CN111107089B - Method and device for protecting data transmission safety of Android system - Google Patents
Method and device for protecting data transmission safety of Android system Download PDFInfo
- Publication number
- CN111107089B CN111107089B CN201911333176.8A CN201911333176A CN111107089B CN 111107089 B CN111107089 B CN 111107089B CN 201911333176 A CN201911333176 A CN 201911333176A CN 111107089 B CN111107089 B CN 111107089B
- Authority
- CN
- China
- Prior art keywords
- adb
- message
- data
- communication
- android
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Abstract
The invention discloses a method and a device for protecting the data transmission safety of an Android system, wherein the method comprises the following steps: step 1, obtaining an MAC address and CPU information of a PC, calculating abstract data and storing the abstract data in the PC; step 2, adding a function of acquiring the MAC address and the CPU information of the running environment PC at the PC end adb and calculating abstract data; step 3, reading abstract data in the PC when the PC terminal adb is started, and simultaneously acquiring the MAC address and the CPU information of the PC in the operating environment and calculating the abstract data; comparing the read abstract data with the calculated abstract data, if the abstract data are consistent, successfully starting the PC end adb, and if the abstract data in the PC are not read or are inconsistent, failing to start the PC end adb; and 4, receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message, judging whether the protocol in the adb message is correct or not, establishing communication if the protocol in the adb message is correct, and rejecting communication if the protocol in the adb message is incorrect. The invention ensures the safety of the PC terminal adb, and even if the PC terminal adb software is leaked, the PC terminal adb cannot be started on another PC.
Description
Technical Field
The invention relates to the field of information security, in particular to a method and a device for protecting the data transmission security of an Android system.
Background
Android devices and PC-side programs typically communicate via the adb protocol, which is open-source by Google. Therefore, after the Android device is started in the debugging mode, the Android device is connected to the PC side software through the adb command, the software in the PC side can be connected to the Android device through the adb, and data in the Android device can be accessed through the public adb protocol.
Aiming at the safety problem of the communication between the Android equipment and the PC at present, the general solution is to verify the authority by using a password, so that the potential safety hazard of the communication between the Android equipment and the PC is solved to a certain extent. However, this solution is inconvenient for the user to operate on the Android device. The other solution is to use the ID to authenticate the authority, and the potential safety hazard of the Android device and the PC communication is solved to a certain extent. However, the ID is leaked and the update authority cannot be obtained immediately.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the existing problems, the method and the device for protecting the data transmission safety of the Android system are provided, so that malicious programs from a PC (personal computer) can be effectively intercepted, and the safety of the Android system is improved.
The invention provides a method for protecting the data transmission safety of an Android system, which comprises the following steps:
step 1, obtaining an MAC address and CPU information of a PC, calculating abstract data by using a hash algorithm and storing the abstract data in the PC;
step 2, customizing the PC end adb and the Android end adbd through an adb communication protocol, adding the PC end adb to obtain the MAC address and the CPU information of the running environment PC, and calculating the function of summary data;
step 3, when the PC terminal adb is started, firstly reading abstract data stored in the PC, and simultaneously acquiring the MAC address and the CPU information of the PC in the operating environment and calculating the abstract data; comparing the read abstract data with the calculated abstract data, if the compared abstract data are consistent, successfully starting the PC end adb, and if the abstract data in the PC are not read or the compared abstract data are inconsistent, failing to start the PC end adb;
and 4, receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message, judging whether the protocol in the analyzed adb message is correct or not, if so, establishing communication, and if not, rejecting the communication.
In step 4, the PC end adb also analyzes the adb message received from the Android end adbd and judges whether the protocol in the adb message is correct, if so, communication is established, and if not, communication is rejected.
Further, after receiving the adb message, the Android adbd and the PC adb analyze each adb message and judge whether the protocol in the adb message is correct, if so, communication is established, and if not, communication is rejected.
The invention also provides a device for protecting the data transmission safety of the Android system, which comprises the following steps:
the data acquisition module is used for acquiring the MAC address and the CPU information of the PC from the PC terminal adb;
the abstract calculation module is used for calculating abstract data for the MAC address and the CPU information of the PC acquired by the data acquisition module by using a hash algorithm in the PC terminal adb;
the matching module is used for reading the summary data in the PC when the PC end adb is started, comparing the summary data with the summary data calculated in the summary calculation module, if the compared summary data are consistent, the PC end adb is started successfully, and if the summary data in the PC are not read or the compared summary data are inconsistent, the PC end adb is started unsuccessfully; the abstract data in the PC is obtained by calculation through an abstract calculation module in advance according to the MAC address and the CPU information of the PC obtained by the data acquisition module;
and the data monitoring and analyzing module is used for receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message and judging whether the protocol in the adb message is correct or not, if so, establishing communication, and if not, rejecting the communication.
The data monitoring and analyzing module is further used for the PC end adb to receive the adb message from the Android end adbd, analyze the adb message and judge whether a protocol in the adb message is correct, if so, establish communication, and if not, refuse communication.
