CN108965573A - A kind of guard method of Android mixed mode mobile application internal resource and device - Google Patents

A kind of guard method of Android mixed mode mobile application internal resource and device Download PDF

Info

Publication number
CN108965573A
CN108965573A CN201710381078.6A CN201710381078A CN108965573A CN 108965573 A CN108965573 A CN 108965573A CN 201710381078 A CN201710381078 A CN 201710381078A CN 108965573 A CN108965573 A CN 108965573A
Authority
CN
China
Prior art keywords
resource
key
protected
mobile application
mixed mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710381078.6A
Other languages
Chinese (zh)
Inventor
董振江
俞研
李从兵
吴家顺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
ZTE Corp
Original Assignee
Nanjing University of Science and Technology
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology, ZTE Corp filed Critical Nanjing University of Science and Technology
Priority to CN201710381078.6A priority Critical patent/CN108965573A/en
Publication of CN108965573A publication Critical patent/CN108965573A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions

Abstract

The invention discloses a kind of guard method of Android mixed mode mobile application internal resource and device, the guard method includes: to encrypt to the resource to be protected of mixed mode mobile application;In mixed mode mobile application operation; monitor internal file access operation; when through resource to be protected described in disclosed JAVA application programming interface API Access; return to the cipher-text information of encryption; when accessing the resource to be protected by privately owned JAVA local interface JNI; corresponding ciphertext is decrypted, the cleartext information after returning to decryption.The encipherment protection to selected resource file may be implemented in the embodiment of the present invention; decrypting process is in local realization; and return result to component; enable WebView etc. that can only read the component being shown in plain text and reads cipher-text information; when user cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android; while enhancing function, the safety for the internal resource for also protecting hybrid to apply.

