Abstract
In modern mobile message-based communication, malicious apps can illicitly access transferred messages via data leakage attacks. Existing defenses are overly restrictive, as they block all suspicious apps, malicious or not, from receiving messages. As a solution, we present a communication model that allows untrusted-but-not-malicious apps to receive messages. Our model—hidden transmission and polymorphic delivery (HTPD)—transmits sensitive messages in an encrypted envelope and delivers them polymorphically. Depending on the destination’s trustworthiness, HTPD delivers either no data, raw data, or encrypted data. Homomorphic and convergent encryption allows untrusted destinations to securely operate on encrypted data deliveries. We realize HTPD as PoliCC, a plug-in replacement of Android Inter-Component Communication middleware. PoliCC mitigates three classic Android data leakage attacks, and allows untrusted apps to operate on delivered messages. Our evaluation shows that PoliCC enables mobile apps to securely and flexibly exchange communication messages, with low performance and programming effort overheads.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In Android, it is also called inter-component communication (ICC).
- 2.
All of them target Android, due to its open-sourced codebase, which can be examined and modified.
- 3.
Similarly to prior works, we target Android as the dominant open-source platform.
- 4.
In ICC, Intent objects serve as data delivery vehicles.
- 5.
Intent Filter declares expected Intent properties (action/category).
- 6.
Although DoS is not our focus, one of PoliCC ’s features mitigates them (see Sect. 6.4).
- 7.
In Android ICC, routing information can be used for both data integrity and destination examinations (detailed in Sect. 5.2).
- 8.
Convergent encryption is applied to string data.
- 9.
Homomorphic encryption is applied to numeric data.
- 10.
As fully homomorphic encryption is slow, its partial variant achieves a practical performance security tradeoff.
- 11.
Because the “no data” delivery is caused by failed data integrity checks rather than permissions, we detail it in Sect. 5.2.
- 12.
With PoliCC ’s encryption implementation, decrypting unencypted data destroys the original data, which may not be the case for other encryption implementations.
- 13.
We measure energy consumption with PowerTutor 1.4 [35].
References
Common Attack Pattern Enumeration and Classification. capec.mitre.org/
CVE-2018-15752. cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15752
CVE-2018-9489. cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489
Dev tool to view inter-app communication (2019). f-droid.org/en/packages/de.k3b.android.intentintercept/
Intent Intercept (2019). capec.mitre.org/data/definitions/499.html
Alhanahnah, M., et al.: Detecting vulnerable Android inter-app communication in dynamically loaded code. In: IEEE INFOCOM 2019, pp. 550–558. IEEE (2019)
Anderson, P., Zhang, L.: Fast and secure laptop backups with encrypted de-duplication. In: LISA, vol. 10, p. 24th (2010)
Arzt, S., et al.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. Acm Sigplan Notices (2014)
Bennett, K., Grothoff, C., Horozov, T., Patrascu, I.: Efficient sharing of encrypted data. In: Batten, L., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 107–120. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45450-0_8
Blasco, J., Chen, T.M., Muttik, I., Roggenbach, M.: Wild android collusions (2016)
Bosu, A., Liu, F., Yao, D.D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Asia Conference on Computer and Communications Security, pp. 71–85. ACM (2017)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: A new Android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical Report TR-2011-04 (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: NDSS (2012)
Carpov, S., Nguyen, T.H., Sirdey, R., Constantino, G., Martinelli, F.: Practical privacy-preserving medical diagnosis using homomorphic encryption. In: Cloud Computing, pp. 593–599. IEEE (2016)
Carter, H., Amrutkar, C., Dacosta, I., Traynor, P.: For your phone only: custom protocols for efficient secure function evaluation on mobile devices. Secur. Commun. Networks 7(7), 1165–1176 (2014)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)
Damgård, I., Groth, J., Salomonsen, G.: The theory and implementation of an electronic voting system. In: Secure Electronic Voting, pp. 77–99. Springer, Boston (2003). https://doi.org/10.1007/978-1-4615-0239-5_6
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: USENIX Security Symposium, vol. 31, p. 3 (2011)
Drosatos, G., Efraimidis, P.S., Athanasiadis, I.N., D’Hondt, E., Stevens, M.: A privacy-preserving cloud computing system for creating participatory noise maps. In: Computer Software and Applications Conference (COMPSAC), IEEE 36th Annual, pp. 581–586. IEEE (2012)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Fang, Z., Han, W., Li, Y., Permission based Android security: Issues and countermeasures. Comput. Secur. 43, 205–218 (2014)
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: USENIX Security Symposium (2011)
GDR!: My location (2019). https://tinyurl.com/yh9c8qok
Google: ANRs. developer.android.com/topic/performance/vitals/anr
Google: Distribution dashboard. developer.android.com/about/dashboards
Google: Google play (2018). play.google.com/store/apps?hl=en
Google: Data and file storage (2019). https://tinyurl.com/t6hr6t4
Jing, Y., Ahn, G.J., Doupé, A., Yi, J.H.: Checking intent-based communication in Android with intent space analysis. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 735–746. ACM (2016)
Krohn, M., et al.: Information flow control for standard OS abstractions. In: ACM SIGOPS Operating Systems Review, vol. 41, pp. 321–334. ACM (2007)
Lee, Y.K., Yoodee, P., Shahbazian, A., Nam, D., Medvidovic, N.: SEALANT: a detection and visualization tool for inter-app security vulnerabilities in Android. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, pp. 883–888. IEEE Press (2017)
Li, L., et al.: Iccta: Detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1, pp. 280–291. IEEE Press (2015)
Li, L., Bissyandé, T.F., Klein, J., Le Traon, Y.: Parameter values of android apis: a preliminary study on 100,000 apps. In: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering, vol. 1, pp. 584–588 (2016)
Li, L., Bissyandé, T.F., Octeau, D., Klein, J.: Droidra: taming reflection to support whole-program analysis of Android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on Computer and communications Security, pp. 229–240. ACM (2012)
Mark Gordon, L.Z., Tiwana, B.: A power monitor (2019). ziyang.eecs.umich.edu/projects/powertutor/
Mimoso, M.: Mobile app collusion can bypass native android security (2016). https://tinyurl.com/jpndk7g
Moez BhattiCommunication: Qksms (2019). https://tinyurl.com/k8dd4u2
Octeau, D., et al.: Effective inter-component communication mapping in Android: An essential step towards holistic security analysis. In: USENIX Security (2013)
Wilcox-O’Hearn, Z., Warner, B.: Tahoe: the least-authority filesystem. In: 4th ACM international workshop on Storage security and survivability (2008)
Xu, K., Li, Y., Deng, R.H.: Iccdetector: Icc-based malware detection on Android. IEEE Trans. Inf. Forensics Secur. 11(6), 1252–1264 (2016)
Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109. IEEE (2012)
Acknowledgements
The authors thank the anonymous reviewers, whose insightful comments helped improve this paper. NSF supported this research through the grant #1717065.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liu, Y., Cruz, B.D., Tilevich, E. (2021). HTPD: Secure and Flexible Message-Based Communication for Mobile Apps. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 399. Springer, Cham. https://doi.org/10.1007/978-3-030-90022-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-90022-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90021-2
Online ISBN: 978-3-030-90022-9
eBook Packages: Computer ScienceComputer Science (R0)