SMS Guardian: Protect a Smartphone against Incoming SMS Message Interception

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：7

、訪客IP：18.218.61.16

姓名

陳安琪(An-chi Chen) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(SMS Guardian: Protect a Smartphone against Incoming SMS Message Interception)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

隨著智慧型手機的進步以及其計算能力越來越強，簡訊（Short Message Service, SMS）除了一般通訊聯絡，近年來更是被許多應用服務拿來進行消息通知或是身分驗證。例如，社群網站的註冊、銀行消費通知，或是手機小額付款的驗證程序。然而，隨著簡訊扮演的角色越來越重要，就越是會成為惡意軟體作者的攻擊目標。在各種智慧型手機的作業系統中，~Google~的~Android~因為其開放平台以及完善的開發環境，在全球占有最多的用戶；然而，卻也讓~Android~成為惡意軟體的最大宗攻擊平台。本篇論文針對簡訊的資安隱憂，即惡意程式可能在使用者不知情的情況下就將簡訊刪除，導致手機預設的簡訊程式（msging{}）無法收到簡訊的情況，設計出一個簡訊監控系統稱為~emph{MakaDroid}~。~emph{MakaDroid}~主要分成兩部分：框架層級（Android Framework）和應用層級（Android Application）。我們首先在框架層中加入檢查的程式碼，確保我們在應用層的~ extsf{Maka App}~服務會第一個收到簡訊，而不會被其他接收者攔截；另外，更在簡訊廣播被終止（Abort），或是簡訊資料從~msging{}~的資料庫被刪除（Delete）時，能夠通知~ extsf{Maka App}~並且跳出警告視窗給使用者。我們收集了已知的惡意程式來進行驗證，而因為不會有接收者搶在我們的~app~之前收到簡訊，並且系統在可疑的信件刪除時都會回報~ extsf{Maka App}~，因此我們能準確地記錄到所有的簡訊刪除事件。

摘要(英)

In recent years, the advances of smartphones for their powerful capability have made the functionality of SMS (Short Message Service) diverse. Apart from the daily life communication, SMS is also used for notification or identity authentication by several application services. For example, the social network registration, the banking transaction notification, and the mobile payment verification. However, the more important role SMS plays, the more attractive target the malware programmers focus on. Among various smartphone operating systems, due to the openness and healthy development environment, Google’s Andorid has the largest market share, which leads to the prime target platform of malware. This thesis focuses on the SMS security of those messages deleted without users’ consent, and has implemented an SMS-monitoring framework called emph{MakaDroid} to keep track of every received SMS messages. emph{MakaDroid} can be divided into two parts: Android Framework and Android Application. In the Framework layer, we adds a few lines of monitoring code, and then our application, extsf{Maka App}, in the applicaion level is responsible for receiving system-wide broadcasts, including the customized SMS-monitoring events. In order to keep track of each incoming SMS message, extsf{Maka App} is guaranteed to be the first recipient to receive the message, and if a suspicious SMS message dropping happens, extsf{Maka App} will record the event followed by a warning to the mobile user. In our evaluation, we have tested eight real-world malware samples and two PoC programs, and our solution accurately detected all of the malicious messages dropping behaviors.

關鍵字(中)

★ Android安全
★ 簡訊攔截
★ 簡訊木馬

關鍵字(英)

