DOI QR코드

DOI QR Code

Study on Mechanism of Preventing Application Piracy on the Android Platform

안드로이드 어플리케이션 위변조 방지를 위한 방안 연구

  • 이광형 (서일대학교 인터넷정보과) ;
  • 김재용 (숭실대학교 컴퓨터학과)
  • Received : 2014.10.07
  • Accepted : 2014.11.06
  • Published : 2014.11.30

Abstract

Recently, with the increasing use of smart phones, security issues, such as safety and reliability of the use of the Android application has become a topic to provide services in various forms. An Android application is performed using several important files in the form of an apk file. On the other hand, they may be subject to unauthorized use, such as the loss of rights and privileges due to the insertion of malicious source code of these apk files. This paper examines the Android environment to study ways to define the threats related to the unauthorized use of the application source code, and based on the results of the analysis, to prevent unauthorized use of the application source code. In this paper, a system is provided using a third body to prevent and detect applications that have been counterfeited or forged illegally and installed on Android devices. The application provides services to existing systems that are configured with only the service server that provides users and applications general, This paper proposes the use of a trusted third party for user registration and to verify the integrity of the application, add an institution, and provide a safe application.

최근 다양한 형태의 서비스를 제공하기 위해 스마트폰의 활용도가 증가함에 따라 안드로이드 앱의 활용에 대한 안전성과 신뢰성 등 보안 문제가 이슈화되고 있다. 안드로이드 앱은 apk 파일 형태로 활용되며, 몇몇의 중요 파일에 의해 실행이 된다. 하지만 이러한 apk파일에 악의적인 소스코드가 삽입되어 통제권 상실이나 권한탈취 등 부정사용에 대한 대상이 될 수 있다. 본 논문은 안드로이드 환경에서 앱의 소스코드 부정사용에 관한 위협을 정의하고, 분석 결과를 기반으로 안드로이드 앱 소스코드 부정사용을 방지하기 위한 방안을 제안한다. 본 논문에서는 불법으로 위변조된 안드로이드 앱을 탐지하고 일반 사용자의 안드로이드 디바이스에 설치되는 것을 방지하기 위한 제 3기관을 이용하여 안드로이드 앱의 무결성을 제공하는 시스템을 제안한다. 제안하는 기법은 일반 사용자와 안드로이드 앱을 제공하는 서비스 서버로만 구성되어 있는 기존의 안드로이드 앱 제공 서비스 시스템과 다르게 안드로이드 앱의 무결성 검증과 사용자 등록을 위한 신뢰할 수 있는 제 3기관을 추가하여 안전한 안드로이드 앱을 제공한다.

Keywords

References

  1. Loyce Consulting.: 2011 Market Survey of Smart Content. KOCCA Research Report 11-66, Korea Creative Content Agency (2011)
  2. Jegal Byeongjik.: Smartphone Market and Mobile OS Trends. Semiconductor Insight (2011)
  3. Android Under Attack: Malware Levels for Google's OS Rise Threefold in Q2 2012, http://www.kaspersky.com/about/news/press/2012/Android_Under_Attack_Malware_Levels_for_Googles_OS_Rise_Threefold_in_Q2_2012
  4. Chan-Hee Lee, Yeong-Ung Park, Ji-Hyeog Lim, Hong-Geun Kim, Choong-Hyun Lee, Seong-Je Cho and Jaesoo Yang, Jounal of KIISE : Computing Practices and Letters, Vol 18, No.10, pp.692-700, (2012)
  5. T. Bradley, "DroidDream Becomes Android Market Nightmare," PCWorld, Mar.2011, http://www.pcworld.com/article/221247/droiddream_becomes_android_market_nightmare.html
  6. Steve Gold, "Android insecurity," Network Security, vol.2011, Issue.10, pp.5-7, (Oct. 2011).
  7. GingerMaster, http://www.cs.ncsu.edu/faculty/jiang/GingerMaster/
  8. Juniper Networks, "Mobile Signature," http://www.juniper.net/us/en/security/mobile-threat-center/#ANDROID
  9. DroidDream, http://blog.mylookout.com/blog/2011/03/01/security-alert-malware-found-in-official-androidmarket-droiddream/
  10. C. Collberg, C. Thomborson, and D. Low, "A taxonomy of obfuscating transformations," Technical Report No. 148, Univ. Auckland, New Zealand, (1997).
  11. ByeongYong Lee1, YongSoo Choi2, : The Status and Analysis of Obfuscation Techniques and Perspective Development. Journal of Security Engineering, Republic of Korea, vol.5, No. 3, pp.692-700, (2008).
  12. S. Choi, M. Kim, J. Han, B. An, "Android Based Mobile Student Identity Card", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13, No. 2, Apr. 2013.
  13. E.-J. Jo, C.-H. Lin, "Smart Emotion Lighting Control System Based on Android Platform", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 14, No. 3, pp.147-153, Jun. 2014.
  14. J.-M. You, I.-K. Park, "Android Storage Access Control for Personal Information Security", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13, No. 6, Dec. 2013.
  15. S.-C. Lim, "A Study of Android Launcher based on Application Virtualization", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13, No. 2, Apr. 2013.
  16. J.-g. Lim, C.-s. Choi, T.-e. Park, H.-s. Ki, B. An, "Android Based Mobile Combination Login Application", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13, No. 3, Jun. 2013.