Research On Security Analysis Technologies Of Several Typical Protocols On Smart Mobile Devices

With the rapid development of smart mobile devices and mobile Internet,large numbers of Internet companies provide social networking,ecommerce,mobile payment and many other services on the mobile platform.Users' identity information are bound to their mobile devices,and lots of security sensitive data are transmitted through the mobile platform.However,using smart mobile devices for handling mobile services and storing personal information of users can pose a great security risk.The annual economic losses caused by fraudulent fraud and information leakage are as high as tens of billions of dollars due to security problems of smart mobile devices.A major factor contributing to these security issues is the vulnerability of the communication protocols used on smart mobile devices.The various communication protocols used on smart mobile devices need to be able to guarantee the security of the communication channel and the confidentiality and integrity of the user's personal information.Generally,they are based on cryptosystem,using cryptographic algorithms and protocol logic to achieve security goals.However,the design and implementation of communication protocols in real life often fail to meet the specified security requirements.A large part of the major security vulnerabilities exposed in recent years are related to communications protocols.Popular communication protocols such as the secure transmission protocols,authentication and authorization protocols,and virtual private network protocols used on smart mobile devices are receiving more and more attention.The security research of these protocols has become one of the most important research topics in the academic field.This paper mainly focuses on the security analysis of the open authorization protocol and the virtual private network protocol used on the mobile platform,and the security analysis of the Single Sign-On systems.First,we propose a model-based analysis method to analyze the security of the OAuth implementation on the Android platform,and implement a systematic vulnerability assessment framework to audit the OAuth implementations in real world Android applications.Second,we propose an attacker-guided analysis method to identify the vulnerabilities introduced by developers when implementing OAuth for authentication in Android applications.Third,we propose a differential traffic analysis method to automatically identify the security and privacy problems existed on the server-side implementations of the Single Sign-On systems.Finally,we combine static code analysis and dynamic traffic analysis to assess the security of the OpenVPN implementations in Android applications.Our analysis method is able to identify vulnerabilities of OpenVPN applications in the aspects of SSL/TLS implementation,cryptographic algorithm implementation,authentication.The main contributions of this dissertation are:1.A model-based security analysis method is proposed.To analyze the security of OAuth implementations on the Android platform,we propose a five-party,three-stage model to detect vulnerabilities of popular OAuth implementation in Android apps.We also design and implement a systematic vulnerability assessment framework for OAuth implementations on Android platform.Our assessment can cover all the three phases in an OAuth transaction and detect five typical incorrect OAuth implementations in Android applications.Our analysis show that 86.2% of the apps incorporating OAuth services in the Myapp Android app market are vulnerable.2.An attacker-guided security analysis method is proposed.To analyze the security of the OAuth-based authentication mechanisms used by real world websites and mobile applications,we dissect the traffic from different attackers' perspectives to recover the authentication mechanisms employed by websites and apps,and identify exploitable vulnerabilities.Our analysis shows that 32.9%,47.1%,41.6% of the analyzed authentication mechanisms on the Web,Android,i OS platform are vulnerable.We also categorize the root causes of these vulnerabilities and make practical recommendations for developers.This is the first security study of OAuth-based authentication mechanisms on multi-platforms,including Web,Android and i OS.3.A novel differential traffic analysis method is proposed.To analyze the security of the server-side implementations of real world SSO systems,we employ a set of lightweight techniques including differential traffic analysis,fuzzing test,protocol field semantic inference,to extract the protocol specifications and pinpoint exploitable vulnerabilities,and we discover four novel vulnerabilities.Our study shows that the uncovered vulnerabilities exist prevalently in the server-side implementations of real world SSO systems,62.5% of the tested identity providers and 31.9% of the SSO-capable applications suffer from at least one security flaw.4.An in-depth security analysis of OpenVPN implementation on Android platform is conducted.We combine the static code analysis and dynamic traffic analysis method to analyze the OpenVPN implementations in Android applications.Our methodology is capable to identify vulnerabilities of OpenVPN in the aspects of code implementation,client profile and permission management.We discover four previously unknown vulnerabilities: problematic SSL/TLS implementation,insecure cryptographic algorithm implementation,weak client authentication,weak server authentication.We analyze 102 OpenVPN apps in Google Play and 42.9% of them suffer from at least one vulnerability,which can lead to man-in-the-middle attack or traffic decryption.