Free Essay

Android

In:

Submitted By umashanker
Words 6401
Pages 26
------------------------------------------------- ------------------------------------------------- COLLOQUIUM REPORT
-------------------------------------------------

-------------------------------------------------
ON
-------------------------------------------------

-------------------------------------------------
Data Mining
-------------------------------------------------

-------------------------------------------------
Submitted as partial fulfillment for the award of
-------------------------------------------------

-------------------------------------------------
MASTER OF COMPUTER APPLICATIONS
-------------------------------------------------

-------------------------------------------------
DEGREE
-------------------------------------------------

-------------------------------------------------
Session 2012-13
-------------------------------------------------
By +
-------------------------------------------------
Jeetendra Kumar Maurya
-------------------------------------------------
1045914041
-------------------------------------------------

-------------------------------------------------
Under the guidance of
-------------------------------------------------
MR. Vinod Kumar (Sr. Asst. Professor)
-------------------------------------------------

-------------------------------------------------
ACADEMY OF BUSINESS & ENGINEERING SCIENCES
-------------------------------------------------
(MCA Institute), Ghaziabad (459) | | |
-------------------------------------------------

-------------------------------------------------
AFFILIATED TO
-------------------------------------------------
MAHAMAYATECHNICAL UNIVERSITY, NOIDA
-------------------------------------------------
(Formerly Uttar Pradesh Technical University)
-------------------------------------------------

-------------------------------------------------

ACKNOWLEDGEMENT

I, JEETENDRA KUMAR MAURYA, student of MCA-`A’, 6th semester, express my hearty gratitude and gratefulness to the staff, faculty and others who helped me during the course of completion of my Colloquium report on “128 BIT SSL ENCRYPTION” for their valuable contribution. I look forward to having your valuable suggestions and feedback on the same.

Many thanks to Prof. JAGDISH SINGH HOD of MCA Deptt. , ABES Engineering College, Ghaziabad for allowing us to work under this guidance in the organization.

Signature of Student (JEETENDRA KUMAR MAURYA)

STUDENT DECLARATION

I hereby declare that the study done by me on the colloquium topic presented in this report entitled “SILVER LIGHT” is an authentic record carried out under the supervision of Mr. “VINOD KUMAR”.

The matter embodied in this report has not been submitted by me for the award of any other degree.

Date : Signature of student (Jeetendra Kumar Maurya) (MCA)

This is to certify that the above statement made by the candidate is correct to the best of my knowledge.

Signature of HOD Signature of Supervisor
(Prof. JAGDISH SINGH) (Mr. ARJUN KUMAR) (MCA Deptt.) (ASST.PROFESSOR) (MCA)

Date............................

Table of Contents:

Abstract 1. Introduction 2. Biometric Systems 3. Biometric System Errors 4. A Comparison of Various Biometrics 5. Applications of Biometric Systems 6. Advantages and Disadvantages of Biometrics 7.1 Positive Recognition in Commercial Applications 7.2 Negative Recognition in Government and Forensic Applications 7. Limitations of (Unimodal) Biometric Systems 8. Multimodal Biometric Systems 9.3 Modes of Operation 9.4 Levels of Fusion 9.5 What to Integrate? 9. Social Acceptance and Privacy Issues 10. Summary

Conclusion
References

Abstract

SSL 128bit encryption is a technique to improve the security and confidentiality of user data. This article explains the technology at work behind the scenes of SSL encryption. It covers asymmetric and symmetric keys and how they work together to create an SSL-encrypted connection. It also covers different types of algorithms that are used to create these keys—including the mathematical equations that make them virtually impossible to crack.

Introduction

Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
SSL encrypts the data being transmitted so that a third party cannot "eavesdrop" on the transmission and view the data being transmitted. Only the user's computer and the secure server are able to recognize the data. SSL keeps your name, address, and credit card information between you and merchant to which you are providing it. Without this kind of encryption, online shopping would be far too insecure to be practical. When you visit a Web address starting with "https," the "s" after the "http" indicates the website is secure. These websites often use SSL certificates to verify their authenticity.
While SSL is most commonly seen on the Web (HTTP), it is also used to secure other Internet protocols, such as SMTP for sending e-mail and NNTP for newsgroups. Early implementations of SSL were limited to 40-bit encryption, but now most SSL secured protocols use 128-bit encryption or higher.
Secure socket layer (SSL) is a security protocol which is used to provide security on the network. This security protocol will establish secure channel between two computers mainly client and server. This protocol will encrypt data while transmitting and decrypt after receiving without any errors. In this paper students can find what is ssl, security achieved by secured socket layer, confidentiality, message integrity, end point authentication. 128 bit SSL encryption is a technology which "scrambles" information while it is sent from one computer to another which prevents the information being viewed by a non-trusted third party. Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web. The SSL protocol uses digital certificates to create a secure, confidential communications “pipe” between two entities. Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering. The newest version of the SSL standard has been renamed TLS (Transport Layer Security). You will often see these terms used interchangeably. Since the term SSL is more commonly understood, we will continue to use it throughout this paper. SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt a transaction, that would not mean that they would have found the server's secret key; if they wanted to decrypt another transaction, they'd need to spend as much time and effort on the second transaction as they did on the first. Of course, they would have first have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult. It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow intercept and decode Internet Data.
Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say '2 to the 40th power' or '2 to the 128th power'. Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe. They feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast workstations to crack a 40-bit encrypted message in a little over a week. Of course, even this 'vulnerability' is not really applicable to applications like an online credit card transaction, since the transaction is completed in a few moments. If a network of fast computers takes a week to crack a 40-bit key, you'd be completed your transaction and long gone before the hacker even got started.
What is SSL
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. SSL-secured websites also begin with https rather than http.
Digital Certificates
Digital certificates are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and gain entry. Digital certificates provide similar identification in the electronic world. Certificates are issued by a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it cannot be tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites and network resources to prove their identity and establish encrypted, confidential communications.
A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: x The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address x The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder x The name of the Certification Authority that issued the certificate x A serial number x The validity period (or lifetime) of the certificate (a start and an end date) In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected.
A standard certificate typically includes a variety of information pertaining to its owner and to the
CA that issued it, such as: * The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address * The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder * The name of the Certification Authority that issued the certificate * A serial number * The validity period (or lifetime) of the certificate (a start and an end date)
In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.
Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.
The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice versa.
A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Certificates Come In
All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.
SSL Certificate and How Does it Work?
SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner.
To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This CSR creates the private key and a CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA). The CA uses the CSR data file to create a public key to match your private key without compromising the key itself. The CA never sees the private key.
Once you receive the SSL Certificate, you install it on your server. You also install a pair of intermediate certificates that establish the credibility of your SSL Certificate by tying it to your CA’s root certificate. The instructions for installing and testing your certificate will be different depending on your server.
In the image below, you can see what is called the certificate chain. It connects your server certificate to your CA’s (in this case DigiCert’s) root certificate through a series of intermediate certificates.