Further, after the Android end adbd and the PC end adb receive the adb messages, the data monitoring and analyzing module analyzes each adb message and judges whether a protocol in the adb message is correct or not, if so, communication is established, and if not, communication is refused.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the invention ensures the safety of the PC end adb, and even if the PC end adb software is leaked, the PC end adb software cannot be started on another PC;
2. the invention simultaneously ensures that the PC end adb and the Android end adbd perform bilateral authentication;
3. the invention ensures that message analysis and protocol judgment are carried out every adb data interaction.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a method for protecting data transmission security of an Android system according to the present invention.
Fig. 2 is a block diagram illustrating a structure of the apparatus for protecting data transmission security of an Android system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The features and properties of the present invention are described in further detail below with reference to examples.
Example 1
As shown in fig. 1, the method for protecting data transmission security of an Android system provided in this embodiment is characterized by including the following steps:
s1, acquiring the MAC address and CPU information of the PC, calculating the abstract data by using a hash algorithm and storing the abstract data in the PC; wherein, common hash algorithms such as SHA-0, SHA-1, etc.;
s2, customizing the PC end adb and the Android end adbd through an adb communication protocol, adding the PC end adb to obtain the MAC address and the CPU information of the running environment PC, and calculating the function of summary data;
s3, when the PC side adb is started, firstly reading the abstract data stored in the PC, and simultaneously acquiring the MAC address and the CPU information of the PC in the operating environment and calculating the abstract data; comparing the read abstract data with the calculated abstract data, if the compared abstract data are consistent, successfully starting the PC end adb, and if the abstract data in the PC are not read or the compared abstract data are inconsistent, failing to start the PC end adb;
s4, the Android end adbd receives the adb message from the PC end adb, analyzes the adb message and judges whether the protocol in the analyzed adb message is correct or not, if so, communication is established, and if not, communication is refused. Generally, the adb message is analyzed, the format, the sequence and the like of data in the adb message can be analyzed, communication is established when the format, the sequence and the like of the data in the analyzed adb message are consistent with the agreed format and the sequence and the like are judged, and communication is refused when the format, the sequence and the like of the data in the analyzed adb message are inconsistent with the agreed format and the sequence and the like.
In step S4, the PC end adb also analyzes the adb message received from the Android end adbd and determines whether the protocol in the adb message is correct, if so, communication is established, and if not, communication is rejected.
Further, in step S4, after the Android adbd and the PC adb receive the adb message, each adb message is analyzed and whether a protocol in the adb message is correct is determined, if so, communication is established, and if not, communication is rejected.
For example: if the adb program of the PC terminal is leaked and is started, the calculated abstract data of the MAC address of the PC and the CPU information are inconsistent with the abstract data stored in the PC, the adb program cannot be started, and the data of the Android equipment cannot be accessed; if the common PC terminal adb program is used for communicating with the adbd of the Android device, the adbd of the Android device analyzes the received adb message, judges whether the protocol in the adb message is incorrect, and refuses communication.
Example 2
As shown in fig. 2, the apparatus for protecting data transmission security of an Android system provided in this embodiment includes:
the data acquisition module is used for acquiring the MAC address and the CPU information of the PC from the PC terminal adb;
the abstract calculation module is used for calculating abstract data for the MAC address and the CPU information of the PC acquired by the data acquisition module by using a hash algorithm in the PC terminal adb;
the matching module is used for reading the summary data in the PC when the PC end adb is started, comparing the summary data with the summary data calculated in the summary calculation module, if the compared summary data are consistent, the PC end adb is started successfully, and if the summary data in the PC are not read or the compared summary data are inconsistent, the PC end adb is started unsuccessfully; the abstract data in the PC is obtained by calculation through an abstract calculation module in advance according to the MAC address and the CPU information of the PC obtained by the data acquisition module;
and the data monitoring and analyzing module is used for receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message and judging whether the protocol in the adb message is correct or not, if so, establishing communication, and if not, rejecting the communication.
The data monitoring and analyzing module is further used for the PC end adb to receive the adb message from the Android end adbd, analyze the adb message and judge whether a protocol in the adb message is correct, if so, establish communication, and if not, refuse communication.
Further, after the Android end adbd and the PC end adb receive the adb messages, the data monitoring and analyzing module analyzes each adb message and judges whether a protocol in the adb message is correct or not, if so, communication is established, and if not, communication is refused.
As can be seen from the above, the present invention has the following beneficial effects:
1. the invention ensures the safety of the PC end adb, and even if the PC end adb software is leaked, the PC end adb software cannot be started on another PC;
2. the invention simultaneously ensures that the PC end adb and the Android end adbd perform bilateral authentication;
3. the invention ensures that message analysis and protocol judgment are carried out every adb data interaction.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (6)
1. A method for protecting data transmission security of an Android system is characterized by comprising the following steps:
step 1, obtaining an MAC address and CPU information of a PC, calculating abstract data by using a hash algorithm and storing the abstract data in the PC;
step 2, customizing the PC end adb and the Android end adbd through an adb communication protocol, adding the PC end adb to obtain the MAC address and the CPU information of the running environment PC, and calculating the function of summary data;
step 3, when the PC terminal adb is started, firstly reading abstract data stored in the PC, and simultaneously acquiring the MAC address and the CPU information of the PC in the operating environment and calculating the abstract data; comparing the read abstract data with the calculated abstract data, if the compared abstract data are consistent, successfully starting the PC end adb, and if the abstract data in the PC are not read or the compared abstract data are inconsistent, failing to start the PC end adb;
and 4, receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message, judging whether the protocol in the analyzed adb message is correct or not, if so, establishing communication, and if not, rejecting the communication.