Description

A kind of guard method of Android mixed mode mobile application internal resource and device
Technical field
The present invention relates to information of mobile terminal protection technique, money inside espespecially a kind of Android mixed mode mobile application The guard method in source and device.
Background technique
After Android (Android) application issued, it is faced with by the risk of conversed analysis, by static analysis means, Attacker can get the resource inside application program, such as page layout file, the script under Assets file, picture money Source, for mixed mode mobile application (Hybrid App), these are more important resource, they participate directly in application Logic in, for safeguard protection, will not usually be released in other catalogues of equipment, maliciously be obtained with wishing to reduce Probability.But when reading internal resource due to components such as WebView (network view), use system API (Application Programming Interface, application programming interface), user can not directly control the process that intervention is read, thus interior Portion's resource can only exist in the form of plaintext again.
Summary of the invention
The present invention provides a kind of guard method of Android mixed mode mobile application internal resource and devices, can Realize the encipherment protection that resource is selected inside Android mixed mode mobile application.
In order to reach the object of the invention, the embodiment of the invention provides inside a kind of Android mixed mode mobile application The guard method of resource, comprising:
The resource to be protected of mixed mode mobile application is encrypted;
In mixed mode mobile application operation, internal file access operation is monitored, is answered when by disclosed JAVA When the resource to be protected described in Program Interfaces API Access, the cipher-text information of encryption is returned to, when local by privately owned JAVA When interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the cleartext information after returning to decryption.
The embodiment of the invention also provides a kind of protective device of Android mixed mode mobile application internal resource, packets It includes:
Encrypting module is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module, for internal file access operation being monitored, when passing through in mixed mode mobile application operation When resource to be protected described in disclosed JAVA application programming interface API Access, the cipher-text information of encryption is returned to, when passing through private When some JAVA local interface JNI access the resource to be protected, corresponding ciphertext is decrypted, the plaintext after returning to decryption Information.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored with computer executable instructions, institute State the protection that above-mentioned Android mixed mode mobile application internal resource is realized when computer executable instructions are executed by processor Method.
Compared with prior art, the embodiment of the present invention includes the resources to be protected to mixed mode mobile application to add It is close;The mixed mode mobile application operation when, monitor internal file access operation, when pass through disclosed JAVA API Access When the resource to be protected, return to the cipher-text information of encryption, when by privately owned JNI (JAVA Native Interface, JAVA local interface) access the resource to be protected when, corresponding ciphertext is decrypted, return decryption after cleartext information. The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, and decrypting process is returned in local realization, and by result Back to component, enables WebView etc. that can only read the component being shown in plain text and read cipher-text information, when user passes through The internal resource of the encryption of JAVA API Access disclosed in Android cannot obtain in plain text, while enhancing function, also protecting The safety of the internal resource of hybrid application.
In embodiments of the present invention, be grouped using by the resource to be protected, for example, can according to the type of resource and/or Importance is grouped, and every group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure It is more perfect.
In embodiments of the present invention, key and key are stored in server with ciphertext corresponding relationship or are stored in It is local, convenient for protecting key not to be stolen.
In embodiments of the present invention, the function for reading Assets internal file is monitored by Hook (hook) mode, is passed through Strategy realizes effective monitoring.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the guard method flow chart of the Android mixed mode mobile application internal resource of the embodiment of the present invention;
Fig. 2 is the protective device schematic diagram of the Android mixed mode mobile application internal resource of the embodiment of the present invention;
Fig. 3 is the schematic diagram of application example of the present invention monitored by Hook mode;
Fig. 4 is the schematic diagram by disclosed JAVA API Access resource to be protected of application example of the present invention;
Fig. 5 is the schematic diagram that resource to be protected is accessed by privately owned JNI of application example of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.
As shown in Figure 1, the guard method of Android mixed mode mobile application internal resource, comprising:
Step 101, the resource to be protected of mixed mode mobile application is encrypted;
Step 102, the mixed mode mobile application run when, monitor internal file access operation, when pass through disclosure JAVA application programming interface API Access described in resource to be protected when, the cipher-text information of encryption is returned to, when by privately owned When JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the plaintext letter after returning to decryption Breath.
The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, decrypting process in local realization, and Return result to component, enable WebView etc. that can only read the component that is shown in plain text and read cipher-text information, when with Family cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android, while enhancing function, The safety for the internal resource for protecting hybrid to apply.
In one embodiment, in step 101, the resource to be protected to mixed mode mobile application carries out encrypted packet It includes:
The resource to be protected is grouped, every group is encrypted using different keys.
Encrypted file will be replaced into original document.
Wherein it is possible to which the type and/or importance according to resource are grouped.
It is grouped, such as can be grouped according to the type and/or importance of resource using by the resource to be protected, often Group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure is more perfect.
Wherein, in step 101, symmetric encipherment algorithm can be used, such as CBC (Cipher Block can be used Chaining, cipher block chaining) mode.
In one embodiment, after step 101, further includes:
Key and key and ciphertext corresponding relationship are stored in server;It is run in the mixed mode mobile application Later, the key and key and ciphertext corresponding relationship are requested to the server.
Alternatively, after step 101, further includes: key and key and ciphertext corresponding relationship are stored in local;Institute After stating the operation of mixed mode mobile application, the key and key and ciphertext corresponding relationship are obtained from local.
Wherein, it when key and key and ciphertext corresponding relationship being stored in local, safe mode can be used is stored in and answer With in program.
Key and key and ciphertext corresponding relationship are stored in server or are stored in local by the embodiment of the present invention, Convenient for protecting key not to be stolen.
In one embodiment, in the step 102, the step of monitoring internal file access operation, includes:
The function for reading Assets internal file is monitored by hook Hook mode.
Wherein, using Hook in program process, JAVA API, the JNI sound of internal resource access is related in abduction system Bright API etc., to realize that file reads decryption, decrypting process is realized in local code, and returns result to component.This hair Bright embodiment monitors the function for reading Assets internal file by Hook (hook) mode, realizes effective monitoring by strategy.
In one embodiment, described to include: by the privately owned JNI access resource to be protected in step 102
WebView component accesses the resource to be protected by privately owned JNI.
In the embodiment of the present invention, the available plaintext of WebView component, influence not encrypted.
As shown in Fig. 2, the protective device of Android mixed mode mobile application internal resource, comprising:
Encrypting module 21 is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module 22, for monitoring internal file access operation in mixed mode mobile application operation, when logical When crossing resource to be protected described in disclosed JAVA application programming interface API Access, the cipher-text information of encryption is returned to, when passing through When privately owned JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, it is bright after returning to decryption Literary information.
The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, decrypting process in local realization, and Return result to component, enable WebView etc. that can only read the component that is shown in plain text and read cipher-text information, when with Family cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android, while enhancing function, The safety for the internal resource for protecting hybrid to apply.
In one embodiment, encrypting module 21 are further used for for the resource to be protected being grouped, and every group using different Key encrypted.
Encrypted file will be replaced original document by encrypting module 21.
Wherein, encrypting module 21 can be grouped according to the type and/or importance of resource.
It is grouped, such as can be grouped according to the type and/or importance of resource using by the resource to be protected, often Group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure is more perfect.
Wherein, symmetric encipherment algorithm can be used in encrypting module 21, such as CBC mode can be used.
In one embodiment, the protective device further include:
First memory module, for key and key and ciphertext corresponding relationship to be stored in server;
The feedback module 22 is further used for after the mixed mode mobile application is run, to the server Request the key and key and ciphertext corresponding relationship.
Alternatively, the protective device further include:
Second memory module, for key and key and ciphertext corresponding relationship to be stored in local;
The feedback module 22 is further used for after the mixed mode mobile application is run, and obtains institute from local State key and key and ciphertext corresponding relationship.
Wherein, it when key and key and ciphertext corresponding relationship being stored in local, safe mode can be used is stored in and answer With in program.
Key and key and ciphertext corresponding relationship are stored in server or are stored in local by the embodiment of the present invention, Convenient for protecting key not to be stolen.
In one embodiment, the feedback module 22 is further used for monitoring reading by hook Hook mode The function of Assets internal file.
Wherein, feedback module 22 uses Hook in program process, and the JAVA of internal resource access is related in abduction system API, JNI state API etc., to realize that file reads decryption, decrypting process is realized in local code, and is returned result to Component.The embodiment of the present invention monitors the function for reading Assets internal file by Hook (hook) mode, is realized by strategy Effective monitoring.
It is illustrated below with an application example.
One, preprocessing process:
1, decompiling target apk file, the resource file, configuration file and byte code files for obtaining apk (are answered possessing In the case where with source code, operations described below can be directly carried out).
2, according to hybrid apply in the Resources list for using, resource file corresponding in assets file is carried out Encryption, encryption key can be grouped specified according to file type, importance.
3, the application class stated in application node is searched out according to configuration file, and searches its place Byte code files, modify the byte digital content, the method for making it possible to load control unit.
4, the dynamic library file where control unit is copied to lib file that decompiling comes out.
5, it recompilates, and signs.
Two, after program operation, following process is executed:
1, after control unit is activated, meeting Hook, which boards at school, takes the correlation function of Assets internal file, including disclosed JAVA interface (JAVA API) and privately owned JNI interface (statement of JNI interface), as shown in Figure 3.
2, to the corresponding relationship of server requests key group and key group and ciphertext, when local there are key group and close When the corresponding relationship of key group and ciphertext, it can choose from local load.
3, actual decryption process is realized in the local code of Hook JNI.
When the mode of Hook JAVA API intercepts internal resource file open request, decryption file can will not be executed Operation information sharing to the Hook method of JNI interface, when calling to JNI interface, the method intercepted herein can be refused to hold Row decryption oprerations will cannot obtain the function of plaintext with this to realize if application is by JAVA API reading resource file.Such as Shown in Fig. 4, Hook process intercept judges without reading permission, then to the request for reading internal resource file by JAVA API Ciphertext is back to JAVA API through the statement of Native (local) API, JNI interface, since Hook process can carry out shared letter Breath transmitting, so ciphertext will not be decrypted at JNI interface statement, therefore exporting is ciphertext.
When WebView component reads resource file, JNI interface is called directly to realize, when interception JNI interface Function has directly obtained read requests, as shown in figure 5, ciphertext will do it decryption oprerations through Native API to JNI interface statement, Cleartext information is passed into component.
Wherein, described control unit is included in the feedback module, can be realized by processor or program.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored with computer executable instructions, described The protection side of above-mentioned Android mixed mode mobile application internal resource is realized when computer executable instructions are executed by processor Method.
In conclusion guard method and the device of above-mentioned Android mixed mode mobile application internal resource, are realized to peace The protection for the resource file selected in dress packet, the protection for not being related to application program and external information input and output controls, by data Due care is to using itself.
Obviously, it is logical to should be understood that the module of the above-mentioned embodiment of the present invention or step can be used by those skilled in the art Computing device realizes that they can be concentrated on a single computing device, or be distributed in multiple computing device institutes group At network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are deposited Storage is performed by computing device in the storage device, and in some cases, can be to be different from sequence execution institute herein The step of showing or describing, perhaps they are fabricated to integrated circuit modules or by the multiple modules or step in them Suddenly single integrated circuit module is fabricated to realize.In this way, the embodiment of the present invention is not limited to any specific hardware and software In conjunction with.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims (13)

