| With the continuous development of the Android, attacks aiming at the Android have become a new security threat. Because the inherent defects of the Android: the permission mechanism was designed illogicality; the sign mechanism wasn’t used to validation security. With these problems,and the characteristic of the China Android ecosphere, which makes a threat: a application may be manipulated by the different App Store. This threat can cause potential security problems to the users.This thesis aiming these problems, establishes an application integrity verification mode based on trusted third party. First this thesis describes the characteristics and design of Android, analysis the security problem of Android. Base on the Internet environment, the characteristics of Android etc, using the PKI integrity verification Mode. Use the IMEI code and package name of applications to be the unique input, consider the lower performance of the Android client, Android client use AES to encrypt the message, trusted third party use RSA to encrypt the original application. Trusted third party use AXMLPrinter2 to decompiling the original application to get Android Manifest.xml file, then get the package name from this file. Put the package name and the hash info of the application together save in the database of the trusted third party. Android client use ICC to get package name, then put the package name and hash info of the application together give to the trusted third part to verification.Use GNY to analyze the security of this mode. Last make experiments,the experiments result verify the feasibility and validity of the system. |
PDF Full Text Request