Skip to main content
SpringerLink
Log in

Anti-reversible dynamic tamper detection scheme using distributed image steganography for IoT applications

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

In the provision of on-demand personalized services in an IoT-based hyper-connected network, it is inevitable for the mobile device that centrally controls personal information to become the focal point. In this IoT environment, because mobile devices serve as a gateway for all personalized services, their protection plays a crucial role in the creation of a secure IoT environment. In the case of Android, the classic mobile platform, security is at risk from repackaging attacks because of structural weaknesses in the platform. To prevent such repackaging attacks, Android-based applications currently utilize various obfuscation techniques and insert tamper detection methods. However, it is possible to easily bypass even these measures. Thus, in this paper we propose an anti-reverse-engineering dynamic tamper detection scheme that applies image steganography to distribute and hide code in PNG image files. We design and implement this proposed scheme, and present the results of a security evaluation of an application with the scheme applied.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

    Article  MATH  Google Scholar 

  2. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660

    Article  Google Scholar 

  3. Weber RH (2010) Internet of things-new security and privacy challenges. Comput Law Secur Rev 26(1):23–30

    Article  Google Scholar 

  4. Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437

    Article  Google Scholar 

  5. Alexander-Bown S (2014) Android security: Adding tampering detection to your app. https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app

  6. Barrera D, Clark J, McCarney D, van Oorschot PC (2012) Understanding and improving app installation security mechanisms through empirical analysis of android. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices. ACM, pp 81–92

  7. Oracle: Understanding signing and verification. https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html

  8. Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscatingtransformations. Tech. rep., Department of Computer Science, The University of Auckland, New Zealand

  9. Collberg CS, Thomborson CD, Low DWK (2003) Obfuscation techniques for enhancing software security. US Patent 6,668,325

  10. Kovacheva A (2013) Efficient code obfuscation for android. In: International Conference on Advances in Information Technology. Springer, Berlin, pp 104–119

  11. Linn C, Debray S (2003) Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM, pp 290–299

  12. Piao Y, Jung JH, Yi JH (2016) Server-based code obfuscation scheme for APK tamper detection. Secur Commu Netw 9(6):457–467

    Article  Google Scholar 

  13. Diffie W, Van Oorschot PC, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Cryptogr 2(2):107–125

    Article  MathSciNet  Google Scholar 

  14. Hamid N, Yahya A, Ahmad RB, Al-Qershi OM (2012) Image steganography techniques: an overview. Int J Comput Sci Secur (IJCSS) 6(3):168–187

    Google Scholar 

  15. Katzenbeisser S, Petitcolas F (2000) Information hiding techniques for steganography and digital watermarking. Artech House, London

    Google Scholar 

  16. Bhatt S, Ray A, Ghosh A, Ray A (2015) Image steganography and visible watermarking using lsb extraction technique. In: 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO). IEEE, pp 1–6

  17. Boutell T (1997) Png (portable network graphics) specification version 1.0

  18. Szeliski R (2010) Computer vision: algorithms and applications. Springer Science & Business Media

  19. Chandramouli R, Memon N (2001) Analysis of lsb based image steganography techniques. In: Proceedings. 2001 International Conference on Image Processing, 2001. vol 3. IEEE, pp 1019–1022

  20. Stego png. http://www.hermetic.ch/stpng/stpng.htm. Accessed 24 March 2016

  21. Mobilefish. http://www.mobilefish.com/services/steganography/steganography.php. Accessed 24 March 2016

  22. Openstego. http://www.openstego.com. Accessed 24 March 2016

  23. Mobistego. https://github.com/paspao/MobiStego. Accessed 24 March 2016

  24. Google samples. https://github.com/googlesamples/android-UniversalMusicPlayer. Accessed 24 March 2016

  25. Android ndk. http://developer.android.com/ndk/index.html. Accessed 11 April 2016

  26. Apktool. http://ibotpeaches.github.io/Apktool/. Accessed 11 April 2016

Download references

Acknowledgments

This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (NO. R0110-15-1001, Secure hardware containers technology to protect IoT devices from Denial of Service attack).

Author information

Authors and Affiliations

  1. Soongsil University, 369 Sangdo-ro, Dongjak-gu, Seoul, 06978, Republic of Korea

    Sung Ryoung Kim, Sung Tae Kim, Sunwoo Shin & Jeong Hyun Yi

  2. Electronics and Telecommunications Research Institute, 218 Gajeong-ro, Yuseong-gu, Daejeon, 34129, Republic of Korea

    Jeong Nyeo Kim

Authors
  1. Sung Ryoung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeong Nyeo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sung Tae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sunwoo Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jeong Hyun Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeong Hyun Yi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, S.R., Kim, J.N., Kim, S.T. et al. Anti-reversible dynamic tamper detection scheme using distributed image steganography for IoT applications. J Supercomput 74, 4261–4280 (2018). https://doi.org/10.1007/s11227-016-1848-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1848-y

Keywords

Search

Navigation