★ mobile malware
★ SMS security
★ SMS trojan
★ Android security

論文目次

中文摘要. . . . . . . . . . . . . . . . . . . . . . . . . i
ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . ii
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . iii
List of Figures . . . . . . . . . . . . . . . . . . . . . . . iv
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . v
1 . Introduction . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Problem description . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Research goal . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Thesis organization . . . . . . . . . . . . . . . . . . . . . . 3
2 . Background . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Overview of Android . . . . . . . . . . . . . . . . . . . . . 5
2.2 Application components . . . . . . . . . . . . . . . . . . . . 6
2.2.1 Intent . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2 Broadcast Receiver . . . . . . . . . . . . . . . . . . 8
2.2.3 Content Provider . . . . . . . . . . . . . . . . . . . 10
2.3 Receiving SMS messages in Android . . . . . . . . . . . . . 11
3 . Related Work . . . . . . . . . . . . . . . . . . . . . 13
4 . Threat Description . . . . . . . . . . . . . . . . . . . 16
4.1 Threat scenarios . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2 Methods to block SMS messages . . . . . . . . . . . . . . . 17
4.2.1 Abort . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.2.2 Delete . . . . . . . . . . . . . . . . . . . . . . . . . 18
5 . A Deeper Look into Broadcasting . . . . . . . . . . . . . 21
5.1 Static broadcast receivers . . . . . . . . . . . . . . . . . . . 21
5.2 Dynamic broadcast receivers . . . . . . . . . . . . . . . . . 22
5.3 Processing broadcasts . . . . . . . . . . . . . . . . . . . . . 24
6 . MakaDroid . . . . . . . . . . . . . . . . . . . . . . 29
6.1 System Design . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.2 Framework part . . . . . . . . . . . . . . . . . . . . . . . . 30
6.3 Application part: Maka App . . . . . . . . . . . . . . . . . . 31
7 . Evaluation. . . . . . . . . . . . . . . . . . . . . . . 34
7.1 Implementation . . . . . . . . . . . . . . . . . . . . . . . . 34
7.2 Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7.3 Processing Time . . . . . . . . . . . . . . . . . . . . . . . . 36
7.4 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8 . Conclusion . . . . . . . . . . . . . . . . . . . . . . 39
Appendix . . . . . . . . . . . . . . . . . . . . . . . . . 40
References . . . . . . . . . . . . . . . . . . . . . . . . . 42

