011/IDIMT-2023-63}, year = {2023}, month = SEP }
J. Arneth: “FIDO2 Token Authentication for Personal Identity Agent”, Bachelor's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2023. Advisors: M. Roland and G. Schoiber.
fulltext
Abstract

This bachelor thesis aims to extend the Personal Identity Agent of the Digidow project by adding two new authentication methods with FIDO2 tokens. So far, users had to use a password for the authentication process. A method for authenticating with FIDO2 tokens has not been implemented yet. Therefore, the authentication process was enhanced by implementing the authentication with security keys. Initially, two-factor authentication with security keys as second factor was implemented. In addition to that, the application now fulfills the requirement of passwordless authentication. First, this bachelor thesis describes the theoretical background of FIDO2 token authentication. Second, it gives a detailed overview of the functionality of FIDO2 token authentication. Additionally, the design choices for the implementation and the individual implementation steps are outlined. Furthermore, an evaluation concerning the Tor Browser, the WebAuthn standard, the security key setup, and implementation options is done.

@thesis{bib:2023-arneth-bachelorthesis, title = {{FIDO2 Token Authentication for Personal Identity Agent}}, author = {Arneth, Jakob}, type = {Bachelor thesis}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Roland, Michael and Schoiber, Gerald}, numpages = {40}, address = {Linz, Austria}, year = {2023}, month = MAY }
M. Roland, T. Höller, and R. Mayrhofer: “Digitale Identitäten in der physischen Welt: Eine Abwägung von Privatsphäreschutz und Praktikabilität”, HMD Praxis der Wirtschaftsinformatik 60, 2, Article 949, pp. 283–​307, 2023. ISSN 2198-​2775.
DOIfulltextHMDW
Abstract

Anforderungen an Datenschutz und Informationssicherheit, aber auch an Datenaktualität und Vereinfachung bewirken einen kontinuierlichen Trend hin zu plattformübergreifenden ID-Systemen für die digitale Welt. Das sind typischerweise föderierte Single-Sign-On-Lösungen großer internationaler Konzerne wie Apple, Facebook und Google. Dieser Beitrag beleuchtet die Frage, wie ein dezentrales, offenes, globales Ökosystem nach dem Vorbild des Single-Sign-On für die digitale, biometrische Identifikation in der physischen Welt aussehen könnte. Im Vordergrund steht dabei die implizite Interaktion mit vorhandener Sensorik, mit der Vision, dass Individuen in der Zukunft weder Plastikkarten noch mobile Ausweise am Smartphone mit sich führen müssen, sondern ihre Berechtigung für die Nutzung von Diensten rein anhand ihrer biometrischen Merkmale nachweisen können. Während diese Vision bereits jetzt problemlos durch Systeme mit einer zentralisierten Datenbank mit umfangreichen biometrischen Daten aller Bürger*innen möglich ist, wäre ein Ansatz mit selbstverwalteten, dezentralen digitalen Identitäten erstrebenswert, bei dem die Nutzer*in in den Mittelpunkt der Kontrolle über ihre eigene digitale Identität gestellt wird und die eigene digitale Identität an beliebigen Orten hosten kann. Anhand einer Analyse des Zielkonflikts zwischen umfangreichem Privatsphäreschutz und Praktikabilität, und eines Vergleichs der Abwägung dieser Ziele mit bestehenden Ansätzen für digitale Identitäten wird ein Konzept für ein dezentrales, offenes, globales Ökosystem zur privaten, digitalen Authentifizierung in der physischen Welt abgeleitet.

Abstract (English)

Requirements on data privacy and information security, as well as data quality and simplification, cause a continuous trend towards federated identity systems for the digital world. These are often the single sign-on platforms offered by large international companies like Apple, Facebook and Google. This article evaluates how a decentralized, open, and global ecosystem for digital biometric identification in the physical world could be designed based on the model of federated single sign-on. The main idea behind such a concept is implicit interaction with existing sensors, in order to get rid of plastic cards and smartphone-based mobile IDs in a far future. Instead, individuals should be capable of proving their permissions to use a service solely based on their biometrics. While this vision is already proven feasible using centralized databases collecting biometrics of the whole population, an approach based on self-sovereign, decentralized digital identities would be favorable. In the ideal case, users of such a system would retain full control over their own digital identity and would be able to host their own digital identity wherever they prefer. Based on an analysis of the trade-off between privacy and practicability, and a comparison of this trade-off with observable design choices in existing digital ID approaches, we derive a concept for a decentralized, open, and global-scale ecosystem for private digital authentication in the physical world.

