Abstract
By exploiting known covert channels, Android applications today are able to bypass the built-in permission system and share data in a potentially untraceable manner. These channels have sufficient bandwidth to transmit sensitive information, such as GPS locations, in real-time to collaborating applications with Internet access. In this paper, we extend previous work involving an application layer covert communications detector. We measure the stability of the volume and vibration channels on the Android emulator, HTC G1, and Motorola Droid. In addition, we quantify the effect that our detector has on channel capacities for stealthy malicious applications using a theoretical model. Lastly, we introduce a new classification of covert and overt communication for the Android platform.
Similar content being viewed by others
Notes
For more details on Android security, see Enck et al. [10].
Many settings live in native code drivers, such as the media volume and vibration settings.
Our preliminary investigation found that virtually none of these settings were changed by popular applications in the Android Market. Thus, malicious applications would not have to worry about overcrowded settings channels.
Applications are currently able to mark their own files on internal storage as world readable/writable, which we see as potential security hole.
Where m > (b − 1)q(n − 1)
References
Damopoulos D, Kambourakis G, Gritzalis S (2013) From keyloggers to touchloggers: Take the rough with the smooth. Comput Sec 32(0):102–114. doi:10.1016/j.cose.2012.10.002. http://www.sciencedirect.com/science/article/pii/S0167404812001654
Android (2012) Settings system. http://developer.android.com/reference/android/provider/Settings.System.html
Barrera D, Kayacik H, van Oorschot P, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM conference on computer and communications security. ACM, pp 73–84
Blasing T, Batyuk L, Schmidt AD, Camtepe S, Albayrak S (2010) An android application sandbox system for suspicious software detection. In: 2010 5th International conference on malicious and unwanted software (MALWARE), pp 55–62. doi:10.1109/MALWARE.2010.5665792
Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A (2011) Xmandroid: A new android evolution to mitigate privilege escalation attacks, Security
Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based ids for mobile devices using machine learning classifiers. Secur Commun Networks 5(1):3–14. doi:10.1002/sec.341
Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach D (2011) Quire: lightweight provenance for smart phone operating systems. In: USENIX security
Dini G, Martinelli F, Saracino A, Sgandurra D (2012) Madam: a multi-level anomaly detector for android malware. In: Proceedings of the 6th international conference on mathematical methods, models and architectures for computer network security: computer network security, MMM-ACNS’12. Springer-Verlag, Berlin, pp 240–253. doi:10.1007/978-3-642-33704-821
Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, Sheth A (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX conference on operating systems design and implementation, USENIX Association, pp 1–6
Enck W, Ongtang M, McDaniel P (2009) Understanding android security. IEEE Secur Privacy 7(1):50–57
Gianvecchio S, Wang H (2007) Detecting covert timing channels: an entropy-based approach. In: Proceedings of the 14th ACM conference on computer and communications security. ACM, pp 307–316
Hansen M, Hill R, Wimberly S (2012) Detecting covert communication on android. In: IEEE local computer networks 2012 conference
Holloway R (2010) Covert dcf-a dcf-based covert timing channel in 802.11 networks
Kemmerer R (1983) Shared resource matrix methodology: an approach to identifying storage and timing channels. ACM Trans Comput Syst (TOCS) 1(3):256–277
Kemmerer R (2002) A practical approach to identifying storage and timing channels: twenty years later. In: 18th Annual computer security applications conference, 2002. Proceedings. IEEE, pp 109–118
Lampson B (1973) A note on the confinement problem. Commun ACM 16(10):613–615
Mulliner C, Vigna G, Dagon D, Lee W (2006) Using labeling to prevent cross-service attacks against smart phones. Detect Intrusions Malware Vulnerability Assess: 91–108
Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. In: Annual computer security applications conference, 2009. ACSAC’09. IEEE pp 340–349
Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang X (2011) Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: Proceedings of the network and distributed system security symposium
Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) Andromaly: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190. doi:10.1007/s10844-010-0148-x
Wang Z, Lee R (2005) New constructive approach to covert channel modeling and channel capacity estimation. Inf Secur: 498–505
Wray J (1991) An analysis of covert timing channels. In: Proceedings IEEE computer society symposium on research in security and privacy, 1991. IEEE, pp 2–7
Yan LK, Yin H (2012) Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX conference on security symposium, Security’12. USENIX Association, Berkeley, pp 29–29. http://dl.acm.org/citation.cfm?id=2.3627932362822
Zhou Y, Zhang X, Jiang X, Freeh VW (2011) Taming information-stealing smartphone applications (on android). In: Proceedings of the 4th international conference on trust and trustworthy computing, TRUST’11. Springer-Verlag, Berlin, pp 93–107. http://dl.acm.org/citation.cfm?id=2.0222452022255
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hill, R., Hansen, M. & Singh, V. Quantifying and Classifying Covert Communications on Android. Mobile Netw Appl 19, 79–87 (2014). https://doi.org/10.1007/s11036-013-0482-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-013-0482-7