Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorLeguesse, Yonas-
dc.contributor.authorColombo, Christian-
dc.contributor.authorVella, Mark Joseph-
dc.contributor.authorHernandez-Castro, Julio-
dc.identifier.citationLeguesse, Y., Colombo, C., Vella, M., & Hernandez-Castro, J. (2021). PoPL : proof-of-presence and locality, or how to secure financial transactions on your smartphone. IEEE Access, 9, 168600-168612.en_GB
dc.description.abstractThe security of financial apps on smartphones is threatened by a class of advanced and persistent malware that can bypass all existing security measures. Strong cryptography and trusted on-chip hardware modules are powerless against sophisticated attacks that supplant device owners through device input record/replay functionality, effectively hijacking their credentials, privileges, and actions. In this paper, we introduce Proof-of-Presence and Locality (PoPL), a new security measure that tackles this threat by leveraging sensors to prove the physical presence of device owners and therefore discriminate between malware-initiated transaction requests and legitimate ones. Moreover, PoPL neither imposes the expense of additional hardware nor compromises app usability. In order to demonstrate PoPL's practicality, we developed PoPLar, a challenge puzzle implementation of the PoPL concept that ensures usability even on limited screen sizes by the use of a dendrogram. We have made it available as an open-source library ready to be integrated with minimal effort with existing apps. We demonstrate PoPLar's effectiveness and ease of integration through case studies involving apps from the three top cryptocurrency exchanges and an open-source crypto wallet.en_GB
dc.publisherInstitute of Electrical and Electronics Engineersen_GB
dc.subjectOpen source softwareen_GB
dc.subjectMalware (Computer software)en_GB
dc.subjectMobile apps -- Security measuresen_GB
dc.titlePoPL : proof-of-presence and locality, or how to secure financial transactions on your smartphoneen_GB
dc.rights.holderThe copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder.en_GB
dc.publication.titleIEEE Accessen_GB
Appears in Collections:Scholarly Works - FacICTCS

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.