The most important part of an SSL Certificate is that it is digitally signed by a trusted CA like DigiCert. Anyone can create a certificate, but browsers only trust certificates that come from an organization on their list of trusted CAs. Browsers come with a pre-installed list of trusted CAs, known as the Trusted Root CA store. In order to be added to the Trusted Root CA store and thus become a Certificate Authority, a company must comply with and be audited against security and authentication standards established by the browsers.
An SSL Certificate issued by a CA to an organization and its domain/website verifies that a trusted third party has authenticated that organization’s identity. Since the browser trusts the CA, the browser now trusts that organization’s identity too. The browser lets the user know that the website is secure, and the user can feel safe browsing the site and even entering their confidential information.
Since the Web server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet. The following diagram illustrates how a 128- or 256-bit SSL connection works:

SSL Certificate Create a Secure Connection?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself. 2. Server sends a copy of its SSL Certificate, including the server’s public key. 3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key. 4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session. 5. Server and Browser now encrypt all transmitted data with the session key.

Certificates are used in an SSL Transaction HOW?
Suppose Alice wants to connect to a secure Web site to buy something online: * When Alice visits a Web site secured with SSL (typically indicated by a URL that begins with “https:”), her browser sends a “Client Hello” message to the Web server indicating that a secure session (SSL) is requested. * The Web server responds by sending Alice its server certificate (which includes its public key). * Alice’s browser will verify that the server’s certificate is valid and has been signed by a Certification Authority (CA) like Entrust, whose certificate is in the browser’s database or that has been cross certified by a root whose certificate is in the browser’s database (and who Alice trusts). It will also verify that the CA certificate has not expired. * If the certificate is valid, Alice’s browser will generate a one-time, unique “session” key and encrypt it with the server’s public key. Her browser will then send the encrypted session key to the server so that they will both have a copy. * The server will decrypt the message using its private key and recover the session key. * At this point Alice can be confident about two things: * The Web site she is communicating with has been vetted to confirm the identity of the organization requesting the certificate and the domain on which the server has been established. * Only Alice’s browser and the Web server have a copy of the session key. Once the SSL “handshake” is complete, then a secure communications “pipe” is established. Alice’s browser and the Web server can now use the session key to send encrypted information back and forth, knowing that their communications are protected. The entire process of establishing the SSL connection typically happens transparently to the user and takes only seconds.
A key or padlock icon in the lower corner of the browser window identifies the security mode of a browser. When the browser is running in “normal” mode, the key looks broken or the padlock appears open or is not present. Once an SSL connection has been established, the key becomes whole, or the padlock becomes closed or appears, indicating that the browser is now in "secure" mode.
Public Trust
Public Trust is not a widely used term, but it is a useful concept. In this context, we define it as trust relationships built using certificates issued from CAs whose public keys are embedded in applications such as Web browsers. Without these embedded keys, consumers and end-users need to go to much more effort to establish basic trust in online services.
When a Web site does not have an SSL certificate signed by a CA whose root key is embedded in the browser, most Internet browsers will display a warning dialog box similar to that shown in Figure 1, which may lead the customer to question the trustworthiness of the site and abandon their transaction.

In contrast, if a user submits credit card or other information to a site with a valid SSL certificate and an SSL connection, the warning does not appear. The secure connection is seamless, making the online shopping experience more pleasant.
Before browser vendors will embed a CA’s public key (or ‘root key’) into their browser, they typically require the CA to be certified for compliance with the Web Trust for Certification Authorities audit criteria. A WebTrust Seal provides you with assurance and confidence in the security of a public key infrastructure (PKI).
Entrust was the first certification authority (CA) in the world to earn the WebTrust for Certification Authorities (CAs) Seal of Assurance in 2001 from the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
As examples of processes and procedures audited under WebTrust, Entrust will only issue an SSL certificate to your online business after it has performed the following verification procedures: * Verify your identity against third-party databases and confirm that your organization is listed in these databases * Confirm that that your organization has the right to use the domain name included in the certificate request * Verify that the individual who requested the SSL certificate on behalf of the organization was authorized to do so and is employed with that organization

