skip to main content
10.1145/2839509.2850546acmconferencesArticle/Chapter ViewAbstractPublication PagessigcseConference Proceedingsconference-collections
poster
Public Access

Design and Evaluation of a Course Module on Android Cipher Programming (Abstract Only)

Published: 17 February 2016 Publication History

Abstract

Encryption is critical in protecting the confidentiality of users' data on mobile devices. However, research has shown that many mobile apps are not correctly using the ciphers, which makes them vulnerable to the attacks. The existing resources on cipher programming education do not provide enough practical scenarios to help students learn the cipher programming in the context of real world situations with programs that have complex interacting modules with access to networking, storage, and database. This poster introduces a course module that teaches students how to develop secure Android applications by correctly using Android's cryptography APIs. This course module is targeted to two areas where programmers commonly make many mistakes: password based encryption and SSL certificate validation. The core of the module includes a real world sample Android program for students to secure by implementing cryptographic components correctly. The course module will use open-ended problem solving to let students freely explore the multiple options in securing the application. The course module includes a lecture slide on Android's Crypto library, its common misuses, and suggested good practices. Assessment materials will also be included in the course module. This course module will be used and evaluated in a Network Security class. We will present the results of the evaluation in the conference.

References

[1]
Egele, M., Brumley, D., Fratantonia, Y., Kruegel, C., "An empirical study of cryptographic misuse in andoird applications," Proceedings of the 2013 SIGSAC conference on Computer & communications security, pp. 73--84, 2013.
[2]
Mettler, A., Raman, V., Zhang, Y., "SSL Vulnerabilities: Who listens when Android applications talk?", {Online}, Available: https://www.fireeye.com/blog/threat-research/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html
[3]
Fahl, S., Harbach, M., Muders, T., Baumgartner, L., Freisleben, B., Smith, M., "Why eve and mallory love android: an analysis of andoird SSL (in)security," Proceedings of the 2012 SIGSAC conference on Computer & communications security, pp. 50--61, 2012.
[4]
Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., "The most dangerous code in the world: validating SSL certificates in non-browser software," Proceedings of the 2012 SIGSAC conference on Computer & communications security, pp. 38--49, 2012.
[5]
Storage Options, Android.com, Available: http://developer.android.com/guide/topics/data/data-storage.html, Accessed April, 25, 2015.
[6]
Cunningham, A., "Google quietly backs away from encrypting new Lollipop devices by default," {Online}, Available: http://arstechnica.com/gadgets/2015/03/02/google-quietly-backs-away-from-encrypting-new-lollipop-devices-by-default/, Accessed April, 25, 2015.
[7]
Certificate and Public Key Pinning, Wikipedia, Available: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning, Accessed April, 25, 2015.
[8]
Introducing nogotofail -- a network traffic security testing tool, Google, Available: http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html, Accessed April, 25, 2015.
[9]
Association for Computing Machinery and IEEE-Computer Society Joint Task Force, "Computer Science Curricula 2013," Ironman Draft (Version 0.8), November 2012. Retrieved February 8, 2013, from http://ai.stanford.edu/users/sahami/CS2013//ironman-draft/cs2013-ironman-v0.8.pdf
[10]
Banas, D., Android Development Tutorial, Available: http://www.newthinktank.com/category/web-design/android-development-tutorial/, Accessed April, 25, 2015

Index Terms

  1. Design and Evaluation of a Course Module on Android Cipher Programming (Abstract Only)

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SIGCSE '16: Proceedings of the 47th ACM Technical Symposium on Computing Science Education
      February 2016
      768 pages
      ISBN:9781450336857
      DOI:10.1145/2839509
      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 17 February 2016

      Check for updates

      Author Tags

      1. android cipher programming
      2. education
      3. hands-on lab
      4. password based encryption
      5. ssl

      Qualifiers

      • Poster

      Funding Sources

      • NSF

      Conference

      SIGCSE '16
      Sponsor:

      Acceptance Rates

      SIGCSE '16 Paper Acceptance Rate 105 of 297 submissions, 35%;
      Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

      Upcoming Conference

      SIGCSE TS 2025
      The 56th ACM Technical Symposium on Computer Science Education
      February 26 - March 1, 2025
      Pittsburgh , PA , USA

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 0
        Total Downloads
      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 25 Jan 2025

      Other Metrics

      Citations

      View Options

      View options

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media