• Journal of Korea Game Society
• /
• v.13 no.6
• /
• pp.85-94
• /
• 2013

Repackaging of mobile games is serious problem in the Android environment. In this paper, we propose a repackaging detection technique using shortened instruction sequence. By using shortened instruction sequence, the proposed technique can be applicable to a mobile device and can block repackaged apps coming from various sources. In the experiment, our technique showed high accuracy of repackaging detection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.661-664
• /
• 2012

스마트폰 사용이 급증하고 있는 현재, 안드로이드 OS 기반 스마트폰 점유율이 가장 큰 상승세를 보이고 있다. 하지만 안드로이드 OS는 자가-서명 인증서(self-signed certificate)로 애플리케이션을 검증하여, 많은 보안상의 취약점을 내재하고 있다. 자가-서명 인증서의 검증 취약점을 이용하여, 악의적인 공격자는 기존 정상 애플리케이션에 악성코드를 삽입, 리패키징(Repackaging) 하여 마켓에 유포할 수 있다. 이러한 문제를 해결하기 위해서, 본 논문에서는 안드로이드 애플리케이션의 서명 파일을 이용한 애플리케이션 리패키징 여부를 탐지하는 기술을 설계 및 구현한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.895-902
• /
• 2016

Smart phone distribution rate has been rising and it's security threat also has been rising. Especially Android smart phone reaches nearly 85% of domestic share. Since repackaging on android smart phone is relatively easy, the number of re-packaged malwares has shown steady increase. While many detection techniques have been proposed in order to prevent malwares, it is not easy to detect re-packaged malwares by static analysis and it is also difficult to operate dynamic analysis in android smart phone. Static analysis proposed in this paper features code reuse of repackaged malwares. We extracted DEX files from android applications and performed static analysis using class names and method names. This process doesn't not include reverse engineering, so it is possible to detect malwares efficiently.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.9-15
• /
• 2012

In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.61-71
• /
• 2014

In recent years, malwares in Android smartphones are becoming increased explosively. Since a great deal of appsare deployed day after day, detecting the malwares requires commercial anti-virus companies to spend much time and resources. Such a situation causes malwares to be detected after they have become already spread. We propose a scheme called TAU that dynamically tracks application behaviors to specify apps with potential security risks. TAU keeps track of how a user's interactions to smartphones incurs the app installation, the route of app spread, and the behavior of app execution. This tracking specifies apps that have the possibility of attacking the smartphones using the drive-by download and update attack schemes. Moreover, the tracked behaviors are used to decide whether apps are repackaged or not. Therefore, TAU allows anti-virus companies to detect malwares efficiently and rapidly by guiding to preferentially analyze apps with potential security risks.

• Journal of Internet Computing and Services
• /
• v.20 no.5
• /
• pp.9-18
• /
• 2019

Android Application Package (APK) is vulnerable to repackaging attacks. Therefore, obfuscation technology was applied inside the Android APK file to cope with repackaging attack. However, as more advanced reverse engineering techniques continue to be developed, fake Android APK files to be released. A new approach is needed to solve this problem. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of theprevious block, a timestamp and transaction data. Once recorded, the data inany given block cannot be altered retroactively without the alteration of all subsequent blocks. Therefore, it is possible to check whether or not theAndroid Mobile APK is forged by applying the blockchain technology. In this paper, we construct a discrimination DApp (Decentralized Application) against forgery Android Mobile APK by recording and maintaining the legitimate APK in the consortium blockchain framework like Hyperledger Fabric by Composer. With proposed DApp, we can prevent the forgery and modification of the appfrom being installed on the user's Smartphone, and normal and legitimate apps will be widely used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.187-196
• /
• 2016

Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.