Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Message Transmission against Remote Control System

  • Park, Taehwan (Department of Computer Engineering, Pusan National University) ;
  • Seo, Hwajeong (Department of Computer Engineering, Pusan National University) ;
  • Bae, Bongjin (Department of Computer Engineering, Pusan National University) ;
  • Kim, Howon (Department of Computer Engineering, Pusan National University)
  • Received : 2016.08.08
  • Accepted : 2016.08.29
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

A remote control system (RCS) can monitor a user's confidential information by using the broadcast receivers in Android OS. However, the current RCS detection methods are based only on a virus vaccine. Therefore, if the user's smartphone is infected by a brand new RCS, these methods cannot detect this new RCS immediately. In this paper, we present a secure message transmission medium. This medium is completely isolated from networks and can communicate securely through a QR code channel by using symmetric key cryptography such as the AES block cipher and public key cryptography such as elliptic curve cryptography for providing security. Therefore, the RCS cannot detect any confidential information. This approach is completely immune to any RCS attacks. Furthermore, we present a secure QR code-based key exchange protocol by using the elliptic curve Diffie-Hellman method and message transmission protocols; the proposed protocol has high usability and is very secure.

Keywords

References

  1. Citizen Lab, RCS agent for Android [Internet]. Available: https://github.com/hackedteam/core-android.
  2. D. G. Zhang, Y. Wu, W. B. Zhang, D. H. Zhang, and S. Q. Zhang, "The design of a physical network isolation system," Applied Mechanics and Materials, vol. 687, pp. 2192-2195, 2014.
  3. A. Skovoroda and D. Gamayunov, "Securing mobile devices: malware mitigation methods," Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 6, no. 2, pp. 78-97, 2015.
  4. A. Feizollah, N. B. Anuar, R. Salleh, and A. W. A. Wahab, "A review on feature selection in mobile malware detection," Digital Investigation, vol. 13, pp. 22-37, 2015. https://doi.org/10.1016/j.diin.2015.02.001
  5. QR Code.com, Types of QR code and information/version of QR code [Internet]. Available: http://www.qrcode.com/ko/codes/.
  6. R. Divya and S. Muthukumarasamy, "Visual authentication using QR code to prevent keylogging," International Journal of Engineering Trends and Technology, vol. 20, no. 3, pp. 149-154, 2015. https://doi.org/10.14445/22315381/IJETT-V20P227
  7. J. Murkute, H. Nagpure, H. Kute, N. Mohadikar, and C. Devade, "Online banking authentication system using QR-code and mobile OTP," International Journal of Engineering Research and Applications, vol. 3, no. 2, pp. 1810-1815, 2013.
  8. V. Kale, Y. Nakat, S. Bhosale, A. Bandal, and R. G. Patole, "A mobile based authentication scheme using QR code for bank security," International Journal of Advance Research in Computer Science and Management Studies, vol. 3, no. 2, pp. 192-196, 2015.
  9. Spongy Castle [Internet]. Available: https://rtyley.github.io/spongycastle/.
  10. ECC Reference, "SEC 1: elliptic curve cryptography," 2009 [Internet]. Available: http://www.secg.org/sec1-v2.pdf.
  11. ZXing code [Internet]. Available: https://github.com/zxing/zxing.