If your site collects credit card information you are required by the Payment Card Industry (PCI) to have an SSL Certificate. If your site has a login section or sends/receives other private information (street address, phone number, health records, etc.), you should use SSL Certificates to protect that data.
Your customers want to know that you value their security and are serious about protecting their information. More and more customers are becoming savvy online shoppers and reward the brands that they trust with increased business.
The easiest way to check if your browser supports 128 bit SSL Encryption is to click the 'Login' button on the Northern Ireland Court Service Login page.
If your browser supports 128 bit encryption, you will be presented with the login screen asking you to input your Username and password. If your browser does not support 128 bit encryption, you will be presented with a white empty screen. You will need to upgrade your browser to a later version that supports 128 bit encryption.
For more information on how to check if your browser supports 128 bit encryption or how to upgrade you should go to the browser vendor's website.
Encryption
In an SSL-encrypted session, all data is encrypted using the symmetric encryption algorithm immediately before it is sent to the client. Data from the client is decrypted immediately after it is received. The encryption algorithm that is used for the connection depends on a combination of the encryption algorithm list the SSL subsystem supports, the list the server wants to use, and the encryption algorithms the client requests. During the SSL handshake the client sends a list of encryption algorithms it is willing to use. The server submits its list and the SSL subsystem picks an algorithm all parties support giving preference to the order specified by the server. If the server does not support any of the encryption algorithms requested by the client, the connection is closed. The Telnet, FTP and DCAS servers and the FTP client use the SSL support provided by the System Secure Sockets Layer (System SSL) element of z/OS®. The encryption algorithms supported by the servers and client are therefore dependent on the level of System SSL installed. The following encryption algorithms are supported by the base level of System SSL: NULL, RC2 export, RC4 export, DES. The System SSL Level 3 feature is required for Triple DES and RC4 non-export (128 bit) encryption algorithms. The encryption algorithm list can be customized for the servers and client to a subset of the System SSL list. See the security information for the appropriate server or client for specific server and client statements used for encryption list creation.
Encryption is provided either by BSafe software shipped with System SSL or by hardware. There is no TCP profile definition that controls whether the cryptographic hardware will be used for secure connections. When SSL initialization has completed, System SSL checks if ICSF is installed and active and if the hardware is enabled and loaded with the necessary Master Keys. If the hardware is not available at that time, all subsequent encryption is performed using software. If hardware is valid and ICSF is active at that time, the public key functions required during the SSL handshake and requests for encryption using DES and Triple-DES algorithms will be sent to the hardware. Otherwise, all cryptographic functions will be performed by software. Encryption requests using RC2 or RC4 algorithms are always performed by software. Also note that if ICSF subsequently becomes unavailable, System SSL will assume the hardware encryption is still wanted and encryption processing using DES or Triple-DES algorithms will fail until access to the hardware is restored. If subsequent session handshakes are attempted, they will also fail. Completion of SSL initialization is different for each server and client. See the security information for the appropriate server or client to understand when SSL initialization is complete and how to refresh SSL.

Asymmetric Encryption
Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption. Anyone can use the encryption key (public key) to encrypt a message. However, decryption keys (private keys) are secret. This way only the intended receiver can decrypt the message. The most common asymmetric encryption algorithm is RSA; however, we will discuss algorithms later in this article.

Asymmetric keys are typically 1024 or 2048 bits. However, keys smaller than 2048 bits are no longer considered safe to use. 2048-bit keys have enough unique encryption codes that we won’t write out the number here (it’s 617 digits). Though larger keys can be created, the increased computational burden is so significant that keys larger than 2048 bits are rarely used. To put it into perspective, it would take an average computer more than 14 billion years to crack a 2048-bit certificate.

Symmetric Encryption
Symmetric encryption (or pre-shared key encryption) uses a single key to both encrypt and decrypt data. Both the sender and the receiver need the same key to communicate.

Symmetric key sizes are typically 128 or 256 bits—the larger the key size, the harder the key is to crack. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. As you can imagine, a ‘brute force’ attack (in which an attacker tries every possible key until they find the right one) would take quite a bit of time to break a 128-bit key.
Whether a 128-bit or 256-bit key is used depends on the encryption capabilities of both the server and the client software. SSL Certificates do not dictate what key size is used.

Which Is Stronger?
Since asymmetric keys are bigger than symmetric keys, data that is encrypted asymmetrically is tougher to crack than data that is symmetrically encrypted. However, this does not mean that asymmetric keys are better. Rather than being compared by their size, these keys should compared by the following properties: computational burden and ease of distribution.
Symmetric keys are smaller than asymmetric, so they require less computational burden. However, symmetric keys also have a major disadvantage—especially if you use them for securing data transfers. Because the same key is used for symmetric encryption and decryption, both you and the recipient need the key. If you can walk over and tell your recipient the key, this isn’t a huge deal. However, if you have to send the key to a user halfway around the world (a more likely scenario) you need to worry about data security.
Asymmetric encryption doesn’t have this problem. As long as you keep your private key secret, no one can decrypt your messages. You can distribute the corresponding public key without worrying who gets it. Anyone who has the public key can encrypt data, but only the person with the private key can decrypt it.
How SSL Uses both Asymmetric and Symmetric Encryption
Public Key Infrastructure (PKI) is the set of hardware, software, people, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates. PKI is also what binds keys with user identities by means of a Certificate Authority (CA). PKI uses a hybrid cryptosystem and benefits from using both types of encryption. For example, in SSL communications, the server’s SSL Certificate contains an asymmetric public and private key pair. The session key that the server and the browser create during the SSL Handshake is symmetric. This is explained further in the diagram below.

