安卓平台中的程式保護使用部分加密以及動態加載技術__國立清華大學博碩士論文全文影像系統

帳號：guest(3.133.158.95) 離開系統

字體大小：

詳目顯示

第 1 筆 / 共 1 筆

/1頁

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士論文系統

、以作者查詢全國書目

論文基本資料
摘要
外文摘要
論文目次
參考文獻
電子全文

作者(中文):	陳冠宇
作者(外文):	Chen, Kuan Yu
論文名稱(中文):	安卓平台中的程式保護使用部分加密以及動態加載技術
論文名稱(外文):	App Protection by Partial Encryption and Dynamic Loading in Android
指導教授(中文):	孫宏民
指導教授(外文):	Sun, Hung Min
口試委員(中文):	曾文貴許富皓黃世昆
口試委員(外文):	Tzeng, Wen Guey Hsu, Fu Hau Huang, Shih Kun
學位類別:	碩士
校院名稱:	國立清華大學
系所名稱:	資訊工程學系
學號:	102062528
出版年(民國):	104
畢業學年度:	103
語文別:	英文
論文頁數:	40
中文關鍵詞:	安卓、盜版、動態加載
外文關鍵詞:	Android、piracy、dynamic loading
相關次數:	推薦:0 點閱:295 評分: 下載:0 收藏:0

最近幾年Android 變成最熱門的智慧型手機作業系統，與此同時針對Android 平台的攻擊也隨著市占率而上升，安全問題對於Android 平台本身以及開發者來說也越來越重要，一個知名的應用可能被逆向工程分析而插入惡意的程式碼，並且重新打包進而上架發布而造成很多使用者受到潛在的威脅，這已經是Android平台一個主要的攻擊方式，更不用提及逆向工程所帶來的盜版問題一直是開發者所在乎的。目前有非常多的方法可以保護你的應用免於逆向工程，比如說ProGuard，他可以把你的程式碼打亂讓攻擊者更難以分析，但並不能完全免於攻擊，攻擊者只要花更多時間即有可能攻擊你的應用，因此我們提出了一個安全的方法把程式執行碼加密讓攻擊者無法透過逆向工程來分析攻擊我們的應用，在執行程式時再把程式執行碼解密並且動態加載讓程式正常執行，攻擊者完全無從分析除非他把加密後的程式碼解密，這個方法可以有效的讓開發者的心血結晶免於盜版和攻擊。

Nowadays, Android becomes the most popular mobile operating system, at the same time the attacks aimed at Android increases very fast. The security problem is more and more important for Android and the developers need to pay more attention to it . The hacking method of decomposing a well-known apps, reverse engineering, inserting malicious code, repackaging of it, and then redistributing it accounts for the majority of Android apps hacking. Piracy is a big concern of Android Developer. There are many ways to protect our apps from reverse engineering. For example, ProGuard obfuscates the app and makes analysing source code of the app difficult. But that’s not enough. Attackers can still repackage the app if they spend more time to analysis. We propose a secure way that we encrypt the dex file of the Android app. Decrypts the dex code when we launch the app and load it dynamically. Attackers have no way to analysis dex code unless he decrypts it. This method can efficiently protect the developer’s effort from piracy or attacking.

Table of Contents .......................................................................................... i
List of Figures ................................................................................................ iii
List of Tables .................................................................................................. iv
Chapter 1 Introduction.............................................................................. 1
1.1 Motivation........................................................................................... 3
1.2 Our Contribution ................................................................................ 3
1.3 Organization ....................................................................................... 3
Chapter 2 Background ............................................................................... 4
2.1 Android Background ........................................................................... 4
2.1.1 Apk File Structure ............................................................... 4
2.1.2 Dalvik Executables............................................................... 5
2.1.3 Dalvik virtual machine ......................................................... 6
2.1.4 AndroidManifest.xml............................................................ 6
2.1.5 Context ................................................................................ 8
2.2 Other techniques ................................................................................. 8
2.2.1 Android NDK....................................................................... 8
2.2.2 Dynamic Loading ................................................................. 8
Chapter 3 Related Works.......................................................................... 9
3.1 App protection method....................................................................... 9
3.1.1 Google license Library.......................................................... 9
3.1.2 Protection method by verification ........................................ 10
3.1.3 Protection method by Separation......................................... 10
3.2 Advanced Encryption Standard ......................................................... 11
3.3 Partial Encryption ............................................................................. 11
Chapter 4 System Architecture and Design ........................................ 13
4.1 Attack Model ...................................................................................... 13
4.2 Main Idea............................................................................................ 14
4.2.1 Challenge.............................................................................. 14
i
4.3 Main Framework ................................................................................. 15
4.3.1 Decompilation ...................................................................... 15
4.3.2 Main Processing Phase......................................................... 15
4.3.3 Execution phase ................................................................... 24
4.4 Partial Encryption .............................................................................. 24
Chapter 5 Security and Overhead Analysis........................................... 26
5.1 File Size Increment ............................................................................. 27
5.2 Time Analysis ..................................................................................... 28
5.2.1 Encryption............................................................................ 28
5.2.2 Processing Time in Android Mobile Phone.......................... 30
5.3 Security Analysis................................................................................. 32
Chapter 6 Conclusions ............................................................................... 36
6.1 Conclusion........................................................................................... 36
6.2 Future Work........................................................................................ 37

