Privacy and Security analysis of crypto currency mobile applications
ABSTARCT :
Subsequent to the introduction of Bit coin, the field of cryptocurrency has seen unprecedented growth. Mobile applications known as wallets often facilitate user interaction to these crypto currencies. With a perceived real world value these wallets are a target for attackers. Unlike mainstream financial services applications, cryptocurrency wallets are not subject to the same stringent security requirements of their regulated counterparts. In this paper, we examine the security profiles of commonly used Android cryptocurrency applications. We examine these applications for common vulnerabilities outlined by OWASP mobile top 10. We establish a baseline for our tests by evaluating commonly used banking and trading applications. We compare the results from our baseline test and establish the state of security provided by cryptocurrency wallet applications. The paper also examines the possible privacy implications of mobile applications. We report that the conventional financial services applications are only marginally better than cryptocurrency application in security provisions but they provide greater privacy.
EXISTING SYSTEM :
? It will enhance the security for managing cryptocurrency coins with a highly secure and easy to use wallet.
? It will streamline the current business process for trading existing crypto currency coins along with supporting the new emerging coins based on proof of space by introducing new features.
? The newly developed will be an initial version of product.
? The underlying infrastructure will be different as compared to Coinblesk or other available wallets based on Proof of Work.
DISADVANTAGE :
? The Open Web Application Security Project (OWASP) mobile security project provides a collection of the most common security issues in mobile applications
? Applications dealing with sensitive information such as personal or financial data should implement proper user authentication.
? This category of threat includes issues related to session management and user identification.
? we execute the application in a simulated environment and sniff the network traffic to outline any networking issue such as transmission of secret information in plain text.
PROPOSED SYSTEM :
• In this paper, we detail the construction of Spacemint, analyze its security and game-theoretic properties, and study its performance.
• The purpose of the project is to develop a state of the art cryptocurrency wallet based on proof of space.
• On the other hand, the focus is to propose a new wallet with comprehensive functionality for a new BC based on Proof of Space.
• To this end, an analytic study was conducted for android-based cryptocurrency wallets and a new set of requirements are proposed in this report with advanced security features to achieve high performance in terms of fast transaction handling, secure connections, scalability, and reliability.
ADVANTAGE :
? To perform static analysis, we require the source code of the application. We adopt the approach used by to generate java source code from the Android application package file (APK).
? Via decompiling the packaged file, we can produce a reconstructed version of source code.
? This reconstructed source code can be utilized for the static analysis.
? Even though there are acceptable use cases for MD5, it may still pose a security threat if it is used in critical cryptography algorithms in the application
? Other threats such as MD5 and SHA-1 may not pose a severe threat as long as they are not used in any security sensitive component of the application
|