1. Server sends a copy of its asymmetric public key. 2. Browser creates a symmetric session key and encrypts it with the server’s asymmetric public key. 3. Server decrypts the asymmetric public key with its asymmetric private key to get the symmetric session key. 4. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the browser and the server know the symmetric session key, and the session key is only used for that session. If the browser was to connect to the same server the next day, a new session key would be created.

Public-Key Encryption Alogrithms
Public-key cryptography (asymmetric) uses encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) to create the public and private keys. These algorithms are based on the intractability* of certain mathematical problems.
With asymmetric encryption it is computationally easy to generate public and private keys, encrypt messages with the public key, and decrypt messages with the private key. However, it is extremely difficult (or impossible) for anyone to derive the private key based only on the public key.

RSA
RSA is based on the presumed difficulty of factoring large integers (integer factorization). Full decryption of an RSA ciphertext is thought to be infeasible on the assumption that no efficient algorithm exists for integer factorization.
A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but only someone with knowledge of the prime factors can feasibly decode the message.
RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman— the men who first publicly described the algorithm in 1977.

Pre-Shared Key Encryption Algorithms
Pre-shared key encryption (symmetric) uses algorithms like Twofish, AES, or Blowfish, to create keys—AES currently being the most popular. All of these encryption algorithms fall into two types: stream ciphers and block ciphers. Stream ciphers apply a cryptographic key and algorithm to each binary digit in a data stream, one bit at a time. Block ciphers apply a cryptographic key and algorithm to a block of data (for example, 64 sequential bits) as a group. Block ciphers are currently the most common symmetric encryption algorithm.

Elliptic Curve Cryptography (ECC) Algorithm * An ECC certificate is included at no additional cost with all Symantec Premium SSL certificates. * ECC provides stronger security and increased performance: it offers better protection than currently adopted encryption methods, but uses shorter key lengths (e.g. 256 bit ECC key provides the same level of security as 3,072 RSA key). The result? Stronger security that can handle the explosion in mobile device and tablet connections. * Requires fewer server processing cycles, allowing for more simultaneous SSL connections and faster processing. * ECC key lengths increase at a slower rate than other encryption method keys as security levels increase, potentially extending the life of your existing hardware and giving you a greater return on your investment. * Symantec's ECC certificate roots have been in place for over five years: You can be confident that your ECC certificate will work throughout your ecosystem * US Government approved: ECC is FIPS-certified (US Federal Information Processing Standard) and endorsed by the US National Security Agency.

Digital Signature Algorithm (DSA) * A DSA certificate is included at no additional cost with all Symantec Standard and Premium SSL certificates. * Delivers the same level of security and performance as the RSA algorithm, but uses a different algorithm for signing and encryption. * Offers a broader array of encryption options: You can install just RSA, just DSA, or both to enhance website security. (Apache server can support both RSA and DSA certificates in tandem on a single web server.) * Gives you more choices and greater flexibility to help make it easier to keep up with evolving national government requirements. * Helps maximize your ecosystem reach to everyone with whom your company does business. * DSA is US Government approved: DSA was created by the NSA in 1991 and is US Defense Security Service and FIPS-certified.

128 bit secure encryption

SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt a transaction, that would not mean that they would have found the server's secret key; if they wanted to decrypt another transaction, they'd need to spend as much time and effort on the second transaction as they did on the first. Of course, they would have first have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult. It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow intercept and decode Internet Data.
Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say '2 to the 40th power' or '2 to the 128th power'. Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe. They feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast workstations to crack a 40-bit encrypted message in a little over a week. Of course, even this 'vulnerability' is not really applicable to applications like an online credit card transaction, since the transaction is completed in a few moments. If a network of fast computers takes a week to crack a 40-bit key, you'd be completed your transaction and long gone before the hacker even got started.
Of course, using a 128-bit key eliminates any problem at all because there are 2^128 instead of 2^40 possible keys. Using the same method (a networked of fast workstations) to crack a message encrypted with such a key would take significantly longer than the age of the universe using conventional technology. Remember that 128-bit is not just 'three times' as powerful as 40-bit encryption. 2^128 is 'two times two, times two, times two...' with 128 two's. That is two, doubled on itself 128 times. 2^40 is already a HUGE number, about a trillion (that's a million, million!). Therefor 2^128 is that number (a trillion), doubled over and over on itself another 88 times. Again, it would take significantly longer than the age of the universe to crack a 128-bit key.

