Abstract
In the provision of on-demand personalized services in an IoT-based hyper-connected network, it is inevitable for the mobile device that centrally controls personal information to become the focal point. In this IoT environment, because mobile devices serve as a gateway for all personalized services, their protection plays a crucial role in the creation of a secure IoT environment. In the case of Android, the classic mobile platform, security is at risk from repackaging attacks because of structural weaknesses in the platform. To prevent such repackaging attacks, Android-based applications currently utilize various obfuscation techniques and insert tamper detection methods. However, it is possible to easily bypass even these measures. Thus, in this paper we propose an anti-reverse-engineering dynamic tamper detection scheme that applies image steganography to distribute and hide code in PNG image files. We design and implement this proposed scheme, and present the results of a security evaluation of an application with the scheme applied.
Similar content being viewed by others
References
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660
Weber RH (2010) Internet of things-new security and privacy challenges. Comput Law Secur Rev 26(1):23–30
Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437
Alexander-Bown S (2014) Android security: Adding tampering detection to your app. https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app
Barrera D, Clark J, McCarney D, van Oorschot PC (2012) Understanding and improving app installation security mechanisms through empirical analysis of android. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices. ACM, pp 81–92
Oracle: Understanding signing and verification. https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html
Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscatingtransformations. Tech. rep., Department of Computer Science, The University of Auckland, New Zealand
Collberg CS, Thomborson CD, Low DWK (2003) Obfuscation techniques for enhancing software security. US Patent 6,668,325
Kovacheva A (2013) Efficient code obfuscation for android. In: International Conference on Advances in Information Technology. Springer, Berlin, pp 104–119
Linn C, Debray S (2003) Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM, pp 290–299
Piao Y, Jung JH, Yi JH (2016) Server-based code obfuscation scheme for APK tamper detection. Secur Commu Netw 9(6):457–467
Diffie W, Van Oorschot PC, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Cryptogr 2(2):107–125
Hamid N, Yahya A, Ahmad RB, Al-Qershi OM (2012) Image steganography techniques: an overview. Int J Comput Sci Secur (IJCSS) 6(3):168–187
Katzenbeisser S, Petitcolas F (2000) Information hiding techniques for steganography and digital watermarking. Artech House, London
Bhatt S, Ray A, Ghosh A, Ray A (2015) Image steganography and visible watermarking using lsb extraction technique. In: 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO). IEEE, pp 1–6
Boutell T (1997) Png (portable network graphics) specification version 1.0
Szeliski R (2010) Computer vision: algorithms and applications. Springer Science & Business Media
Chandramouli R, Memon N (2001) Analysis of lsb based image steganography techniques. In: Proceedings. 2001 International Conference on Image Processing, 2001. vol 3. IEEE, pp 1019–1022
Stego png. http://www.hermetic.ch/stpng/stpng.htm. Accessed 24 March 2016
Mobilefish. http://www.mobilefish.com/services/steganography/steganography.php. Accessed 24 March 2016
Openstego. http://www.openstego.com. Accessed 24 March 2016
Mobistego. https://github.com/paspao/MobiStego. Accessed 24 March 2016
Google samples. https://github.com/googlesamples/android-UniversalMusicPlayer. Accessed 24 March 2016
Android ndk. http://developer.android.com/ndk/index.html. Accessed 11 April 2016
Apktool. http://ibotpeaches.github.io/Apktool/. Accessed 11 April 2016
Acknowledgments
This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (NO. R0110-15-1001, Secure hardware containers technology to protect IoT devices from Denial of Service attack).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, S.R., Kim, J.N., Kim, S.T. et al. Anti-reversible dynamic tamper detection scheme using distributed image steganography for IoT applications. J Supercomput 74, 4261–4280 (2018). https://doi.org/10.1007/s11227-016-1848-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-016-1848-y