Identifying Cryptographic Functionality in Android Applications

Alexander Oprisnik, Daniel Hein, Peter Teufl

Abstract

Mobile devices in corporate IT infrastructures are frequently used to process security-critical data. Over the past few years powerful security features have been added to mobile platforms. However, for legal and organisational reasons it is difficult to pervasively enforce using these features in consumer applications or Bring-Your-Own-Device (BYOD) scenarios. Thus application developers need to integrate custom implementations of security features such as encryption in security-critical applications. Our manual analysis of container applications and password managers has shown that custom implementations of cryptographic functionality often suffer from critical mistakes. During manual analysis, finding the custom cryptographic code was especially time consuming. Therefore, we present the Semdroid framework for simplifying application analysis of Android applications. Here, we use Semdroid to apply machine-learning techniques for detecting non-standard symmetric and asymmetric cryptography implementations. The identified code fragments can be used as starting points for subsequent manual analysis. Thus manual analysis time is greatly reduced. The capabilities of Semdroid have been evaluated on 98 password-safe applications downloaded from Google Play. Our evaluation shows the applicability of Semdroid and its potential to significantly improve future application analysis processes.

References

  1. Burguera, I., Zurutuza, U., and Nadjm-Tehrani, S. (2011). Crowdroid. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM 7811, page 15, New York, New York, USA. ACM Press.
  2. Cortes, C. and Vapnik, V. (1995). Support-vector networks. Machine Learning, 20(3):273-297.
  3. Egele, M., Brumley, D., Fratantonio, Y., and Kruegel, C. (2013). An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS 7813, pages 73-84, New York, New York, USA. ACM Press.
  4. Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., and Freisleben, B. (2012). Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. In CCS, pages 50-61. ACM.
  5. Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., and Shmatikov, V. (2012). The most dangerous code in the world. In Proceedings of the 2012 ACM conference on Computer and communications security - CCS 7812, page 38. ACM Press.
  6. Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., and McGwier, R. (2013). A neural network approach to category validation of Android applications. In 2013 International Conference on Computing, Networking and Communications (ICNC), pages 740-744. IEEE.
  7. Menezes, A. J., Oorschot, P. C. V., and Vanstone, S. A. (1997). Handbook of Applied Cryptography, volume 106.
  8. Provos, N. and Mazieres, D. (1999). A Future-Adaptable Password Scheme. USENIX Annual Technical Conference, . . . , pages 1-12.
  9. Schneier, B. (1996). Applied Cryptography. Electrical Engineering, 1([32):429-455.
  10. Shabtai, A., Fledel, Y., and Elovici, Y. (2010). Automated Static Code Analysis for Classifying Android Applications Using Machine Learning. In 2010 International Conference on Computational Intelligence and Security, pages 329-333. IEEE.
  11. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., and Weiss, Y. (2011). Andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38(1):161-190.
  12. Teufl, P., Leitold, H., and Posch, R. (2013). Semantic Pattern Transformation. In Proceedings of the 13th International Conference on Knowledge Management and Knowledge Technologies - i-Know 7813, pages 1-8, New York, New York, USA. ACM Press.
  13. Witten, I. H., Frank, E., and Hall, M. A. (2011). Data Mining: Practical Machine Learning Tools and Techniques, Third Edition (The Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann.
  14. Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., and Wu, K.-P. (2012). DroidMat: Android Malware Detection through Manifest and API Calls Tracing. In 2012 Seventh Asia Joint Conference on Information Security, pages 62-69. IEEE.
  15. Wu, T. (1998). The Secure Remote Password Protocol. In Proceedings of the Symposium on Network and Distributed Systems Security NDSS 98, pages 97-111. Internet Society.
Download


Paper Citation


in Harvard Style

Oprisnik A., Hein D. and Teufl P. (2014). Identifying Cryptographic Functionality in Android Applications . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 151-162. DOI: 10.5220/0005056301510162


in Bibtex Style

@conference{secrypt14,
author={Alexander Oprisnik and Daniel Hein and Peter Teufl},
title={Identifying Cryptographic Functionality in Android Applications},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={151-162},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005056301510162},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Identifying Cryptographic Functionality in Android Applications
SN - 978-989-758-045-1
AU - Oprisnik A.
AU - Hein D.
AU - Teufl P.
PY - 2014
SP - 151
EP - 162
DO - 10.5220/0005056301510162