Key Size | | Possible Key Combinations | 2-bit | 2^2 | 2x2 | = 4 | 3-bit | 2^3 | 2x2x2 | = 8 | 4-bit | 2^4 | 2x2x2x2 | = 16 | 5-bit | 2^5 | 2x2x2x2x2 | = 32 | 6-bit | 2^6 | 2x2x2x2x2x2 | = 64 | 7-bit | 2^7 | 2x2x2x2x2x2x2 | = 128 | 8-bit | 2^8 | 2x2x2x2x2x2x2x2 | = 256 | 9-bit | 2^9 | 2x2x2x2x2x2x2x2x2 | = 512 | 10-bit | 2^10 | 2x2x2x2x2x2x2x2x2x2 | = 1024 | 11-bit | 2^11 | 2x2x2x2x2x2x2x2x2x2... | = 2048 | 12-bit | 2^12 | 2x2x2x2x2x2x2x2x2x2... | = 4096 | 16-bit | 2^16 | 2x2x2x2x2x2x2x2x2x2... | = 65536 | 24-bit | 2^24 | 2x2x2x2x2x2x2x2x2x2... | = 16.7 million | 30-bit | 2^30 | 2x2x2x2x2x2x2x2x2x2... | = 1 billion (1,073,741,800) | 40-bit | 2^40 | 2x2x2x2x2x2x2x2x2x2... | = 1 trillion (1,097,728,000,000) | 56-bit | 2^56 | 2x2x2x2x2x2x2x2x2x2.... | = 72 thousand quadrillion (71,892,000,000,000,000) | 128-bit | 2^128 | 2 multiplied by 2
128 times over. | = 339,000,000,000,000,000,000,000,000,000,000,000 (give or take a couple trillion...) |

Doing the math, you can see that using the same method that was used to break 40-bit encryption in a week, it would take about 72 million weeks (about 1.4 million years) to even break '56-bit medium' encryption and significantly longer than the age of the universe to crack a 128-bit key. Of course the argument is that computers will keep getting faster, about doubling in power every 18 months. That is true, but even when computers are a million times faster than they are now (about 20 years from now if they double in speed every year), it would then still take about 6 thousand, trillion years, which is about a million times longer than the Earth has been around. Plus, simply upgrading to 129-bit encryption would take twice as long, and 130-bit would take twice as long again. As you can see, it's far easier for the encryption to keep well ahead of the technology in this case. Simply put, 128-bit encryption is totally secure.

Conclusion:
The Internet, Intranets, Extranets and wireless networks are re-defining how companies communicate and do business. As the value of business relationships and transactions increase, so do the associated risks and security requirements. By protecting the security of online payments, businesses can reduce risk and reach a larger market. SSL security is a standard and a minimum requirement for those that conduct transactions online. Almost all legitimate and trustworthy businesses use SSL security to secure their Web site. The protocol is designed to support a range of choices for specific algorithms used for cryptography, digests and signatures. This allows algorithm selection for specific servers to be made based on legal, export or other concerns and also enables the protocol to take advantage of new algorithms. Choices are negotiated between client and server when establishing a protocol session.
References:

1. Bruce Schneier, Applied Cryptography, 2nd Edition, Wiley, 1996. See http://www.counterpane.com/ for various other materials by Bruce Schneier. 2. Public Key Cryptography Standards (PKCS), RSA Laboratories Technical Notes, http://www.rsasecurity.com/rsalabs/pkcs/. 3. Kipp E.B. Hickman, The SSL Protocol, 1995. http://www.netscape.com/eng/security/SSL_2.html. 4. Alan O. Freier, Philip Karlton, Paul C. Kocher, The SSL Protocol Version 3.0, 1996. http://www.netscape.com/eng/ssl3/draft302.txt. 5. RSA Laboratories. PKCS #1: RSA Encryption Standard, Version 1.5, November 1993. 6. RSA Laboratories. PKCS #6: Extended-Certificate Syntax Standard, Version 1.5, November 1993. 7. R. Rivest. RFC 1321: The MD5 Message Digest Algorithm. April 1992. 8. R. Rivest. RFC 1319: The MD2 Message Digest Algorithm. April 1992. 9. B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Published by John Wiley & Sons, Inc. 1994. 10. M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. 1994.

Similar Documents

Free Essay

Android

...Android by 2012 A study on present and future of Google's Android Dot Com Infoway - Position Paper- www.dotcominfoway.com Android by 2012 A study on present and future of Google's Android S.No 1 2 3 4 5 6 7 8 9 10 11 12 13 Contents Executive Summary The Android Tale Why Google Android Android: Breaking the 'Walled Gardens' What's so different in Android Advantages of Dalvik Virtual machines Android: A promising haven for app developers and OEMs? Market Predictions Final Comments About Dot Com Infoway Sources Interesting Android links Glossary Dot Com Infoway - Position Paper- www.dotcominfoway.com Executive Summary: This paper attempts to study the present conditions of Android OS and unveils the predicted future market possibilities for Android, based on results from several research firms, using current market statistics and popularity among developers and end-users. All the flimflams and excitement about the costlier iphones and Blackberrys are vanishing, after the arrival of the most anticipated, open source mobile operating system, the Google Android, which is fated to turn the industry upside down. Despite the growth and popularity for iPhones and Blackberrys, it is predicted that, Android will make a history in sales and on acquiring the market share, slicing down the markets of both Symbians and iPhones. This paper will elaborately examine the predictions about the future of Android phones, considering the present facts and reasons. The Android Tale:...

Words: 2607 - Pages: 11

Free Essay

Android

...Essay on “Google Android OS vs. Apple iOS” The competition between Google Android and Apple iOSis one of the most talked after wars in mobile gadget platforms. The Google Android platform is increasingly becoming dominant in the smartphones and tablets market. Nokia, a once leading company in the mobile phone market is slowly entering the smartphone market with a new range of Lumia smartphones powered by Windows 8 mobile as it phases out its range of Symbian powered smartphones. Equally, Motorola Mobility is trying to gain a share of the market by increasing its product portfolio of smartphones in the Droid family. The Android Operating System powers the Droid range of smartphones. Samsung is by far the largest mobile manufacturing company in the world with a full range of Android powered smartphones in the Galaxy family. The recent entry of the Samsung Galaxy SIII heightened the competitive advantage of the Android Software Platform based on the Android 4.0 (Ice Cream Sandwich) software. With HTC,Blackberry OS, and Microsoft Mobile as a distant competitors, the war is clearly not between mobile phone manufacturers but the war is between software manufacturers, and in this case,Apple iOS and Google Android (Katie, 2012). Currently, the competition between Apple iOS and Google Android is so close such that it becomes difficult to tell the superior operating system (Ian, 2011). Undeniably, each mobile platform has its strengths and weaknesses. Advantages of Android OS over Apple iOS...

