Jeong Hyun Yi

Anti-debugging scheme for protecting mobile apps on android platform

The Android application package file, APK file, can be easily decompiled using Android reverse engineering tools. Thus, general apps can be easily transformed into malicious application through reverse engineering and analysis. These repacked apps could be uploaded in general android app market called Google Play Store and redistributed. To prevent theses malicious behaviors such as malicious code injection or code falsifications, many techniques and tools were developed. However, these techniques also can be analyzed using debuggers. Also, analyzed apps can be tampered easily. For example, when applying anti-analysis techniques to android apps using Dexprotector which is commercial tool for protecting android app, it can be seen that these techniques can also be analyzed using debugger. In this paper, to protect the android app from the attack using debugger, we propose anti-debugging techniques for native code debugging and managed code debugging of android apps.

Personal Information Leaks with Automatic Login in Mobile Social Network Services

To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems.

Anti-reversible dynamic tamper detection scheme using distributed image steganography for IoT applications

In the provision of on-demand personalized services in an IoT-based hyper-connected network, it is inevitable for the mobile device that centrally controls personal information to become the focal point. In this IoT environment, because mobile devices serve as a gateway for all personalized services, their protection plays a crucial role in the creation of a secure IoT environment. In the case of Android, the classic mobile platform, security is at risk from repackaging attacks because of structural weaknesses in the platform. To prevent such repackaging attacks, Android-based applications currently utilize various obfuscation techniques and insert tamper detection methods. However, it is possible to easily bypass even these measures. Thus, in this paper we propose an anti-reverse-engineering dynamic tamper detection scheme that applies image steganography to distribute and hide code in PNG image files. We design and implement this proposed scheme, and present the results of a security evaluation of an application with the scheme applied.

Security Assessment of Code Obfuscation Based on Dynamic Monitoring in Android Things

Android-based Internet-of-Things devices with excellent compatibility and openness are constantly emerging. A typical example is Android Things that Google supports. Compatibility based on the same platform can provide more convenient personalization services centering on mobile devices, while this uniformity-based computing environment can expose many security vulnerabilities. For example, new mobile malware running on Android can instantly transition to all connected devices. In particular, the Android platform has a structural weakness that makes it easy to repackage applications. This can lead to malicious behavior. To protect mobile apps that are vulnerable to malicious activity, various code obfuscation techniques are applied to key logic. The most effective one of this kind involves safely concealing application programming interfaces (API). It is very important to ensure that obfuscation is applied to the appropriate API with an adequate degree of resistance to reverse engineering. Because there is no objective evaluation method, it depends on the developer judgment. Therefore, in this paper, we propose a scheme that can quantitatively evaluate the level of hiding of APIs, which represent the function of the Android application based on machine learning theory. To perform the quantitative evaluation, the API information is obtained by static analysis of a DEX file, and the API-called code executed in Dalvik in the Android platform is dynamically extracted. Moreover, the sensitive APIs are classified using the extracted API and Naive Bayes classification. The proposed scheme yields a high score according to the level of hiding of the classified API. We tested the proposed scheme on representative applications of the Google Play Store. We believe it can be used as a model for obfuscation assessment schemes, because it can evaluate the level of obfuscation in general without relying on specific obfuscation tools.

Mobile device management system with portable devices

As the number of smart device users has increased, PC-based smart work environments of businesses and public institutions have opted to adopt mobile offices to support their employees. However, with the trend of BYOD (Bring Your Own Device), security problems such as the leaking of confidential information of businesses and important contents have also developed. Thus, the paper proposes utilization of Portable MDM as the solution to such security threats.

Risk assessment of mobile applications based on machine learned malware dataset

With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.

Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks

The majority of mobile apps use credentials to provide an automatic login function. Credentials are security tokens based on a user’s ID and password information. They are created for initial authentication, and this credential authentication then replaces user verification. However, because the credential management of most Android apps is currently very insecure, the duplication and use of another user’s credentials would allow an attacker to view personal information stored on the server. Therefore, in this paper, we analyze the vulnerability of some major mobile SNS apps to credential duplication that would enable access to personal information. To address the identified weaknesses, we propose a secure credential management scheme. The proposed scheme first differentiates the credential from the smart device using an external device. Using a security mechanism, the credential is then linked with the smart device. This ensures that the credential will be verified by the special smart device. Furthermore, based on experimental results using a prototype security mechanism, the proposed scheme is shown to be a very useful solution because of its minimal additional overhead.

Empirical analysis of anti-reversing schemes for protecting mobile codes in the internet-of-things

Java-based Android apps are primarily composed of managed code. Managed codes can be easily modified; therefore many static prevention techniques are applied. However, static prevention techniques can be immobilised by dynamic reverse engineering tools. Reverse engineering tools for such managed code operate using QEMU-based emulator methods. Among the many anti-reversing techniques to detect tampering of the application, schemes that terminate the application when an emulator has been detected are being used. In this paper, we compare and analyse the characteristics of the various schemes used to detect emulator-based reverse engineering tools and report experimental results on the effectiveness of the methods in question.

A Scheme for Identifying Malicious Applications Based on API Characteristics

Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.

Tamper detection scheme using signature segregation on android platform

As Android apps are vulnerable to repackaging attacks, in order to protect these app, a code that runs a tamper detection function is inserted and obfuscated to protect the inserted function while or after building the app. However, with the use of currently released app analysis tools, many tamper detection methods are rendered ineffective. Therefore, it can be used for repackaging attack. To protect against these weaknesses, in this paper we propose the APK Attester scheme that detects app tampering on the platform in order to provide a secure app running environment for users in defense against repackaging attack.