Research Article
A Measurement and Security Analysis of SSL/TLS Deployment in Mobile Applications
@INPROCEEDINGS{10.1007/978-3-319-66625-9_19, author={Yu Guo and Zigang Cao and Weiyong Yang and Gang Xiong}, title={A Measurement and Security Analysis of SSL/TLS Deployment in Mobile Applications}, proceedings={Communications and Networking. 11th EAI International Conference, ChinaCom 2016, Chongqing, China, September 24-26, 2016, Proceedings, Part I}, proceedings_a={CHINACOM}, year={2017}, month={10}, keywords={SSL TLS Mobile application security Measurement Android iOS}, doi={10.1007/978-3-319-66625-9_19} }- Yu Guo
Zigang Cao
Weiyong Yang
Gang Xiong
Year: 2017
A Measurement and Security Analysis of SSL/TLS Deployment in Mobile Applications
CHINACOM
Springer
DOI: 10.1007/978-3-319-66625-9_19
Abstract
Secure Socket Layer (SSL) and Transport Layer Security (TLS) have been widely used to provide security in communications. With the rapid development of mobile Internet, they are progressively applied in mobile applications. It is interesting to study the security of their usage. However, most of existed researches on SSL/TLS focus on the whole ecosystem, while few of them have in-depth study on the status quo of mobile security about SSL/TLS. In this paper, we measure the network behaviors of top 50 popular applications on Android and iOS platforms to reveal the security problems of SSL/TLS deployment in mobile Internet. A system is implemented which can extract the handshake parameters and inspect SSL deployment status. We also demonstrate some typical severe problems by performing man-in-the-middle (MITM) attacks against six applications. We believe our study is very consequential for SSL deployment on mobile platforms and the design of secure applications in the future.