Words: 1828 - Pages: 8

Free Essay

Android

...What is android? • Android is a Linux-based operating system designed primarily for touchscreen mobile devices such as smartphones and tablet computers. It is currently developed by Google in conjunction with the Open Handset Alliance. Initially developed by Android Inc, whom Google financially backed and later purchased in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance, a consortium of 86 hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices. 1. History Androids? • Android beta i. The Android beta was released on 5 November 2007, while the software developer's kit (SDK) was released on 12 November 2007. • Android 1.0 i. Android 1.0, the first commercial version of the software, was released on 23 September 2008. The first Android device, the HTC Dream. • Android 1.1 i. On 9 February 2009, the Android 1.1 update was released, initially for the HTC Dream only. Android 1.1 was known as "Petit Four" internally, though this name was not used officially. The update resolved bugs, changed the API and added a number of features. • Android 1.5 Cupcake i. On 30 April 2009, the Android 1.5 update was released, based on Linux kernel 2.6.27. This was the first release to officially use a name based on a dessert ("Cupcake"), a theme which would be used for all releases henceforth...

Words: 712 - Pages: 3

Premium Essay

Android

...ANDROID VERSION ICE CREAM SANDWICH WHAT IS ANDROID Let me first give you an intro about Android. As we all know it is an operating system and platform for mobile devices. It is an open source product. Android is a ground-breaking innovation from the scientists down at Google Labs. It is touted as the next big revolution in the mobile phone Operating System play ground. The reason why Android Operating System is so famous amongst them asses of today is because of its flexibility and ease of resources. Android Inc, was founded in Palo Alto, California, United States Developed by Andy Rubin, Rich Miner, Nick Sears and Cris White - October 2003 Google acquired Android Inc. - August 2005 The Open Handset Allience, a consortium of several companies was formed - November 2007 Android Beta SDK Realeased - November 2007 VERSIONS OF ANDROID Google has always sought for fun in everything they do and Android is no exception to it. The versions of Android are named after mouth watering desserts. Platform | Codename | Release Date | Android | Beta | November 5, 2007 | Android 1.0 | | September 23, 2008 | Android 1.1 | | February 9, 2009 | Android 1.5 | Cupcake | April 30, 2009 | Android 1.6 | Donut | September 15, 2009 | Android 2.1 | Éclair | October 26, 2009 | Android 2.2 | Android 2.2 | May 20, 2010 | Android 2.3 | Gingerbread | December 6, 2010 | Android 3.0 | Honeycomb | February 22, 2011 | Android 4.0 | Ice Cream Sandwich | October 19...

Words: 2278 - Pages: 10

Free Essay

Android

...| AndroidMobile Operating System | Jamie Caves | 4/1/13 | COM156 | | | AndroidMobile Operating System | Jamie Caves | 4/1/13 | COM156 | | With over 400 million Android devices activated to date, it is by far the most popular mobile operating system in use today. The Android OS is one of the most used worldwide, and its open source permits unlimited customization by anyone with the desire to learn it and use it. I have done quite a bit of research on it in the past for my personal use and have learned just a small portion of just how open and customizable Android can be, whether it be personal customization or productivity of the software. Android has helped to change the way we work, socialize, and entertain ourselves. The majority of social media users now use their smartphones, with Android software and applications, to access and post to various sites like Facebook, Twitter, and Instagram where people like to post what they are currently eating. Joking aside, Android has helped to push mobile technology farther than ever before. The Android mobile operating system is currently the most widely used and the most popular for smartphones and tablets today. Android has a distinct advantage over its competition in that it is available on a myriad of devices from nearly all the smartphone and tablet manufacturers today like Samsung, LG, Motorola, HTC, and many others whereas their closest competitors Apple and Blackberry...

Words: 1407 - Pages: 6

Free Essay

Android

...companies with R&D plans that carter towards certain parties promising slick user interfaces, application channels, and a complete web experience. Couple that with feature rich phones that allow one to text, call, global positioning (GPS), and well, you have a product to sell. Google has done just that. Taking bits and pieces of everything one could ever ask for, and merging it all into its mobile operating system titled Android. Represented by a green round-headed robot figure, Android is passing its two year anniversary, and has surpassed other prominent mobile architectures like Apple’s iPhone software. But what exactly is Android? Why would one desire to chuck away their limited iPhone, or stray away from the Blackberry Enterprise lineup? One word: Open source. Couple that with the experience (the art of customizing your device), and the synchronization aspects of the device for virtually any account you have on the net, and you have a total package. Having a total package within arm’s reach, and inside your pocket is quite a powerful tool. With Google’s Android platform, there is never a point where you can say No. Any and every idea can and could be coded into the device if you have the means to do so. Open source is the ticket. Asking yourself what this means is actually a very simple question. Open source is the definition of computer code that is freely available to anyone who wishes to find it. Google has opened up the software to all who have a spirit to create and provide...

