Abstract
Many mobile apps use encryption to protect user data. Therefore, research on the use of encrypted data in forensic investigations is warranted. When encrypting data, developers can incorporate data such as user information and passwords during the encryption key generation process. Currently, encryption keys can be protected by hardware security modules such as KeyStore and KeyChain using an OS-provided API. Hardware security modules use a built-in random number generator to create random keys and securely store them. As a result, it is practically impossible to decrypt data that have been encrypted using a hardware security module. However, cryptographic algorithm misuse, regardless of whether encryption keys are acquired, present an opportunity for data acquisition. In this paper, we show that a reused key attack that exploits a vulnerability caused by encryption scheme misuse can be used against a secure email service, ProtonMail, and Korea’s representative instant messenger KakaoTalk.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
