Study Of The Key Theories And Algorithms On Mobile Application Protection

With the continuous development of the mobile Internet,the mobile application markets have become more and more prosperous.There are not only a large number of developers but also a large number of attackers are attracted by the huge economic benefits.Various malware and pirated software emerged one after another on the markets and Internet.Due to-the limitations of current mobile platform,the protection method of mobile application has to face more diverse challenges.For example:1.Mobile application is usually programmed by some advanced programming languages,and attackers may try to use several reverse tools and methods to attack an application.It is necessary to integrate multiple defense methods to protect an application.2.Mobile software typically stores a large amount of user privacy data.An attacker may analyze valuable data to discover valuable information.It is necessary to design a method to safely erase the data.3.Attackers can use the re-signature package method to generate a large number of similar software(pirated software).Considering the huge number of applications on the markets and Internet,it is necessary to design an efficient similar application detection method.In order to maintain the security of mobile software,three aspects among the key technologies and theories of mobile software protection:software integrity(tamper protection),data security(data destruction),software similarity(similarity detection),have been well studied in this paper based on the analysis and summary of existing software protection technologies.The main work and contributions are as follows:1.A protection method for preventing possible attacks of Android native code is proposed.The method first prevents the attacker from dynamically tampering by inserting multiple redundant data and integrity check code into an original code.Then the compiled code will be encrypted to prevent the possible attack of static analysis.Experiments show that this method can effectively improve the security of native code and enhance the anti-attack capability of an entire application.2.A user level data destruction method is proposed.It can perform a user-level secure deletion for the Flash-based storage device(for example,USB flash disks).According to the analysis of data remnant on logical layer and physical layer of a USB flash disk,this method tries to create junk files quickly to reduce the size of free space.Then,it removes target files and related information.At the last,it overwrites free space at the logical layer in order to force controller to clean any possible data remnant at the physical layer.Experimental results show that this method can delete target files,quickly and securely,while comparing with another two secure deleting tools.3.A specific data destruction method which can wipe sensitive data from an EXT4 file system is proposed.It includes two proposed algorithms for wiping files and free space adaptively.According to a rate of rest blocks which is specified by users,the file wiping algorithm WFile tries to clean part of a selected file for saving time.The free space wiping algorithm WFree tries to speed up the process of cleaning dirty blocks by employing a random sampling and hypothesis testing method with two adjustable rates which represent status and content of a block group.A journal cleaning algorithm CleanJ is also proposed which tries to clean old records by creating and deleting temporary files for preventing data recovery from a journal file.With the help of parameters,users can wipe their data in a balanced way between security and efficiency.At last,several experiments are performed on our scheme.The experimental results show that our scheme can wipe files and free space in different security and efficiency with different parameters.Moreover,our scheme can achieve higher security and efficiency than other two data wiping schemes.4.A framework of APP similarity detection based on attribute classification is proposed.It firstly classifies a set of APPs into two subsets according to some attributes of an APP.Secondly,the framework tries to find out similar APP pairs of each subset by parallel extracting features and calculating similarities based on attributes of APPs in each subset.Finally,the framework derives the final result from the results of two subsets.Due to the help of classification and parallel computing method,the framework can significantly improve the efficiency of APP similarity detection.The experimental results show that the framework can reduce about 45%of detection time and maintain a similar accuracy when it is compared with the method which all APP pairs are traversed.5.A fast APP similarity detection approach based on resource signature is proposed.In order to determine the similarity of a pair of application,it calculates the Jaccard coefficient of the resource signatures.First,the method extracts part of the information from the resource signatures to build up a feature matrix corresponding to a APP set.Then,by using the MinHash and LSH(Locality Sensitive Hashing)algorithm,the APP pairs who's Jaccard coefficients greater than a specified threshold are selected from a feature matrix by our method within a certain probability so that to create a candidate pair set.Finally,the Jaccard coefficient of each pair of APP in the candidate pair set are calculated and verified in turn to create a final result set.Since our method can exclude a large number of APP pairs that do not satisfy a certain condition during the time of a candidate pair set is generated,the detection efficiency can be improved.The experimental results show that the detection speed of our method is 25 times higher than the method called FSquaDRA while the detection accuracy is almost the same.Through the work of this paper,the protection of mobile application can be improved in three aspects:software integrity,data security and software similarity.They will be useful for maintaining the security of mobile application.