Integration of BankID Services in a PhoneGap Based Mobile Application
Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Security concerns became high with the rapid technology advancement andwith the open nature of the internet. BankID is the leading electronic identificationsystem in Sweden which is used by around 5 million people in a variety ofpublic and private services. BankID allows users to securely authenticate themselvesand digitally sign important documents and transactions over the internet.In 2011, BankID Security App was launched to be used in mobile smartphones and tablet computers. In this paper, different components of the PublicKey Infrastructure (PKI) which is a cryptographic technique that enables usersto safely communicate over the insecure internet has been studied in detail. Furthermore,a test BankID-integrated PhoneGap based app on the Android platformis implemented and a performance evaluation and security analysis wereperformed. The test implementation of the BankID-integrated app on theAndroid platform provides user authentication and digital signing functions.The implemented backend system consists of a server with digital certificateand a database. The performance test emphasizes on the measurement of the accesstime between the components of the system and usability of the application.Access time measurement includes a reasonable amount of time in whichthe user is able to perform different activities in the system. In usability assessmentnumber of actions to perform a certain task and the ease of the user interfacehas been taken into consideration. The security analysis aims to identifypotential security flaws in the system and discuss possible solutions. The potentialsecurity risks we identified during the implementation of the system are theman-in-the-middle-attack, the Heartbleed bug, losing the mobile device andphysical access to the backend system. The potential security risks in the systemwere examined with regard to severity and probability of occurrence. Finally,the thesis project has been discussed in terms of the future work and system expansions.The result of the thesis will be used as a base in production developmentby Dewire, the company for which the thesis work has been conducted.
Place, publisher, year, edition, pages
2014. , 65 p.
Security, BankID, PhoneGap, PKI, Android
IdentifiersURN: urn:nbn:se:miun:diva-22201OAI: oai:DiVA.org:miun-22201DiVA: diva2:725867
Subject / course
Computer Engineering DT1; Computer Engineering DT1
Computer Science TDATG 180 higher education credits; Computer Science TDATG 180 higher education credits
2014-06-05, L408, Holmgatan 10, Sundsvall, 13:15 (English)
Jehnehag, Ulf, Dr