Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

here

advertisement 
Security Test Summary
Customer: OKsystem s.r.o.
Application: BABEL 3.4.0.
Security Testing Conclusion and Summary
Trustica s.r.o. performed security testing of application BABEL v 3.4.0 by OKsystem s.r.o. in November
and December 2014. Namely the communication infrastructure, the mobile and server application architecture, and the functions securing the protection of user data against third party attacks underwent the
testing.
The application meets the current requirements for data security and uses ciphers, which are currently
considered safe.
Provided that

The mobile application is running on a phone, in which an OS of the producer is running without
adding backdoors or malware,

The server application is operated by a trustworthy administrator, it is possible to declare the
entire application as safe according to the producer’s description.
In Prague, on 18 February 2015
Dominik Pantucek, CEO
Information on the Tests Performed

The tested subject was the BABEL application, designed for exchanging encrypted text messages between users of mobile phones running on the iOS and Android platforms. The application consists of the client side (a mobile phone binary application) and the server part, programmed in the J2EE
environment.

The protection subjects are messages exchanged between individual users. The messages are
to be accessible exclusively by the owner of the mobile device in question, which is not compromised
by any monitoring software.
Security Test Summary
Customer: OKsystem s.r.o.
Application: BABEL 3.4.0.
Mobile application attack scenarios:

Unauthorised access with an unlocked OS environment

Possibility of direct reading of messages in the OS

Unauthorised access with a locked OS environment

Connecting the device to a PC, copying the encrypted data

Sniffing the data communication and breaching the ciphering methods
Server application attack scenarios

An attack by a user of the network, in which the server is located, with the goal of obtaining unauthorised access to the administration interface

An attack by a user of the administration interface with regular user authorisation

An attack by the authorised server administrator to the communication history stored in the user’s mobile device

Generation of the session key: verification of the manner of generating the key designed for
encrypting individual messages

D-H exchange signature checking

Checking the generation of a user’s private and public keys

Checking the manner of ciphering of the Android storage, difficulty evaluation of an encryption
breach and obtaining the data stored in the storage

Verification of the server and mobile applications concerning the resistance to MITM attacks

Testing the server part on a selected category of frequent vulnerabilities of web applications
according to the OWASP methodology
Related documents
features of online exam time saving
features of online exam time saving
Introduction
Introduction
here
here
As you practice solving integer equations, follow instructions to
As you practice solving integer equations, follow instructions to
Government Outreach APP
Government Outreach APP
econ Study guide for Unit 3 test
econ Study guide for Unit 3 test
Knowledge Organization: the universal versus the canonical in The
Knowledge Organization: the universal versus the canonical in The
T - Sasha Senderovich
T - Sasha Senderovich
A Tale of Two Cities
A Tale of Two Cities
8 Ciphering
8 Ciphering
t3-000109
t3-000109
Multilingual typesetting
Multilingual typesetting
Download
advertisement