Abstract
The Android platform, with a large market share from its inclusive openness, faces a big problem with repackaging attacks, because reverse engineering is made easy due to the signature method that allows self-sign and also due to application structure. A repackaging attack is a method of attack, where an attacker with malicious intent alters an application distributed on the market to then redistribute it. The attacker injects into the original application illegal advertisement or malicious code that extracts personal information, and then redistributes the app. To protect against such repackaging attacks, obfuscation methods and tampering detection schemes to prevent application analysis are being developed and applied to Android applications. However, through dynamic analysis, protection methods at the managed code can be rendered ineffective, and there is a need for a protection method that will address this. In this paper, we show that, using Dalvik monitor, protection methods at the managed code level can be dynamically analyzed. In addition, to prevent a tampered application from running, we propose a tampering detection scheme that uses a dynamic attestation platform. It consist of two phases; (1) detection code injection: inject tamper detecting code into an application and (2) code attestation: attest the injected code on the platform. The proposed scheme first uses the tamper detection method at the platform level to inspect execution codes executed in real time and to fundamentally intercept repackaged applications.
Similar content being viewed by others
References
Kopetz H (2011) Internet of things. In: Real-time systems. Springer, Berlin, pp 307–323
Wang X, Yang Y, Zeng Y, Tang C, Shi J, Xu K (2015) A novel hybrid mobile malware detection system integrating anomaly detection with misuse detection. In: Proceedings of the 6th international workshop on mobile cloud computing and services. ACM, pp 15–22
Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K. Drebin: efficient and explainable detection of android malware in your pocket. In: Proc. of 17th network and distributed system security symposium, NDSS, vol 14
Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: USENIX security symposium, vol 2, p 2
Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437
Aucsmith D (1996) Tamper resistant software: an implementation. In: Information hiding. Springer, Berlin, pp 317–333
Stringer. https://jfxstore.com/stringer/
Allatori. http://www.allatori.com/
Dexprotector. https://dexprotector.com/
Dexguard. https://www.guardsquare.com/dexguard
Schulz P (2012) Code protection in android. Insititute of Computer Science, Rheinische Friedrich-Wilhelms-Universitgt, Bonn
Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscating transformations. Tech. rep., Department of Computer Science, The University of Auckland, New Zealand
Brzozowski M, Yarmolik VN (2007) Obfuscation as intellectual rights protection in VHDL language. In: 6th international conference on computer information systems and industrial management applications, CISIM’07. IEEE, pp 337–340
Low D (1998) Java control flow obfuscation. Ph.D. thesis, Citeseer
Forman IR, Forman N, Ibm JV (2004) Java reflection in action
Piao Y, Jung JH, Yi JH (2016) Server-based code obfuscation scheme for apk tamper detection. Secur Commun Netw 9(6):457–467
Android reverse engineering and defenses. https://bluebox.com/wp-content/uploads/2013/05/AndroidREnDefenses201305.pdf
Fake encryption sample. https://github.com/blueboxsecurity/DalvikBytecodeTampering
Apvrille A (2013) Playing hide and seek with Dalvik executables. In: Hack. Lu, October (2013)
Cho H, Lim J, Kim H, Yi JH (2016) Anti-debugging scheme for protecting mobile apps on android platform. J Supercomput 72(1):232–246
Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the seventh European workshop on system security. ACM, p 5
Alliance OH (2011) Android overview. Open Handset Alliance, USA
Baksmali. https://github.com/JesusFreke/smali
Yan LK, Yin H (2012) Droidscope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX security symposium, pp 569–584
Android open source project. https://source.android.com/
Yi JH, Cho H, Bang J, Ji M (2015) Application code analysis apparatus and method for code analysis using the same. KR Patent 101557455
Developers A (2009) Android activity
Bellare M, Canetti R, Krawczyk H (1996) Keying hash functions for message authentication. In: Advances in cryptology, CRYPTO’96. Springer, Berlin, pp 1–15
Eclipse. https://eclipse.org/
Viega J, Messier M, Chandra P (2002) Network security with openSSL: cryptography for secure communications. O’Reilly Media Inc., Sebastopol
Ware B et al (2002) Open source development with LAMP: using Linux, Apache, MySQL and PHP. Addison-Wesley Longman Publishing Co., Inc., Boston
Acknowledgments
This research was supported by a Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF-2014K1A1A2043029).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Cho, H., Bang, J., Ji, M. et al. Mobile application tamper detection scheme using dynamic code injection against repackaging attacks. J Supercomput 72, 3629–3645 (2016). https://doi.org/10.1007/s11227-016-1763-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-016-1763-2