Words: 495 - Pages: 2

Premium Essay

Android

...Introduction……………………………………………………………….3 2. Literature review…………………………………………………………..4 3. Architecture……………………………………………………………...5-6 4. Version of android OS…………………………………………………. 7-9 5. Feature version……………………………………………………………10 6. Conclusion…………………………………………………………………11 INTRODUCTION Android is a software stack for mobile devices that includes an operating system middleware and mobile applications .It is LINUX based operating system developed by google. It is specially designed for touch screen mobiles like smart phones and computer tablets. It was developed by google and later on open handset alliance. Handset Alliance, a consortium of 34hardware, software and telecom companies devoted to advancing open standards for mobile devices. When released in 2008, most of The unveiling of the Android platform on 5 November 2007 was announced with the founding of the Open the Android platform will be made available under the Apache free-software and open-source license. It allows developers to write managed code in a Java-like language that utilizes Google-developed Java libraries, but does not support programs developed in native code. Applications   written   in   C   and   other   languages can   be compiled to ARM native code and run, but this development path   isn’t   officially   supported by Google. Android   is available   as   open   source. Google   threw open   the   entire...

Words: 2440 - Pages: 10

Free Essay

Android

...Android vs iPhone Junyao Zhang April 12, 2010 This is a complete analysis and comparison between Android and iPhone OS. The rest of this report is organized as follows. Section ?? outlines the system architecture, history and detail management configuration. Section ?? discusses the iPhone system. In Section ??, a comparison between these two systems is presented. 1 Android Android, originally meaning “robot”, is a mobile operating system using a modified version of the Linux kernel. It was initially developed by Android Inc., a firm later purchased by Google,[?]and lately by the Open Handset Alliance[?]. It allows developers to write managed code in the Java language, controlling the device via Google-developed Java libraries.[8] It empolys the software stack architecture, as shown in Figure 1. • Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack. It is implemented by programming language C. • The middleware level includes Runtime and Libraries. The Runtime includes core libraries, providing most of the functionality available in the core libraries of the Java programming language, and Dalvik virtual machine which allows every Android application runs in its own process. The Libraries is used by various components of the Android system, such as Media Libraries, 3D libraries...

Words: 6786 - Pages: 28

Free Essay

Android

...2. What is Android ? Android is a Linux-based operating system for mobile devices such as smartphones and tablet computers. Android specially developed for applications There are more than 4,00,000 apps in Android market The Android is an open source. 3. Foundation of an Android Android, Inc. found in Palo alto in California united states by Andy Rubin. - October 2003 Google acquired Android, Inc. – August 2005 The open handset alliance, a group of several companies was formed - 5 November 2007 Android Beta SDK Released - 12 November 2007. 4. Features of Android Android can run multiple apps at the Same Time Also support optimized graphics VGA, 2D graphics and 3D graphics Android has a better app market Android lets you change your settings faster It gives you more options to fit your budget Android keeps information visible on your home screen. Android also support Java applications. 5. Versions of an Android Android 1.0 23 September 2008 Android 1.1 9 February 2009 Android 1.5 (Cupcake) 30 April 2009 Android 1.6 (Donut) 15 September 2009 Android 2.0 (Éclair) 26 October 2009 Android 2.2 (Froyo) 20 May 2010 Android 2.3 (Gingerbread) 6 December 2010 Android 3.0 (Honeycomb) 10 May 2011 Android 4.0 (Ice cream sandwich) 19 October 2011 Android 4.1 (Jelly Bean) 13 July 2012 6. Why Android OS is better than iPhone OS ? Android OS iPhone OS We can set any app as a  It is impossible on iPhone. default on Android Have to click manually Android just drag and...

Words: 385 - Pages: 2

Premium Essay

Android

...ANDROID OPERATION SYSTEM INTRODUCTION Android is a mobile operating system that is currently developed by Google, it is based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Android’s user-interface is mainly based on direct manipulation, using touch gestures that loosely corresponds to real-world actions, such as swiping, tapping and pinching to manipulate on-screen objects along with a virtual keyboard for text input. In addition to touchscreen devices Google has also developed android for other platforms such Android TV for Television, Android Auto for Cars and Android Wear for wristwatches. Each of these platform have special interface to sooth the platform. Variant of Android are also used on Notebooks, game console, digital camera and other electronics. As smartphones and tablets become more popular, the operating systems for those devices become more important. Android is such an operating system for low powered devices that run on battery and contain hardware like Global Positioning System (GPS) receivers, cameras, light and orientation sensors, WiFi and UMTS (3G telephony) connectivity and a touch screen. Like all operating systems, Android enables applications to make use of the hardware features through abstraction and provide a defined environment for applications. Unlike on other mobile operating systems like Apple’s iOS, Palm’s web OS or Symbian, Android applications are written in Java and run in virtual...

Words: 3950 - Pages: 16

Free Essay

Android

...Android operating system revolution in mobile technology Published: 23, March 2015 Android (Operating System) - Revolution in Mobile Technology Abstract Android's mobile operating system is based on the Linux kernel and it is a software stack for mobile devices. This operating system is one of the world's best-selling Smartphone platform. Android involves many developers writing applications that helps in extended the functionality of the devices. There are currently over 1,50,000 applications available for Android. Android Market is the online application store run by Google, though applications can also be downloaded from third-party sites. Developers write in the Java language. The unveiling of the Android distribution on 5 November 2007 was announced with the founding of the Open Handset Alliance, a consortium of 80 hardware, software, and telecom companies devoted to advancing open standards for mobile devices. Most of the Android code is released by Google under the Apache License. The Android open-source software stack consists of Java applications running on a Java-based, object-oriented applicationlication framework on top of Java core libraries . Libraries written in C include SQLite relational database management system, WebKit layout engine, SGL graphics engine, SSL. The Android operating system, including the Linux kernel, consists of roughly 12million lines of code including 3million lines of XML, 2.8million lines of C, 2.1million lines of Java, and 1.75million lines...

