https://doi.org/10.62660/bcstu/4.2025.25

Volume 30, No. 4, 2025

25-37

  • Read article

    • Problems of protecting unstructured information on mobile devices

    Evgen Brovchenko

    Received 21.10.2025, Revised 21.10.2025, Accepted 15.12.2025

    Abstract

    The relevance of the study was determined by the growing volume of unstructured data in the mobile environment, which required a rethinking of classical approaches to the protection in conditions of limited resources and dynamic use. The purpose of the study was to conduct a comprehensive analysis of methods for protecting unstructured information in the mobile environment and to identify key barriers to the effective implementation. The methodology was based on a theoretical and analytical approach, which included the systematisation of protection methods, a comparative analysis of cryptographic algorithms, an assessment of authentication and access control models, as well as an analysis of cloud security mechanisms. It was established that symmetric encryption Advanced Encryption Standard in Cipher Block Chaining mode provided effective local protection but required careful management of initialisation vectors. It was found that Elliptic Curve Cryptography outperformed Rivest-Shamir-Adleman in terms of energy efficiency and performance, and BLAKE3 outperformed Secure Hash Algorithm 256 in terms of speed, energy consumption, and parallelism support. It was generalised that access control models were insufficiently adapted to the dynamics of the mobile environment, and the most effective were context-oriented and multifactor approaches, in particular with the use of biometric and behavioural authentication. It was found that a combination of client-side encryption, identity management, and cloud backup ensured the highest level of protection with proper implementation. It was established that the effectiveness of HyperText Transfer Protocol Secure, Transport Layer Security 1.3, and Virtual Private Network protocols depended on the type of data and interaction scenario, and the use required a balance between security, performance, and the context of use. Eight key challenges were identified, the relevance of which to mobile security practice was confirmed through comparison with the OWASP Mobile Top 10 categories: data leakage, limited resources, complexity of authentication, dynamic access control, use of public networks, platform fragmentation, application opacity, and legal barriers. It was determined that the effectiveness of protection methods was conditioned by the context of application – the type of data, device architecture, interaction scenario, and available infrastructure – which required an adaptive choice of solutions. The results obtained confirmed that traditional approaches to information security required adaptation to the specifics of mobile platforms. The study has practical value for security solution developers, corporate system administrators, and policymakers in the field of cybersecurity

    Keywords:

    environment; encryption; authentication; resource constraints; access control

    Suggested citation
    Brovchenko, E. (2025). Problems of protecting unstructured information on mobile devices. Bulletin of Cherkasy State Technological University, 30(4), 25-37. https://doi.org/10.62660/bcstu/4.2025.25
    391 Views