1. a kind of guard method of Android mixed mode mobile application internal resource, comprising:
The resource to be protected of mixed mode mobile application is encrypted;
In mixed mode mobile application operation, internal file access operation is monitored, when passing through disclosed JAVA application journey When resource to be protected described in sequence programming interface API Access, return to the cipher-text information of encryption, when pass through privately owned JAVA local interface When JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the cleartext information after returning to decryption.
2. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application Source carries out encryption
The resource to be protected is grouped, every group is encrypted using different keys.
3. guard method according to claim 2, which is characterized in that described the step of being grouped the resource to be protected In,
It is grouped according to the type and/or importance of resource.
4. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application After source is encrypted, further includes:
Key and key and ciphertext corresponding relationship are stored in server;
After mixed mode mobile application operation, the key and key and ciphertext pair are requested to the server It should be related to.
5. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application After source is encrypted, further includes:
Key and key and ciphertext corresponding relationship are stored in local;
After mixed mode mobile application operation, the key and key and ciphertext corresponding relationship are obtained from local.
6. guard method described according to claim 1~any one of 5, which is characterized in that the monitoring internal file is visited The step of asking operation include:
The function for reading Assets internal file is monitored by hook Hook mode.
7. guard method described according to claim 1~any one of 5, which is characterized in that described to be visited by privately owned JNI Ask that the resource to be protected includes:
Network view WebView component accesses the resource to be protected by privately owned JNI.
8. a kind of protective device of Android mixed mode mobile application internal resource characterized by comprising
Encrypting module is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module, for the mixed mode mobile application operation when, monitor internal file access operation, when pass through disclosure JAVA application programming interface API Access described in resource to be protected when, the cipher-text information of encryption is returned to, when by privately owned When JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the plaintext letter after returning to decryption Breath.
9. protective device according to claim 8, which is characterized in that
Encrypting module is further used for for the resource to be protected being grouped, and every group is encrypted using different keys.
10. protective device according to claim 9, which is characterized in that
Encrypting module is further used for being grouped according to the type and/or importance of resource.
11. protective device according to claim 8, which is characterized in that further include:
First memory module, for key and key and ciphertext corresponding relationship to be stored in server;
The feedback module is further used for after the mixed mode mobile application is run, and requests institute to the server State key and key and ciphertext corresponding relationship.
12. protective device according to claim 8, which is characterized in that further include:
Second memory module, for key and key and ciphertext corresponding relationship to be stored in local;
The feedback module is further used for after the mixed mode mobile application is run, and obtains the key from local, And key and ciphertext corresponding relationship.
13. the protective device according to any one of claim 8~12, which is characterized in that
The feedback module is further used for monitoring the function for reading Assets internal file by hook Hook mode.
CN201710381078.6A 2017-05-25 2017-05-25 A kind of guard method of Android mixed mode mobile application internal resource and device Pending CN108965573A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710381078.6A CN108965573A (en) 2017-05-25 2017-05-25 A kind of guard method of Android mixed mode mobile application internal resource and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710381078.6A CN108965573A (en) 2017-05-25 2017-05-25 A kind of guard method of Android mixed mode mobile application internal resource and device