Words: 1342 - Pages: 6

Free Essay

Android

...|Google Android |November 15 | | |2011 | |An operating system for mobile devices such as smartphones and tablet computers. Developed by the Open |Operating System | |Handset Alliance led by Google. | | Table of Contents Introduction 3 About 4 Architecture 7 System Threading 11 CPU Scheduling 12 Process States 14 Memory Management 18 Synchronization Techniques 19 Event Handling 20 Security 21 Networking 22 Evaluation 23 Bibliography 24 Introduction Since its initial launch on the T-Mobile G1 in October of 2008, Google's Android operating system has evolved rapidly, perhaps more rapidly than any other operating system in recent memory, to become one of the most important and prolific smartphone platforms in the market today. The Android OS is the name of the Linux based operating system owned by Google and supported by the Open Handset Alliance. Android is used as an operating system for devices such as cell phones, tablets and netbooks. Google bought the original developer of the software, Android Inc., in 2005. Android's kernel (core of the OS) was derived from Linux but has been modified by Google developers. Android is also open source, which means developers can customize the OS for different phones and applications. This is why different phones may have different looking graphical interfaces and features even though they are running the same OS. Android OS is completely open Taking a speech class and had a chance to...

Words: 1317 - Pages: 6

Premium Essay

Android Deviecs

...Android devices enjoy a majority share in the total sales volume for all smartphones and tablets. This could be attributed to several reasons, the primary one being the fact that Android is an open-source product, which allows any handset manufacturer to adopt and modify it for their hardware devices. Secondly, the open-source philosophy makes its source code available to everyone, which is why it is easier to develop apps that run on the Android platform. However, Android did not start off as an operating system for mobile phones when the idea was conceived by Andrew Rubin, Chris White, Nick Sears and Rich Miner. The initial idea was to develop an intelligent operating system to handle digital cameras. Midway through the development, it was realized that the market for such a system was inadequate, which is why all the efforts were redirected to creating a mobile operating system. At that time, the market was dominated by Nokia's Symbian and Microsoft's Windows Mobile operating systems, none of which were open-source or open to development from individual app developers. The endeavor was quickly noticed and appreciated when Google took over the entire project and started developing the Android system on the Linux kernel. This became a huge turning point for Android, as the Linux-based kernel provided it with much-needed stability and security. After years of speculation regarding Google's intention to enter the mobile market, an "Open Handset Alliance" was formed that includes...

Words: 504 - Pages: 3

Free Essay

Wp7 for Android

...Microsoft6/6/2011Rev 1.0 | | Windows Phone 7 Guide for Android Application Developers | | About this Document 4 Target Audience 4 Conventions Used in this Document 4 Chapter 1: Introducing Windows Phone 7 Platform to Android Application Developers 5 The Developer Tools 5 Windows Phone 7 Architecture 5 Comparing the Programming Stack of Windows Phone 7 with Android 7 Summary 11 Related Resources 11 Chapter 2: User Interface Guidelines 12 Designing the Application Interface 13 Application User Interface Design 14 Comparing Windows Phone 7 and Android Navigation 18 Windows Phone 7 Frame and Page Structure 19 Application Templates 21 Summary 21 Related Resources 21 Chapter 3: The Developer and Designer Tools 23 A Comparison of Android and Windows Phone 7 Tools 23 Development Life Cycle and Windows Phone 7 Developer Tools 24 The UI Design Tools 26 Building Applications 33 Debugging 34 Summary 38 Chapter 4: C# programming 39 Managed Programming 40 A Comparison between C# Features and Java Classes 41 A Comparison of Important Class Libraries 51 The New features of C# 54 Comparing API Documentation Tools 58 NDoc 58 NDocs vs. Javadoc 61 Summary 61 Related Resources 62 Chapter 5: A Comparison of Application Life Cycles in Windows Phone 7 and Android 63 Multitasking in Android and Windows Phone 7 63 Tombstoning of Applications in Windows Phone 7 64 Life Cycle of a Windows Phone 7 Application...

Words: 19181 - Pages: 77

Premium Essay

Android Malware

...devices to increase productivity and collaboration among employees. As of December 2013 Google’s Android Operation System was the top smart phone platform with 52.5% of the market share ("iOS Continues Gaining U.S. Smartphone Share"). As these numbers continue to grow cybercriminals have taken notice and there has been an increase in the number of malware programs developed for the Android operating system. These malware programs can present a variety of threats from allowing criminals access to important personal information to intercepting private text messages and emails as well as even allowing someone to remotely turn on the phone’s mic. These threats can present a problem to both private individuals and businesses alike. It is important that steps be taken to prevent cybercriminals from accessing this information by preventing malware from being installed on these devices. If I was responsible for strengthening this area of IT security, I would recommend several steps. For starters, I would provide education to personal and business users to instruct them on the proper software to have installed in order to protect their devices as well as things to look out for and avoid. For businesses, I would recommend they employ strict guidelines for users of company equipment and dictate polices for users that bring their own devices. An important step in protecting against Android malware is educating device owners. According to research firm IDC only 5 percent of smartphones and...

Words: 803 - Pages: 4