    References

    1. Abibulaev, A.R., & Piskozub, A.Z. (2025). Analysis of possibilities for improving cloud infrastructure security using NLP and ML. Modern Information Security, 2(62), 124-140. doi: 10.31673/2409-7292.2025.026884.
    2. Akinade, A.O., Adepoju, P.A., Ige, A.B., & Afolabi, A.I. (2025). Cloud security challenges and solutions: A review of current best practices. International Journal of Multidisciplinary Research and Growth Evaluation, 6(1), 26-35. doi: 10.54660/.IJMRGE.2025.6.1.26-35.
    3. Atlam, H.F., & Wills, G.B. (2020). IoT security, privacy, safety and ethics. In M. Farsi, A. Daneshkhah, A. Hosseinian-Far & H. Jahankhani (Eds.), Digital twin technologies and smart cities (pp. 123-149). Cham: Springer. doi: 10.1007/978-3-030-18732-3_8.
    4. Babayeva, K.G. (2024). Using cryptographic methods, mechanisms, and tools for protecting biometric data. In Radioelectronics and youth in the 21st century: Materials of the 28th international youth forum (pp. 88-90). Kharkiv: Kharkiv National University of Radio Electronics. doi: 10.30837/IYF.PCEIP.2024.088.
    5. Brovchenko, Y.M., Samarai, V.P., Datsenko, I.P., Pavlenko, V.I., & Sereda, A.V. (2023). Protection of unstructured data on mobile devices. Infocommunications and Computer Technologies, 1(5), 194-200. doi: 10.36994/27885518-2023-01-05-21.
    6. Chen, L., Moody, D., Randall, K., Regenscheid, A., & Robinson, A. (2023). Recommendations for discrete logarithmbased cryptography: Elliptic curve domain parameters. Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-186.
    7. Chen, Y., Zheng, B., Zhang, Z., Wang, Q., Shen, C., & Zhang, Q. (2020). Deep learning on mobile and embedded devices: State-of-the-art, challenges, and future directions. ACM Computing Surveys, 53(4), article number 84. doi: 10.1145/3398209.
    8. da Rocha, M., Valadares, D.C.G., Perkusich, A., Gorgonio, K.C., Pagno, R.T., & Will, N.C. (2020). Secure cloud storage with client-side encryption using a trusted execution environment. In Proceedings of the 10th international conference on cloud computing and services science (pp. 31-43). Setubal: SciTePress. doi: 10.5220/0009130600310043.
    9. Du, J., Jiang, C., Gelenbe, E., Xu, L., Li, J., & Ren, Y. (2018). Distributed data privacy preservation in IoT applications. IEEE Wireless Communications, 25(6), 68-76. doi: 10.1109/MWC.2017.1800094.
    10. Dworkin, M. (2001). Recommendation for block cipher modes of operation: Methods and Techniques. Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-38A.
    11. Estrela, P.M.A.B., Albuquerque, R.D.O., Amaral, D.M., Giozza, W.F., & Júnior, R.T.D.S. (2021). A framework for continuous authentication based on touch dynamics biometrics for mobile banking applications. Sensors, 21(12), article number 4212. doi: 10.3390/s21124212.
    12. Force, J.T. (2020). Security and privacy controls for information systems and organizations. Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-53r5.
    13. Garg, S., & Baliyan, N. (2021). Comparative analysis of Android and iOS from security viewpoint. Computer Science Review, 40, article number 100372. doi: 10.1016/j.cosrev.2021.100372.
    14. Grassi, P.A., Garcia, M.E., & Fenton, J.L. (2017). Digital identity guidelines. Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-63-4.
    15. Guo, Y., Liu, J., Tang, W., & Huang, C. (2021). Exsense: Extract sensitive information from unstructured data. Computers & Security, 102, article number 102156. doi: 10.1016/j.cose.2020.102156.
    16. Hartzog, W., & Richards, N.M. (2020). Privacy’s constitutional moment and the limits of data protection. SSRN, article number 3441502. doi: 10.2139/ssrn.3441502.
    17. Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., & Scarfone, K. (2014). Guide to attribute based access control (ABAC) definition and considerations. Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-162.
    18. ISO/IEC 27017:2015. (2015). Information technology – security techniques – code of practice for information security controls based on ISO/IEC 27002 for cloud services. Retrieved from https://www.iso.org/standard/43757.html.
    19. Kibar, B. (2023). Comparing Blake3 and Sha-256 data integrity algorithms & integrating Blake3 with Golang. Retrieved from https://surl.lu/vdnytl.
    20. Konovalov, S.M. (2025). Analysis of types of cybersecurity in mobile phone operating systems. Таuridа Scientific Herald. Series: Technical Sciences, 2, 100-104. doi: 10.32782/tnv-tech.2025.2.11.
    21. Kostiuk, Y., Bebeshko, B., Kriuchkova, L., Lytvynov, V., Oksanych, I., Skladannyi, P., & Khorolska, K. (2024). Information protection and data exchange security in wireless mobile networks with authentication and key exchange protocols. Cybersecurity: Education, Science, Technique, 1(25), 229-252. doi: 10.28925/26634023.2024.25.229252.
    22. Kumar, K.S., & Sukumar, R. (2019). Achieving energy efficiency using novel scalar multiplication based ECC for Android devices in Internet of Things environments. Cluster Computing, 22(5), 12021-12028. doi: 10.1007/ s10586-017-1542-8.
