KR20160046630A - Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation - Google Patents

Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation Download PDF

Info

Publication number
KR20160046630A
KR20160046630A KR1020140142791A KR20140142791A KR20160046630A KR 20160046630 A KR20160046630 A KR 20160046630A KR 1020140142791 A KR1020140142791 A KR 1020140142791A KR 20140142791 A KR20140142791 A KR 20140142791A KR 20160046630 A KR20160046630 A KR 20160046630A
Authority
KR
South Korea
Prior art keywords
hash value
application program
mobile terminal
original
application
Prior art date
Application number
KR1020140142791A
Other languages
Korean (ko)
Inventor
이정현
김명호
방지웅
조태주
지명주
Original Assignee
숭실대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 숭실대학교산학협력단 filed Critical 숭실대학교산학협력단
Priority to KR1020140142791A priority Critical patent/KR20160046630A/en
Publication of KR20160046630A publication Critical patent/KR20160046630A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses an apparatus and a method for detecting a forgery-and-fake real-time mobile application through a hashing technique.
Extracts a hash value of the application program at the time of installing the application program in the mobile terminal, stores the hash value of the application program in the mobile terminal, receives the original hash value from the authentication server storing the hash value of the original application program, If the original hash value and the hash value stored in the mobile terminal are equal to each other, the application program is executed. If the original hash value and the hash value stored in the mobile terminal do not match, And is terminated.

Description

[0001] APPARATUS AND METHOD FOR TAMPER DETECTION OF MOBILE APPS USING REAL TIME HASHING TECHNIQUE ATTESTATION [0002]

The present invention relates to an apparatus and method for detecting a forgery and falsification of a real-time mobile application through a hashing technique, and more particularly to a device and a method for detecting a falsification of a real-time mobile application program through a hashing technique for determining whether an application is falsified .

The existing forgery detection technique is implemented by applying the code for forgery detection at the application level. Android mobile system, due to its execution structure, machine language translated by the Dalvik virtual machine is delivered to the central processor and executed. This means that the structure of the application program can be analyzed by extracting the dhabi byte codes that are executed in the dhabi virtual machine.

 Therefore, using these features, application programs that use existing obfuscation and forgery detection technology can be easily subjected to forgery attack. Accordingly, a platform-level forgery detection service is needed to overcome the above-described problems.

One aspect of the present invention is a method for detecting forgery or alteration of an application program installed in a mobile terminal, the method comprising: comparing a hash value of the original application program with a hash value of an application program installed in the mobile terminal, If the original hash value matches the hash value stored in the mobile terminal, the application is executed. If the original hash value and the hash value stored in the mobile terminal do not match, execution of the application program is terminated. .

In accordance with one aspect of the present invention, there is provided a method for detecting forgery and tampering of a real-time mobile application through a hashing technique, the method comprising: extracting a hash value of an application program when the application program is installed in the mobile terminal, If the original hash value matches the hash value stored in the mobile terminal, the application program is executed. If the hash value is stored in the mobile terminal, If the original hash value and the hash value stored in the mobile terminal do not match, execution of the application program can be terminated.

According to one aspect of the present invention, when an application program installed in a mobile terminal is executed, it is determined whether the application program is falsified or altered and then whether or not the application program is falsified or altered. The hash value of the running application can be directly verified and the forgery and fake attack can be blocked at the source, thereby providing a safe execution environment.

FIG. 1 is a schematic block diagram of a real-time mobile application forgery detection system using a hashing technique according to an embodiment of the present invention.
2 is a schematic block diagram of a mobile platform according to an embodiment of the present invention.
3 is a control flowchart of a real-time mobile application forgery detection system using a hashing technique according to an embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the drawings.

FIG. 1 is a schematic block diagram of a real-time mobile application forgery detection system using a hashing technique according to an embodiment of the present invention.

The real-time mobile application forgery detection system 1 through the hashing technique may include the mobile platform 100 and the authentication server 200. [

When the mobile platform 100 executes an application program installed in the mobile terminal, it can check whether the application program is falsified or altered. If the mobile platform 100 determines that the application program has been falsified or altered, the application program execution can be terminated.

The mobile platform 100 may receive the original hash value from the authentication server 200 storing the hash value of the original application program. The mobile platform 100 can compare the received original hash value with the hash value stored in the mobile terminal when the application program is installed. The mobile platform 100 executes the application program when the original hash value matches the hash value stored in the mobile terminal, and terminates the execution of the application program when the original hash value and the hash value stored in the mobile terminal do not match.

The authentication server 200 stores the original hash value of the application program installed in the mobile terminal and can transmit the original hash value at the request of the mobile platform 100. [

2 is a schematic block diagram of a mobile platform according to an embodiment of the present invention.

The mobile platform 100 may include a hash value extractor 110 and a hash value authenticator 120 that are responsible for executing an application program.

The hash value extractor 110 may extract a hash value using the code of the application program and the setting information when the application program is installed in the mobile platform 100, and store the hash value in the mobile terminal.

The hash value extractor 110 may include a hash value separation module 111 and a storage module 112.

The hash value separation module 111 can decompress the application installation file at the platform level when the application program is installed in the mobile terminal and extract the hash value based on the code and the configuration file.

The storage module 112 may store the hash value of the application program in the mobile terminal.

