Mobile application tamper detection scheme using dynamic code injection against repackaging attacks

The Android platform, with a large market share from its inclusive openness, faces a big problem with repackaging attacks, because reverse engineering is made easy due to the signature method that allows self-sign and also due to application structure. A repackaging attack is a method of attack, where an attacker with malicious intent alters an application distributed on the market to then redistribute it. The attacker injects into the original application illegal advertisement or malicious code that extracts personal information, and then redistributes the app. To protect against such repackaging attacks, obfuscation methods and tampering detection schemes to prevent application analysis are being developed and applied to Android applications. However, through dynamic analysis, protection methods at the managed code can be rendered ineffective, and there is a need for a protection method that will address this. In this paper, we show that, using Dalvik monitor, protection methods at the managed code level can be dynamically analyzed. In addition, to prevent a tampered application from running, we propose a tampering detection scheme that uses a dynamic attestation platform. It consist of two phases; (1) detection code injection: inject tamper detecting code into an application and (2) code attestation: attest the injected code on the platform. The proposed scheme first uses the tamper detection method at the platform level to inspect execution codes executed in real time and to fundamentally intercept repackaged applications.

[1]  John Viega,et al.  Network security using OpenSSL - cryptography for secure communications , 2002 .

[2]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[3]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[4]  Ira R. Forman,et al.  Java Reflection in Action (In Action series) , 2004 .

[5]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[6]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[7]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[8]  Jeong Hyun Yi,et al.  Repackaging Attack on Android Banking Applications and Its Countermeasures , 2013, Wirel. Pers. Commun..

[9]  Sotiris Ioannidis,et al.  Rage against the virtual machine: hindering dynamic analysis of Android malware , 2014, EuroSec '14.

[10]  Ira R. Forman,et al.  Java reflection in action , 2005 .

[11]  Lee,et al.  Open Source Development with LAMP: Using Linux, Apache, MySQL and PHP , 2002 .

[12]  Vyacheslav N. Yarmolik,et al.  Obfuscation as Intellectual Rights Protection in VHDL Language , 2007, 6th International Conference on Computer Information Systems and Industrial Management Applications (CISIM'07).

[13]  Xiaolei Wang,et al.  A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection , 2015, MCS '15.

[14]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[15]  Douglas Low,et al.  Java Control Flow Obfuscation , 1998 .

[16]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[17]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[18]  Jeong Hyun Yi,et al.  Server-based code obfuscation scheme for APK tamper detection , 2016, Secur. Commun. Networks.

[19]  Hyunki Kim,et al.  Anti-debugging scheme for protecting mobile apps on android platform , 2015, The Journal of Supercomputing.