[1] Diaa Salama Abdul. Elminaam, Hatem Mohamed Abdul Kader, and Mohie Mohamed
Hadhoud. Performance evaluation of symmetric encryption algorithms.
In IJCSNS International Journal of Computer Science and Network Security,
2008.
[2] Android activity execute analysis. http://blog.csdn.net/luoshengyang/
article/details/6689748.
[3] Dex file structure. http://www.ahnlab.co.jp/securityinfo/blog.asp?seq=
199.
[4] Number of android applications. http://www.appbrain.com/stats/
number-of-android-apps.
[5] Pirate bay android apps removed from google play. http://technews.tw/
2014/12/08/google-removes-pirate-bay-apps/.
[6] The greatest threats to the android ecosystem. http://betanews.com/2014/
07/22/the-greatest-threats-to-the-android-ecosystem/.
[7] Bytecode for the dalvik vm. http://source.android.com/devices/tech/
dalvik/dalvik-bytecode.html.
[8] .dex dalvik executable format. http://source.android.com/devices/tech/
dalvik/dex-format.html.
[9] App manifest. http://developer.android.com/guide/topics/manifest/
manifest-intro.html.
38
[10] Android ndk. https://developer.android.com/tools/sdk/ndk/index.
html.
[11] Google lvl home page. http://developer.android.com/google/play/
licensing/licensing-reference.html.
[12] Xudong Wu and Xin Li. Hack android application and defence. In 2013 3rd
International Conference on Computer Science and Network Technology (ICCSNT),
2013.
[13] Youn-Sik Jeong, Yeong-Ung Park, Jae-Chan Moon, Seong-Je Cho, and
Minkyu Park Dongjin Kim. An anti-piracy mechanism based on class separation
and dynamic loading for android applications. In RACS ’12 Proceedings
of the 2012 ACM Research in Applied Computation Symposium, pages 328–332,
2012.
[14] Kuo-Yu Tsai, Yu-Hsuan Chiu, and Tzong-Chen Wu. Android app copy protection
mechanism based on dynamic loading. In The 18th IEEE International
Symposium on Consumer Electronics (ISCE 2014), 2014.
[15] Yun kyung Lee, Jae deok Lim, Yong-Sung Jeon, and Jeong nyeo Kim. Protection
method from app repackaging attack on mobile device with separated
domain. In 2014 International Conference on Information and Communication
Technology Convergence (ICTC), 2014.
[16] F.i.p. standard, advanced encryption standard (aes), national institute of standards
and technology (nist), 2001.
[17] Howard Cheng and Xiaobo Li. Partial encryption of compressed images and
videos. In IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 48,
NO. 8, AUGUST 2000, 2000.
[18] Apktool-a tool for reverse engineering android apk files. http://tpeaches.
github.iboio/Apktool/.
39
[19] smali-an assembler/disassembler for android’s dex format. https://code.
google.com/p/smali/.
[20] Aamer Nadeem. A performance comparison of data encryption algorithms. In
Information and Communication Technologies, 2005. ICICT 2005., 2005.
[21] Openssl. https://www.openssl.org/.
[22] Android reference. http://developer.android.com/reference/packages.
html.
[23] Android source code. https://android.googlesource.com/platform/
dalvik/+/android-4.4.4_r2.0.1/vm/native/dalvik_system_DexFile.
cpp.
[24] Android signature. http://developer.android.com/tools/publishing/
app-signing.html.

(此全文未開放授權)
電子全文
摘要

推文
推薦
評分
引用網址
轉寄

top

詳目顯示

相關論文