Preserving Security and Privacy: a WiFi Analyzer Application based on Authentication and Tor

Abstract: Numerous mobile applications have the potential to collect and share userspecific information on top of the essential data handling. This is made possible through poor application design and its improper implementation. The lack of security and privacy in an application is of main concern since the spread of sensitive and personal information can cause both physical and emotional harm, if it is being shared with unauthorized people. This thesis investigates how to confidentially transfer user information in such a way that the user remains anonymous and untraceable in a mobile application. In order to achieve that, the user will first authenticate itself to a third party, which provides the user with certificates or random generated tokens. The user can then use this as its communication credentials towards the server, which will be made through the Tor network. Further, when the connection is established, the WiFi details are sent periodically to the server without the user initiating the action. The results show that it is possible to establish connection, both with random tokens and certificates. The random tokens took less time to generate compared to the certificate, however the certificate took less time to verify, which balances off the whole performance of the system. Moreover, the results show that the implementation of Tor is working since it is possible for the system to hide the real IP address, and provide a random IP address instead. However, the communication is slower when Tor is used which is the cost for achieving anonymity and improving the privacy of the user. Conclusively, this thesis proves that combining proper implementation and good application design improves the security in the application thereby protecting the users’  privacy.