Mobile devices have become equivalent to mainstream and powerful computing devices. We are examining the underlying security mechanisms for secure application installation, privilege escalation, permission enforcement and provision of forensic tools. We have investigated the identification of repackaged applications from modified application icons and by efficiently and securely sharing the communication and processing/detection overheads between a server and an application residing on the actual device.
We are interested in the Digital Rights Management issues and interoperability between mobile phones and other devices, e.g. set-top-boxes. Near Field Communication offers new communication possibilities for mobile devices but at the same time, it introduces a number of open-ended security questions. Among them we encounter the provision and operation of a trusted element and relay attacks. We have published the very first NFC security papers related to relay vulnerability in mobile devices. We are currently investigating the issues, interactions and performance of Host-Card-Emulation (HCE) implementations in relation to payment and transport applications.