Skip to main content
SpringerLink
Log in

Classification and Analysis of Vulnerabilities in Mobile Device Infrastructure Interfaces

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1544))

Included in the following conference series:

Abstract

A consequence of the widespread use of mobile devices is the emergence of a threat to information security. One of the reasons for this lies in the vulnerabilities of device interaction interfaces. This area is quite new, so it is not well investigated. The aim of this investigation is to classify and analyze vulnerabilities of infrastructure interfaces. As a part of the results the general classification model is proposed in an analytical form. This model allows one to map vulnerabilities to the interface classes. Interfaces are separated based on infrastructure components they provide interaction between. Additionally, the interactions themselves are separated into subclasses. The categorical division apparatus is used for classification with 64 classes. The relationship between the infrastructure of mobile devices and the vulnerabilities of its interfaces is analysed. An experiment was carried out for a typical scenario of finding the owner of devices in the infrastructure of mobile devices. The experiment showed the efficiency of the proposed model and made it possible to make a number of predictions regarding potential vulnerabilities in the future.

The reported study was funded by RFBR, project number 19-29-06099.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abhishta, A., van Heeswijk, W., Junger, M., Nieuwenhuis, L.J., Joosten, R.: Why would we get attacked? an analysis of attacker’s aims behind DDos attacks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(2), 3–22 (2020)

    Google Scholar 

  2. Almaiah, M.A., Al-Zahrani, A., Almomani, O., Alhwaitat, A.K.: Classification of cyber security threats on mobile devices and applications. In: Maleh, Y., Baddi, Y., Alazab, M., Tawalbeh, L., Romdhani, I. (eds.) Artificial Intelligence and Blockchain for Future Cybersecurity Applications. SBD, vol. 90, pp. 107–123. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-74575-2_6

    Chapter  Google Scholar 

  3. Bryukhovetskiy, A., Miryanova, V., Moiseev, D.: Research of the model for detecting UMV interfaces vulnerabilities based on information criterion. In: CEUR Workshop Proceedings, pp. 162–168 (2021)

    Google Scholar 

  4. Buinevich, M., Izrailov, K., Kotenko, I., Kurta, P.: Method and algorithms of visual audit of program interaction. J. Internet Serv. Inf. Secur. 11(1), 16–43 (2021)

    Google Scholar 

  5. Chen, H., Zhang, D., Chen, J., Lin, W., Shi, D., Zhao, Z.: An automatic vulnerability classification system for IoT softwares. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1525–1529. IEEE (2020)

    Google Scholar 

  6. Choi, I., Rhiu, I., Lee, Y., Yun, M.H., Nam, C.S.: A systematic review of hybrid brain-computer interfaces: taxonomy and usability perspectives. PLoS ONE 12(4), e0176674 (2017)

    Article  Google Scholar 

  7. Desnitsky, V., Kotenko, I., Chechulin, A.: Configuration-based approach to embedded device security. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 270–285. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_23

    Chapter  Google Scholar 

  8. Dey, D., et al.: Taming the eHMI jungle: a classification taxonomy to guide, compare, and assess the design principles of automated vehicles’ external human-machine interfaces. Transp. Res. Interdisc. Perspect. 7, 100174 (2020)

    Google Scholar 

  9. Du, X., Yin, L., Wu, P., Jia, L., Dong, W.: Vulnerability analysis through interface-based checker design. In: 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 46–52. IEEE (2020)

    Google Scholar 

  10. Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)

    Article  Google Scholar 

  11. Izrailov, K., Chechulin, A., Vitkova, L.: Threats classification method for the transport infrastructure of a smart city. In: 2020 IEEE 14th International Conference on Application of Information and Communication Technologies (AICT), pp. 1–6. IEEE (2020)

    Google Scholar 

  12. Kim, H.: 5G core network security issues and attack classification from network protocol perspective. J. Internet Serv. Inf. Secur. 10(2), 1–15 (2020)

    Google Scholar 

  13. Kitana, A., Traore, I., Woungang, I.: Towards an epidemic SMS-based cellular botnet. J. Internet Serv. Inf. Secur. 10(4), 38–58 (2020)

    Google Scholar 

  14. Last, D.: Using historical software vulnerability data to forecast future vulnerabilities. In: 2015 Resilience Week (RWS), pp. 1–7. IEEE (2015)

