Mobile applications draw the attention of hackers more and more each day because they have something that the attackers want, user personal data. Hard-coded secret keys, personal information stored in plain text on SD cards, usernames and passwords found unencrypted in databases, analytics collected and sent in the clear to remote servers, are just a few cases that make the life of an attacker easier.
So how do we protect data on mobile phones? To protect sensitive data, and ensure confidentiality and/or integrity developers have to use Cryptography. There are many cryptographic libraries that can be integrated into Android applications. Cryptographic libraries can be seen as cryptographic tools that contain tools, such as encryption algorithms, padding schemes, and hash functions.
Few of the common basic cryptography libraries are as follows -
1) AeroGear (Crypto AeroGear) Apache 2.0 license
2) Conceal (Facebook) BSD license,
3) Keyczar (Google) Apache 2.0 license
Once you decide to encrypt appication data you have to decide how to implement it. What encryption algorithm should you use, AES or DES? How long should your key be, 128 or 256 bits? Which encryption mode should you use, ECB or CBC? If you do not have an answer to all these questions, along with a good reason for each answer, then it seems that you have found yourself in a position where, although you probably have all the tools you need, you are not absolutely sure which ones to use and how.
The cryptographic toolkits do not implement any exotic cryptographic functionalities, nor do they intend to replace the cryptographic libraries presented above; they rather built on some of them with the sole purpose of making cryptography easier and safer to use.
These toolkit may supports only a subset of the algorithms, modes, schemes, parameters, and other cryptographic tools that are out there. Instead it provides you with sensible defaults in case you (a) know what you want to do but don’t know how to do it, or (b) don’t really care as long as you end up with a safe solution. Let’s examine some of these toolkits to better understand their role.
There are many good sites to learn more about cryptography & one of the websites I can recommend is https://www.garykessler.net/library/crypto.html
So how do we protect data on mobile phones? To protect sensitive data, and ensure confidentiality and/or integrity developers have to use Cryptography. There are many cryptographic libraries that can be integrated into Android applications. Cryptographic libraries can be seen as cryptographic tools that contain tools, such as encryption algorithms, padding schemes, and hash functions.
Few of the common basic cryptography libraries are as follows -
1) AeroGear (Crypto AeroGear) Apache 2.0 license
2) Conceal (Facebook) BSD license,
3) Keyczar (Google) Apache 2.0 license
Once you decide to encrypt appication data you have to decide how to implement it. What encryption algorithm should you use, AES or DES? How long should your key be, 128 or 256 bits? Which encryption mode should you use, ECB or CBC? If you do not have an answer to all these questions, along with a good reason for each answer, then it seems that you have found yourself in a position where, although you probably have all the tools you need, you are not absolutely sure which ones to use and how.
The cryptographic toolkits do not implement any exotic cryptographic functionalities, nor do they intend to replace the cryptographic libraries presented above; they rather built on some of them with the sole purpose of making cryptography easier and safer to use.
These toolkit may supports only a subset of the algorithms, modes, schemes, parameters, and other cryptographic tools that are out there. Instead it provides you with sensible defaults in case you (a) know what you want to do but don’t know how to do it, or (b) don’t really care as long as you end up with a safe solution. Let’s examine some of these toolkits to better understand their role.
There are many good sites to learn more about cryptography & one of the websites I can recommend is https://www.garykessler.net/library/crypto.html
No comments:
Post a Comment