Application for enhancing confidentiality and availability for sensitive user data using AES algorithm in smartphone devices
Date
2021
Authors
Nyamwaro, Valentine Nyaboke
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Today’s world has seen a rapid increase in the number of users of mobile devices. Since the first mobile launch in the last quarter of the 19th century, mobile devices have evolved from their weight cost and functionalities to become pervasive tools. Mobile technology has provided us with mobile and flexible tools to work with, communicate, and store data. As mobility and flexibility increase, so are the risks to the information accessed from mobile devices. The devices host a lot of sensitive personal data which attackers can illegally access. The sensitive personal data focuses on a category of select data, which the user gets to identify as sensitive on the mobile devices in the format of contacts, text messages, audios, videos, and documents such as word, pdf, excel, among others. Once exposed to unauthorised personnel or access by applications can cause exposure or harm to the user and the subjects related. Mobile devices and their storage have come under increasing attack, putting the sensitive data on the device in jeopardy. In addition, the data in the device's local storage is at risk of threats associated with the mobile, such as spam, virus, spyware, theft and loss of device and unauthorised access due to non-utilisation of the basic security measures deployed by mobile manufacturers. The proposed solution is an Android application tool that secures all sensitive personal data on mobile devices by securely storing them in the remote cloud using cryptographic techniques. The research adopted the Agile methodology to develop the proposed solution. The methodology is more flexible and adaptable with making changes to the tool while allowing for faster delivery within a short time. The tool uses the AES 256 algorithm, and this is because from analysis of the symmetric algorithms, it is secure and with high computational complexity, and thus, any access to the encrypted data by an intruder requires comparatively more time decrypting. The tested and validated prototype provides a mechanism for restricting user access to the data with a set of authentications in the system. The tests evaluated the system performance in which it showed the encryption process and access of data averaged to a few seconds depending on the size of the file, leading to a high rating of performance. Furthermore, it exhibited a high accuracy result for confidentiality in the storage of data in the system. Compatibility tests further showed that the tool could be accessible in the different versions of the Android operating system.
Description
A Thesis Submitted in partial fulfilment of the requirements for the Degree of Masters of Science in Information Systems Security at Strathmore University
Keywords
Mobile data, Encryption, Confidentiality, Authentication, Privacy