@article{bib:2023-roland-hmdw, title = {{Digitale Identitäten in der physischen Welt: Eine Abwägung von Privatsphäreschutz und Praktikabilität}}, author = {Roland, Michael and Höller, Tobias and Mayrhofer, René}, journal = {HMD Praxis der Wirtschaftsinformatik}, volume = {60}, number = {2}, articleno = {949}, pages = {283--307}, numpages = {25}, publisher = {Springer Fachmedien Wiesbaden}, doi = {10.1365/s40702-023-00949-1}, issn = {2198-2775}, year = {2023}, month = MAR }

2022

M. Pöll: “Towards a Privacy-focused Biometric Identity System Through a Personal Identity Agent for Android”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2022. Advisors: R. Mayrhofer and M. Roland.
Abstract

A Personal Identity Agent (PIA) is a digital representative of an individual and enables their authentication in the physical world with biometrics. Crucially, this authentication process maximizes privacy of the individual via data minimization. The PIA is an essential component in a larger research project, namely the Christian Doppler Laboratory for Private Digital Authentication in the Physical World (Digidow). While the project is concerned with the overall decentralized identity system, spanning several entities (e.g. PIA, sensor, verifier, issuing authority) and their interactions meant to establish trust between them, this work specifically aims to design and implement a PIA for Android. The latter entails three focus areas: First, an extensive analysis of secret storage on Android for securely persisting digital identities and/or their sensitive key material. Specifically, we are looking at the compatibility with modern cryptographic primitives and algorithms (group signatures and zero knowledge proofs) to facilitate data minimization. Second, we reuse existing Rust code from a different PIA variant. Thereby we analyze and adopt a solution for language interoperability between the safer systems programming language Rust and the JVM. And third, we strengthen the trust in our Android PIA implementation by evaluating the reproducibility of the build process. As part of the last focus area we uncovered and fixed a non-determinism in a large Rust library and subsequently achieved the desired reproducibility of the Android PIA variant.

@mastersthesis{bib:2022-poell-masterthesis, title = {{Towards a Privacy-focused Biometric Identity System Through a Personal Identity Agent for Android}}, author = {Pöll, Manuel}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René and Roland, Michael}, numpages = {80}, address = {Linz, Austria}, year = {2022}, month = SEP }
M. Pöll and M. Roland: “Automating the Quantitative Analysis of Reproducibility for Build Artifacts derived from the Android Open Source Project”, in WiSec ‘22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, San Antonio, TX, USA, ACM, pp. 6–​19, 2022.
Event
15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2022)
San Antonio, TX, USA
16–19 May 2022
Abstract

This work proposes a modular automation toolchain to analyze current state and over-time changes of reproducibility of build artifacts derived from the Android Open Source Project (AOSP). While perfect bit-by-bit equality of binary artifacts would be a desirable goal to permit independent verification if binary build artifacts really are the result of building a specific state of source code, this form of reproducibility is often not (yet) achievable in practice. Certain complexities in the Android ecosystem make assessment of production firmware images particularly difficult. To overcome this, we introduce “accountable builds” as a form of reproducibility that allows for legitimate deviations from 100 percent bit-by-bit equality. Using our framework that builds AOSP in its native build system, automatically compares artifacts, and computes difference scores, we perform a detailed analysis of differences, identify typical accountable changes, and analyze current major issues leading to non-reproducibility and non-accountability. We find that pure AOSP itself builds mostly reproducible and that Project Treble helped through its separation of concerns. However, we also discover that Google’s published firmware images deviate from the claimed codebase (partially due to side-effects of Project Mainline).

badge-artifacts-evaluated-functional-v1_1.png badge-artifacts-available-v1_1.png badge-results-replicated-v1_1.png