參考文獻

[1] ComScore (2013). 2013 Mobile Future in Focus. Retrieved Apr. 12, 2013, from
http://www.comscore.com/Insights/Blog/2013_Digital_Future_in_
Focus_Series.
[2] Denis Maslennikov. IT Threat Evolution:Q1 2013. Retrieved Jun. 20, 2013,
from http://www.securelist.com/en/analysis/204792292/IT_Threat_
Evolution_Q1_2013.
[3] International Data Corporation (2013). Worldwide Quarterly Mobile Phone Tracker.
Retrieved Jun. 12, 2013, from http://www.idc.com/getdoc.jsp?containerId=
prUS24108913.
[4] William Dudley, Group Director, Product Management, and SAP Mobile Services.
Long Live SMS. Mobile Operator Guide 2013 The Evolution of Mobile Services:
Challenges, Strategies, Opportunities, 2013.
[5] Android Developer. Developer Tools. Retrieved Apr. 10, 2013, from http:
//developer.android.com/tools/index.html.
[6] Bruno Albuquerque (2011). Processing ordered broadcasts. Retrieved
Mar. 13, 2013, from http://android-developers.blogspot.tw/2011/01/
processing-ordered-broadcasts.html.
[7] Android Developer Rules. ACTION_NEW_OUTGOING_CALL. Retrieved
Apr. 26, 2013, from http://developer.android.com/reference/android/
content/Intent.html#ACTION_NEW_OUTGOING_CALL.
[8] Androulidakis and IosifI. SMS Security Issues. In Mobile Phone Security and Forensics,
SpringerBriefs in Electrical and Computer Engineering, pages 63--74. Springer
US, 2012.
[9] Khodor Hamandi, Imad H. Elhajj, Ali Chehab, and Ayman Kayssi. Android SMS
Botnet: A New Perspective. In Proceedings of the 10th ACM international symposium
on Mobility management and wireless access, MobiWac ’12, pages 125--130.
ACM, 2012.
[10] Anh Nguyen and Lei Pan. Detecting SMS-based Control Commands in a Botnet
from Infected Android Devices. In ATIS 2012 : Proceedings of the 3rd Applications
and Technologies in Information Security Workshop, Applications and Technologies
in Information Security Workshop, pages 23--27, 2012.
[11] Google I/O (2012). Android Fireside Chat. Retrieved Jun. 10, 2013, from https:
//developers.google.com/events/io/2012/sessions/gooio2012/102/.
[12] Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. Permission
evolution in the android ecosystem. In Proceedings of the 28th Annual Computer
Security Applications Conference, ACSAC ’12. ACM, 2012.
[13] Mohammad Nauman, Sohail Khan, and Xinwen Zhang. Apex: Eextending Android
Permission Model and Enforcement with User-Defined Runtime Constraints. In Proceedings
of the 5th ACM Symposium on Information, Computer and Communications
Security, ASIACCS ’10, pages 328--332. ACM, 2010.
[14] Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and Vincent W. Freeh. Taming
Information-Stealing Smartphone Applications (on Android). In Proceedings of the
4th international conference on Trust and trustworthy computing, TRUST’11, pages
93--107. Springer-Verlag, 2011.
[15] Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and
David Wagner. Android Permissions: User Attention, Comprehension, and Behavior.
In SOUPS’12, 2012.
[16] Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. Hey, You, Get Off of My
Market: Detecting Malicious Apps in Official and Alternative Android Markets. In
Proceedings of the 19th Annual Network & Distributed System Security Symposium,
2012.
[17] Xu, Rubin, Saïdi, Hassen, Anderson, and Ross. Aurasium: practical policy enforcement
for android applications. In Proceedings of the 21st USENIX conference on
Security symposium, Security’12, pages 27--27. USENIX Association, 2012.
[18] Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and
Evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95--109,
2012.
[19] Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. Detecting repackaged smartphone
applications in third-party android marketplaces. In Proceedings of the second
ACM conference on Data and Application Security and Privacy, CODASPY ’12,
pages 317--326. ACM, 2012.
[20] TEKELEC (2007). SMS Security: Malicious attacks are just around the corner. Are
you protected? Retrieved Jun. 3, 2013, from http://www.conectividad.org/
archivo/estudios/webbuyer/TekSMS_wp.pdf.
[21] Axelle Apvrille (2011). Zitmo hits Android. Retrieved Jun. 16, 2013, from http:
//blog.fortinet.com/zitmo-hits-android/.
[22] Xuxian Jiang (2012). Android premium-rate SMS Trojan. Retrieved
May 16, 2013, from http://www.thehackingarticles.com/2012/01/
android-premium-rate-sms-trojan.html#.UUqODhf-GZs.
[23] Symantec (2012). Android.Tigerbot. Retrieved May 16, 2013, from
http://www.symantec.com/security_response/writeup.jsp?docid=
2012-041010-2221-99.
[24] H. Pieterse and M.S. Olivier. Android Botnets on the Rise: Trends and Characteristics.
In Information Security for South Africa (ISSA), 2012, pages 1--5, 2012.
[25] Android Platform Development Kit (2008). Radio Layer Interface. Retrieved May
29, 2013, from http://www.netmite.com/android/mydroid/development/
pdk/docs/telephony.html.
[26] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. Analyzing
Inter-Application Communication in Android. In Proceedings of the 9th international
conference on Mobile systems, applications, and services, MobiSys ’11, pages
239--252. ACM, 2011.
[27] Jim White (2012). Using LocalBroadcastManager in Service to Activity Communications.
Retrieved Jun. 5, 2013, from http://www.intertech.com/Blog/Post/
Using-LocalBroadcastManager-in-Service-to-Activity-Communications.
aspx.
[28] Android Open Source Project. Retrieved Feb. 20, 2013, from http://source.
android.com/.
[29] Jaime Blasco. Introduction to Android Malware Analysis. (IN)SECURE Magazine,
(34):25--37, 2012.
[30] Axelle Apvrille (2012). Making money out of android/ fakemart.
Retrieved Jul. 20, 2013, from https://blog.fortinet.com/
making-money-out-of-androidfakemart/.
[31] Kindsight Security Labs (2008). Malware Analysis: GGTracker.A Trojan for AndroidOS.
Retrieved Jun. 20, 2013, from http://www.kindsight.net/en/blog/
2011/09/29/malware-analysis-ggtrackera-trojan-for-androidos.
[32] Denis Maslennikov (2011). SMS Trojans: all around the world. Retrieved May 20,
2013, from http://www.securelist.com/en/blog/208193261/SMS_Trojans_
all_around_the_world.

指導教授

許富皓(Fu-hau Hsu)

審核日期

2013-7-29

推文