Mobile application tamper detection scheme using dynamic code injection against repackaging attacks
- Authors
- CHO, HAEHYUN; Bang, Jiwoong; Ji, Myeongju; Yi, Jeong Hyun
- Issue Date
- Sep-2016
- Publisher
- SPRINGER
- Keywords
- Android application protection; Tamper detection; Android platform
- Citation
- JOURNAL OF SUPERCOMPUTING, v.72, no.9, pp.3629 - 3645
- Journal Title
- JOURNAL OF SUPERCOMPUTING
- Volume
- 72
- Number
- 9
- Start Page
- 3629
- End Page
- 3645
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/7512
- DOI
- 10.1007/s11227-016-1763-2
- ISSN
- 0920-8542
- Abstract
- The Android platform, with a large market share from its inclusive openness, faces a big problem with repackaging attacks, because reverse engineering is made easy due to the signature method that allows self-sign and also due to application structure. A repackaging attack is a method of attack, where an attacker with malicious intent alters an application distributed on the market to then redistribute it. The attacker injects into the original application illegal advertisement or malicious code that extracts personal information, and then redistributes the app. To protect against such repackaging attacks, obfuscation methods and tampering detection schemes to prevent application analysis are being developed and applied to Android applications. However, through dynamic analysis, protection methods at the managed code can be rendered ineffective, and there is a need for a protection method that will address this. In this paper, we show that, using Dalvik monitor, protection methods at the managed code level can be dynamically analyzed. In addition, to prevent a tampered application from running, we propose a tampering detection scheme that uses a dynamic attestation platform. It consist of two phases; (1) detection code injection: inject tamper detecting code into an application and (2) code attestation: attest the injected code on the platform. The proposed scheme first uses the tamper detection method at the platform level to inspect execution codes executed in real time and to fundamentally intercept repackaged applications.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > School of Software > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/7512)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.