A Case Study of Mobile Health Applications:The OWASP Risk of Insufficient Cryptography  

在线阅读下载全文

作  者:Suzanna Schmeelk Lixin Tao 

机构地区:[1]St.John’s University,United States [2]Pace University,United States

出  处:《Journal of Computer Science Research》2022年第1期22-31,共10页计算机科学研究(英文)

摘  要:Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These applications help individuals track their own biorhythms and contain sensitive information.This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks.We first develop and justify a mobile OWASP Cryptographic knowledge-graph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography.We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications.Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications.As humans adopt healthcare applications for managing their health routines,it is essential that they consider the privacy and security risks they are accepting when sharing their data.Furthermore,many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations.In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded,the article suggests awareness and training modules for developers prior to marketplace software release.

关 键 词:OWASP mobile threats CRYPTOGRAPHY Mobile application MHEALTH Healthcare ANDROID 

分 类 号:TP3[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象