Publications (1)

Publication Number Publication Date
CN108965573A true CN108965573A (en) 2018-12-07

Family

ID=64494025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710381078.6A Pending CN108965573A (en) 2017-05-25 2017-05-25 A kind of guard method of Android mixed mode mobile application internal resource and device

Country Status (1)

Country Link
CN (1) CN108965573A (en)

Similar Documents

Publication Publication Date Title
USRE49904E1 (en) Systems and methods for cloud data security
US9946895B1 (en) Data obfuscation
US10708051B2 (en) Controlled access to data in a sandboxed environment
Fabian et al. Collaborative and secure sharing of healthcare data in multi-clouds
Ongtang et al. Porscha: Policy oriented secure content handling in Android
US9246947B2 (en) Method and apparatus for protecting access to corporate applications from a mobile device
US11290446B2 (en) Access to data stored in a cloud
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
US10795985B2 (en) Applications of secured memory areas and secure environments in policy-based access control systems for mobile computing devices
CN103246850A (en) Method and device for processing file
CN106992851B (en) TrustZone-based database file password encryption and decryption method and device and terminal equipment
JP6461137B2 (en) Method and device for protecting private data
Herbster et al. Privacy capsules: Preventing information leaks by mobile apps
Albuquerque et al. Security in cloud-computing-based mobile health
JP2010134935A (en) Method and apparatus for performing file operation
CN108965573A (en) A kind of guard method of Android mixed mode mobile application internal resource and device
Fan et al. Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP Camera System
US20160063264A1 (en) Method for securing a plurality of contents in mobile environment, and a security file using the same
Majchrzycka et al. Process of mobile application development from the security perspective
Jasim et al. Cloud Computing Cryptography" State-of-the-Art"
Blochberger Key-value Storage with Cryptographic Client-separation
Baghel et al. Multilevel security model for cloud third-party authentication
Schmitt Server-Dependent File Access Systems
CN117708842A (en) Data processing method and data processing engine based on trusted execution environment
Hofmarcher et al. Cross-platform end-to-end encryption of contact data for mobile platforms using the example of android

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181207

WD01 Invention patent application deemed withdrawn after publication