When the application program is executed, the hash value authenticator 120 transmits information indicating that the program has been executed to the authentication server 200. The hash value authenticator 120 receives the hash value of the application program source from the authentication server 200, It is possible to judge the forgery and falsification of the application program.

The hash value authenticator 120 may include a data communication module 121, a hash value verification module 122, and an application program termination module 123.

The data communication module 121 may request the authentication server 200 to send an original hash value to the application program and receive the information when the application program is executed.

The hash value verification module 122 can verify whether the application program is forged or falsified by comparing the hash value of the application program source received from the data communication module 121 with the hash value of the installed application program stored through the hash value extractor .

The application termination module 123 forcibly terminates the application program to be executed when the hash value of the application program source is compared with the hash value of the installed application program stored through the hash value extractor through the hash value verification module 122 .

3 is a control flowchart of a real-time mobile application forgery detection system using a hashing technique according to an embodiment of the present invention.

The hash value of the application program to be verified can be stored in the authentication server 200 when the application program is installed in the mobile terminal and the hash value of the extracted application program can be stored in the authentication server 200. [

When the application program is installed in the mobile terminal, the mobile platform 100 extracts the hash value of the application program, and the extracted hash value can be stored in the mobile terminal's storage.

When the application program is executed in the mobile terminal, the mobile platform 100 may request the authentication server 200 for the original hash value of the application program. The authentication server 200 may transmit the hash value of the application program corresponding to the requested application program to the mobile platform 100. [ The mobile platform 100 receiving the original hash value can compare the hash value of the extracted application program with the hash value of the received original application program. The mobile platform 100 may terminate the application program and display an alert window if the comparison results are different after the comparison of the hash values is completed. The mobile platform 100 can execute the application program normally when the comparison result is the same after the comparison of the hash values is completed.

Such a real-time mobile application forgery detection technique through a hashing technique can be implemented in an application or can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination.

The program instructions recorded on the computer-readable recording medium may be ones that are specially designed and configured for the present invention and are known and available to those skilled in the art of computer software.

Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like.

Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit and scope of the invention as defined in the appended claims. It will be possible.

100: forgery detection device 110: hash value extractor
111: Hash value separation module 112: Storage module
120: hash value authenticator 121: data communication module
122: Hash value verification module 123: Application program termination module
200: authentication server

Claims (1)

When installing an application program on a mobile terminal, a hash value of the application program is extracted and stored in the mobile terminal,
The mobile terminal receives the original hash value from the authentication server storing the hash value of the original application and compares the original hash value with the hash value stored when the application program is installed,
If the original hash value matches the hash value stored in the mobile terminal, the application program is executed. If the original hash value and the hash value stored in the mobile terminal do not match, execution of the application program is terminated. Detection method.
KR1020140142791A 2014-10-21 2014-10-21 Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation KR20160046630A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140142791A KR20160046630A (en) 2014-10-21 2014-10-21 Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140142791A KR20160046630A (en) 2014-10-21 2014-10-21 Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation

Publications (1)

Publication Number Publication Date
KR20160046630A true KR20160046630A (en) 2016-04-29

Family

ID=55915751

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140142791A KR20160046630A (en) 2014-10-21 2014-10-21 Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation

Country Status (1)

Country Link
KR (1) KR20160046630A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190051430A (en) * 2017-11-07 2019-05-15 전자부품연구원 Apparatus and Method for Falsification Protection of Video Data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190051430A (en) * 2017-11-07 2019-05-15 전자부품연구원 Apparatus and Method for Falsification Protection of Video Data

Similar Documents

Publication Publication Date Title
US20170289139A1 (en) Device verification method and apparatus
WO2010039788A3 (en) Processor boot security device and methods thereof
CN107743115B (en) Identity authentication method, device and system for terminal application
US10467413B2 (en) Method and apparatus of dynamic loading file extraction for an application running in an android container
EP3316160A1 (en) Authentication method and apparatus for reinforced software
US20160197950A1 (en) Detection system and method for statically detecting applications
US8997249B1 (en) Software activation and revalidation
US8893233B2 (en) Referer verification apparatus and method
WO2013000439A1 (en) Method, device and security policy system for executing security policy script
WO2017036048A1 (en) Terminal system updating method and system
KR20160098912A (en) Method for Re-adjusting Application Permission and User terminal for performing the same Method
CN106874758B (en) Method and device for identifying document code
US20160014123A1 (en) Apparatus and method for verifying integrity of applications
KR102022058B1 (en) Method and system for detecting counterfeit of web page
CN106709281B (en) Patch granting and acquisition methods, device
CN108234441B (en) Method, apparatus, electronic device and storage medium for determining forged access request
CN109657454B (en) Trusted verification method for android application based on TF (TransFlash) cryptographic module
CN106127473A (en) A kind of safe payment method and electronic equipment
US9286459B2 (en) Authorized remote access to an operating system hosted by a virtual machine
WO2020233044A1 (en) Plug-in verification method and device, and server and computer-readable storage medium
KR20160046630A (en) Apparatus and method for tamper detection of mobile apps using real time hashing technique attestation
KR101480040B1 (en) Method, system and computer readable recording medium for web-page monitoring
WO2017028459A1 (en) Program monitoring method and apparatus
KR101189802B1 (en) Method and apparatus for application program authentication
KR101725670B1 (en) System and method for malware detection and prevention by checking a web server

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination