Abstract
To prevent users from downloading and installing malicious smartphone applications, several countries and organizations have developed security requirements for smartphone applications and associated vetting systems. Certified third parties can inspect whether an application satisfies applicable security requirements and issue inspection reports to notify users of potential risks. However, currently there is no standard method for users to obtain inspection results. Furthermore, as the advances of hacking techniques, a inspecter may discover that an application is vulnerable to a new type of attack and wish to notify application users immediately. To address the issue, this study proposes a Smart Contract-based Investigation Report Management framework for smartphone applications security (SCIRM) to enable smartphone application users to obtain security inspection reports of interested applications with smart contracts. Benefiting from blockchain technology, users can obtain historical inspection reports of an application and verify the integrity of the reports. In addition, this study utilizes smart contract technology to implement the interfaces so that smart contracts will enforce the related actions automatically. This study can hopefully contribute to enabling users to adopt appropriate countermeasures to potential application security risks as users can obtain up-to-dated security information about applications timely.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cha, S.-C., Hung, S.-C., Chen, J.-F., Syu, S.-C., Tsai, T.-Y.: On the design of a blockchain-based reputation service for android applications. In: Preceedings of the 2016 International Conference on Cyber-Society and Smart Computing Communication (The CyberSoc 2016), Yogyakarta, Indonesia (2016)
European Union Agency For Network And Information Security (ENISA). Smartphone secure development guidelines (2016). https://www.enisa.europa.eu/publications/smartphonesecuredevelopmentguidelines2016
Mueller, B.: Mobile application security verification standard (MASVS) 0.9.2. OWASP Standard (2017)
Quirolgico, S., Voas, J., Karygiannis, T., Michael, C., Scarfone, K.: Vetting the security of mobile applications. US National Institute of Standards and Technology (NIST) SP 800-163 (2015)
Taiwan Industrial Development Bureau (IDB). Mobile app funtational security requirement v1.1 (2017). http://www.mas.org.tw/news_detail.php?id=38
Taiwan Industrial Development Bureau (IDB). Mobile app secure development guidelines v1.0 (2017). http://www.mas.org.tw/news_detail.php?id=38
Taiwan Industrial Development Bureau (IDB). Self regulatory mobile app funtational security certification v3.0 (2017). http://www.mas.org.tw/news_detail.php?id=38
Acknowledgement
This work was supported in part by the Taiwan Ministry of Science and Technology under grants MOST 104-2923-E-011-005-MY3 and MOST 105-2218-E-001-001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Cha, SC., Peng, WC., Huang, ZJ., Hsu, TY., Chen, JF., Tsai, TY. (2018). On Design and Implementation a Smart Contract-Based Investigation Report Management Framework for Smartphone Applications. In: Pan, JS., Tsai, PW., Watada, J., Jain, L. (eds) Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2017. Smart Innovation, Systems and Technologies, vol 82. Springer, Cham. https://doi.org/10.1007/978-3-319-63859-1_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-63859-1_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63858-4
Online ISBN: 978-3-319-63859-1
eBook Packages: EngineeringEngineering (R0)