    Google Scholar 

  15. Levshun, D., Gaifulina, D., Chechulin, A., Kotenko, I.: Problematic issues of information security of cyber-physical systems. Inform. Autom. 19(5), 1050–1088 (2020)

    Google Scholar 

  16. McGrew, R.W.: Vulnerability analysis case studies of control systems human machine interfaces. Ph.D. thesis, Mississippi State University (2013)

    Google Scholar 

  17. Moiseev, D., Bryukhovetskiy, A.: Method for detecting vulnerabilities of unmanned vehicle interfaces based on continuous values discretization, pp. 43–47 (2021)

    Google Scholar 

  18. Mulliner, C., Robertson, W., Kirda, E.: Hidden gems: automated discovery of access control vulnerabilities in graphical user interfaces. In: 2014 IEEE Symposium on Security and Privacy, pp. 149–162. IEEE (2014)

    Google Scholar 

  19. Nowaczewski, S., Mazurczyk, W.: Securing future internet and 5G using customer edge switching using DNSCrypt and DNSSEC. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(3), 87–106 (2020)

    Google Scholar 

  20. Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 2015 13th Annual Conference on Privacy, Security and Trust (PST), pp. 145–152. IEEE (2015)

    Google Scholar 

  21. Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic vulnerability detection in embedded devices and firmware: survey and layered taxonomies. ACM Comput. Surv. (CSUR) 54(2), 1–42 (2021)

    Article  Google Scholar 

  22. Sabetta, A., Bezzi, M.: A practical approach to the automatic classification of security-relevant commits. In: 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 579–582. IEEE (2018)

    Google Scholar 

  23. Siewruk, G., Mazurczyk, W.: Context-aware software vulnerability classification using machine learning. IEEE Access 9, 88852–88867 (2021)

    Article  Google Scholar 

  24. Skatkov, A., Bryukhovetskiy, A., Moiseev, D.: Adaptive fuzzy model for detecting of vulnerabilities of unmanned vehicles interfaces based on evaluation of the information state of resources. In: IOP Conference Series: Materials Science and Engineering, vol. 862, p. 052029. IOP Publishing (2020)

    Google Scholar 

  25. Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Commun. Surv. Tutor. 20(1), 465–488 (2017)

    Article  Google Scholar 

  26. Wong, S.K., Yiu, S.M.: Identification of device motion status via Bluetooth discovery. J. Internet Serv. Inf. Secur. 10(4), 59–69 (2020)

    Google Scholar 

  27. Wong, S.K., Yiu, S.M.: Location spoofing attack detection with pre-installed sensors in mobile devices. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(4), 16–30 (2020)

    Google Scholar 

  28. Zhernova, K., Chechulin, A.: Overview of vulnerabilities of decision support interfaces based on virtual and augmented reality technologies. In: Kovalev, S., Tarassov, V., Snasel, V., Sukhanov, A. (eds.) IITI 2021. LNNS, vol. 330, pp. 400–409. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-87178-9_40

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. St. Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V.O., St. Petersburg, 199178, Russia

    Konstantin Izrailov, Dmitry Levshun, Igor Kotenko & Andrey Chechulin

  2. Bonch-Bruevich St. Petersburg State University of Telecommunications, 49 Kronverksky Pr., St. Petersburg, 197101, Russia

    Konstantin Izrailov

Authors
  1. Konstantin Izrailov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmitry Levshun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrey Chechulin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrey Chechulin .

Editor information

Editors and Affiliations

  1. Soonchunhyang University, Asan, Korea (Republic of)

    Ilsun You

  2. Sangmyung University, Cheonan, Korea (Republic of)

    Hwankuk Kim

  3. Dankook University, Yongin, Korea (Republic of)

    Taek-Young Youn

  4. University of Salerno, Fisciano, Italy

    Francesco Palmieri

  5. St. Petersburg Federal Research Center of the Russian Academy of Sciences, St. Petersburg, Russia

    Igor Kotenko

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Izrailov, K., Levshun, D., Kotenko, I., Chechulin, A. (2022). Classification and Analysis of Vulnerabilities in Mobile Device Infrastructure Interfaces. In: You, I., Kim, H., Youn, TY., Palmieri, F., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2021. Communications in Computer and Information Science, vol 1544. Springer, Singapore. https://doi.org/10.1007/978-981-16-9576-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-9576-6_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-9575-9

  • Online ISBN: 978-981-16-9576-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation