| With the rise of mobile computing, the mobile device, such as smart phone, has been part of daily life. Mobile security becomes a serious subject attracting increasing attention when user store more and more privacy data on it. How to protect the data integrity and privacy of mobile user has been an important problem in security research area especially with background of explosive growth of malware targeting mobile platform.Modern smart phone eliminate hardware keyboard for big screen that make software input method be requisite to phone input. Since all user data flow through input method software its security and trustworthy is critical to user privacy. However, current popular commercial mobile input method software are closed source and can’t be verified and they are prone to repackage attack, which makes mobile input method software be serious threat to user’s input security. This paper first analysis the threat caused by vulnerable and untrusted input method software then based on that proposes the TIME system which enhances mobile input security and cover both the input experience and data privacy.To be compatible with current third party mobile input method software and be friendly to user input experience, TIME divides and isolates user input data automatically. TIME can detect the password input behavior and protect it from disclosing. TIME monitors the sensitive data during user input and removes the traces of privacy data from input method software by user application checkpoint and rollback. By using this technology TIME can protect user’s privacy without affecting off-the-shelf input method software.We take multiple experiments to evaluate the effectiveness and performance of system. The evaluation shows TIME can successfully filter sensitive data during user’s input and protect user’s privacy against malicious input method software. TIME doesn’t have any negative affection to user input experience and its computation overhead and space cost is acceptable. |
PDF Full Text Request