@inproceedings{bib:2022-poell-wisec, title = {{Automating the Quantitative Analysis of Reproducibility for Build Artifacts derived from the Android Open Source Project}}, author = {Pöll, Manuel and Roland, Michael}, booktitle = {WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks}, location = {San Antonio, TX, USA}, pages = {6--19}, publisher = {ACM}, doi = {10.1145/3507657.3528537}, year = {2022}, month = MAY }
K. A. Kern: “Comparing Modern Front-End Frameworks”, Bachelor's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2022. Advisors: M. Roland.
fulltext
Abstract

Web technologies have evolved rapidly in the last couple of years and applications have gotten significantly bigger. Common patterns and tasks have been extracted into numerous frameworks and libraries, and especially JavaScript frameworks seem to be recreated daily. This poses a challenge to many developers who have to choose between the frameworks, as a wrong decision can negatively influence the path of a project.

In this thesis, the three most popular front-end frameworks Angular, React and Vue are compared by extracting relevant criteria from the literature and evaluating the frameworks against these criteria. Angular is then used to develop a web application for displaying data from the Android Device Security Rating.

@thesis{bib:2022-kern-bachelorthesis, title = {{Comparing Modern Front-End Frameworks}}, author = {Kern, Katrin A.}, type = {Bachelor thesis}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Roland, Michael}, numpages = {29}, address = {Linz, Austria}, year = {2022}, month = MAR }
M. Schwingenschuh: “Android Device Security Database: Network monitoring”, Bachelor's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2022. Advisors: M. Roland.
fulltext
Abstract

Smartphones generate an abundance of network traffic while active and during software updates. With such a high amount of data it is hard for humans to comprehend the processes behind the traffic and find points of interest that could compromise the device security. To solve this problem, this thesis proposes a system to automatically monitor the traffic of Android clients, store it in a database and perform a first analysis of the network data. For the capturing and monitoring tasks, we decided to use the full packet capture system Arkime and expand its functionality with a custom tool built in the course of this thesis. To be able to gain relevant insights, the system monitors the traffic over a long time frame, which prevents false data caused by holes in the data stream or one time events. All Android devices are separated from each other by assigning each device to a separate VLAN. For each session the system produces custom tags, low level statistical data and high level classification data. Further, the system provides a solution to apply custom rules in which data from sessions can be freely accessed and modified. Additionally, tags can be set with a matching of host names against custom regular expressions or update information stored in the database. The system uses only the captured data so that changes that can occur later on like the DNS resolution don’t affect the accuracy of the outcome.

@thesis{bib:2022-schwingenschuh-bachelorthesis, title = {{Android Device Security Database: Network monitoring}}, author = {Schwingenschuh, Martin}, type = {Bachelor thesis}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Roland, Michael}, numpages = {28}, address = {Linz, Austria}, year = {2022}, month = MAR }

2021

R. Mayrhofer, J. V. Stoep, C. Brubaker, and N. Kralevich: “The Android Platform Security Model”, ACM Trans. Priv. Secur. 24, 3, Article 19, 2021. ISSN 2471-​2566.
DOIfulltext
Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.

@article{bib:2021-mayrhofer-tops, title = {{The Android Platform Security Model}}, author = {Mayrhofer, René and Stoep, Jeffrey Vander and Brubaker, Chad and Kralevich, Nick}, journal = {ACM Trans. Priv. Secur.}, volume = {24}, number = {3}, articleno = {19}, numpages = {35}, publisher = {ACM}, address = {New York, NY, USA}, doi = {10.1145/3448609}, issn = {2471-2566}, year = {2021}, month = APR }

2020

B. Lau, J. Zhang, A. R. Bereford, D. Thomas, and R. Mayrhofer: “Uraniborg’s Device Preloaded App Risks Scoring Metrics”, Whitepaper, 2020.
fulltext
@techreport{bib:2020-lau-uraniborg, title = {{Uraniborg's Device Preloaded App Risks Scoring Metrics}}, author = {Lau, Billy and Zhang, Jiexin and Bereford, Alastair R. and Thomas, Daniel and Mayrhofer, René}, numpages = {8}, year = {2020}, month = AUG }