    23. Law of Ukraine No. 2297-VI “On Personal Data Protection”. (2010, June). Retrieved from https://zakon.rada.gov. ua/laws/show/en/2297-17#Text.
    24. Liu, K., Zhou, Z., Cao, Q., Xu, G., Wang, C., Gao, Y., Zeng, W., & Xu, G. (2023). A robust and effective two-factor authentication (2FA) protocol based on ECC for mobile computing. Applied Sciences, 13(7), article number 4425. doi: 10.3390/app13074425.
    25. Marchenko, O. (2023). Cybersecurity and information protection: Analysis of risk and threat impact with modern effective cyberspace defense strategies. Information Technology: Computer Science, Software Engineering and Cyber Security, 3, 50-59. doi: 10.32782/IT/2023-3-6.
    26. Mellom, J. (2020). The role of identity access management (IAM) in cloud security. Retrieved from https:// sonraisecurity.com/blog/the-role-of-identity-access-management-iam-in-governing-cloud-security/.
    27. Mobile Top 10 2024: Final release updates. (n.d.). Retrieved from https://owasp.org/www-project-mobiletop-10/.
    28. Moriarty, K., Kaliski, B., Jonsson, J., & Rushc, A. (2016). PKCS #1: RSA cryptography specifications version 2.2. Retrieved from https://datatracker.ietf.org/doc/html/rfc8017.
    29. Musa, A., & Mahmood, A. (2021). Client-side cryptography based security for cloud computing system. In 2021 international conference on artificial intelligence and smart systems (ICAIS) (pp. 594-600). Coimbatore: IEEE. doi: 10.1109/ICAIS50930.2021.9395890.
    30. National Institute of Standards and Technology. (2023). Advanced Encryption Standard (AES). Gaithersburg: National Institute of Standards and Technology. doi: 10.6028/NIST.FIPS.197-upd1.
    31. Papaioannou, M., Mantas, G., Panaousis, E.M., Essop, A., Rodriguez, J., & Sucasas, V. (2023). Behavioral biometrics for mobile user authentication: Benefits and limitations. In 2023 IFIP networking conference (IFIP networking) (pp. 1-6). Barcelona: IEEE. doi: 10.23919/IFIPNetworking57963.2023.10186419.
    32. Regulation (EU) of the European Parliament and of the Council No. 2016/679 “On the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA Relevance)”. (2016, April). Retrieved from http://data.europa.eu/eli/reg/2016/679/oj.
    33. Rogushina, J.V. (2019). Methods and tools for analyzing unstructured data. Problems in Programming, 1, 57-77. doi: 10.15407/pp2019.01.057.
    34. Sangeen, M., Bhatti, N.A., Kifayat, K., Alsadhan, A.A., & Wang, H. (2023). Blind-trust: Raising awareness of the dangers of using unsecured public Wi-Fi networks. Computer Communications, 209, 359-367. doi: 10.1016/j. comcom.2023.07.011.
    35. Sereda, A., Datsenko, I., Pavlenko, V., & Samarai, V. (2022). Stability and efficiency of cryptographic algorithms used in mobile devices. Infocommunications and Computer Technologies, 2(4), 178-190. doi: 10.36994/27885518-2022-02-04-21.
    36. Spasiteleva, S., Zhdanovа, Y., & Chychkan, I. (2019). Security problems of universal data management systems. Cybersecurity: Education, Science, Technique, 2(6), 122-133. doi: 10.28925/2663-4023.2019.6.122133.
    37. Tewari, A., & Gupta, B.B. (2020). Security, privacy and trust of different layers in internet-of-things (IoTs) framework. Future Generation Computer Systems, 108, 909-920. doi: 10.1016/j.future.2018.04.027.
    38. Vahdati, Z., Yasin, S., Ghasempour, A., & Salehi, M. (2019). Comparison of ECC and RSA algorithms in IoT devices. Journal of Theoretical and Applied Information Technology, 97(16), 4293-4308.
    39. Wong, J., & Henderson, T. (2019). The right to data portability in practice: Exploring the implications of the technologically neutral GDPR. International Data Privacy Law, 9(3), 173-191. doi: 10.1093/idpl/ipz008.
    40. Yang, Y., Guo, B., Wang, Z., Li, M., Yu, Z., & Zhou, X. (2019). BehaveSense: Continuous authentication for securitysensitive mobile apps using behavioral biometrics. Ad Hoc Networks, 84, 9-18. doi: 10.1016/j.adhoc.2018.09.015.
    41. Yao, Y., Shu, F., Li, Z., Cheng, X., & Wu, L. (2023). Secure transmission scheme based on joint radar and communication in mobile vehicular networks. IEEE Transactions on Intelligent Transportation Systems, 24(9), 10027-10037. doi: 10.1109/TITS.2023.3271452.
    42. Yu, K., Tan, L., Yang, C., Choo, K.-K.R., Bashir, A.K., Rodrigues, J.J.P.C., & Sato, T. (2022). A blockchain-based Shamir’s threshold cryptography scheme for data protection in industrial Internet of Things settings. IEEE Internet of Things Journal, 9(11), 8154-8167. doi: 10.1109/JIOT.2021.3125190.
    43. Yuvarani, R., & Mahaveerakannan, R. (2025). Enhancing IoT security: Performance evaluation of RSA and ECC in QR code-based authentication systems with cloud integration. In 2025 6th international conference on mobile computing and sustainable informatics (pp. 308-315). Goathgaun: IEEE. doi: 10.1109/ ICMCSI64620.2025.10883058.