2. The method for protecting data transmission safety of the Android system according to claim 1, wherein in step 4, the PC end adb also analyzes an adb message received from the Android end adbd and judges whether a protocol in the adb message is correct, if so, communication is established, and if not, communication is denied.
3. The method for protecting data transmission safety of the Android system according to claim 1 or 2, wherein after receiving the adb message, the Android adbd and the PC adb analyze each adb message and judge whether a protocol in the adb message is correct, if so, communication is established, and if not, communication is rejected.
4. The device for protecting the data transmission security of the Android system is characterized by comprising the following components:
the data acquisition module is used for acquiring the MAC address and the CPU information of the PC from the PC terminal adb;
the abstract calculation module is used for calculating abstract data for the MAC address and the CPU information of the PC acquired by the data acquisition module by using a hash algorithm in the PC terminal adb;
the matching module is used for reading the summary data in the PC when the PC end adb is started, comparing the summary data with the summary data calculated in the summary calculation module, if the compared summary data are consistent, the PC end adb is started successfully, and if the summary data in the PC are not read or the compared summary data are inconsistent, the PC end adb is started unsuccessfully; the abstract data in the PC is obtained by calculation through an abstract calculation module in advance according to the MAC address and the CPU information of the PC obtained by the data acquisition module;
and the data monitoring and analyzing module is used for receiving the adb message from the PC end adb by the Android end adbd, analyzing the adb message and judging whether the protocol in the adb message is correct or not, if so, establishing communication, and if not, rejecting the communication.
5. The device for protecting data transmission safety of an Android system according to claim 4, wherein the data monitoring and analyzing module is further configured to enable the PC side adb to receive an adb message from the Android side adbd, analyze the adb message, and determine whether a protocol in the adb message is correct, if so, establish communication, and if not, reject communication.
6. The method for protecting data transmission security of the Android system according to claim 4 or 5, wherein the data monitoring and analyzing module analyzes each adb message and judges whether a protocol in the adb message is correct or not after the Android adbd and the PC adb receive the adb message, if so, communication is established, and if not, communication is rejected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911333176.8A CN111107089B (en) | 2019-12-23 | 2019-12-23 | Method and device for protecting data transmission safety of Android system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911333176.8A CN111107089B (en) | 2019-12-23 | 2019-12-23 | Method and device for protecting data transmission safety of Android system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111107089A CN111107089A (en) | 2020-05-05 |
| CN111107089B true CN111107089B (en) | 2022-03-11 |
Family
ID=70422533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911333176.8A Active CN111107089B (en) | 2019-12-23 | 2019-12-23 | Method and device for protecting data transmission safety of Android system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111107089B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113518106A (en) * | 2021-04-06 | 2021-10-19 | 惠州市德赛西威智能交通技术研究院有限公司 | Virtual machine interaction system and method based on SOME/IP protocol |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799496A (en) * | 2012-06-30 | 2012-11-28 | 深圳市同洲电子股份有限公司 | Method and device for checking operating system kernel and file system in Nand-flash memory |
| CN105678161A (en) * | 2015-12-23 | 2016-06-15 | 北京奇虎科技有限公司 | Installation monitoring method and apparatus of applications |
| CN106612178A (en) * | 2015-10-22 | 2017-05-03 | 哈尔滨安天科技股份有限公司 | Method and device for protecting security of Android adb data transmission |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254113A (en) * | 2011-06-27 | 2011-11-23 | 深圳市安之天信息技术有限公司 | Method and system for detecting and intercepting malicious code of mobile terminal |
| CN104391695B (en) * | 2014-11-06 | 2017-11-24 | 北京凌阳益辉科技有限公司 | A kind of method and its device that control is synchronized by external equipment |
| CN107483696B (en) * | 2017-07-12 | 2019-11-22 | 武汉卡比特信息有限公司 | A kind of communication means and system of mobile phone and computer equipment |
-
2019
- 2019-12-23 CN CN201911333176.8A patent/CN111107089B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799496A (en) * | 2012-06-30 | 2012-11-28 | 深圳市同洲电子股份有限公司 | Method and device for checking operating system kernel and file system in Nand-flash memory |
| CN106612178A (en) * | 2015-10-22 | 2017-05-03 | 哈尔滨安天科技股份有限公司 | Method and device for protecting security of Android adb data transmission |
| CN105678161A (en) * | 2015-12-23 | 2016-06-15 | 北京奇虎科技有限公司 | Installation monitoring method and apparatus of applications |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111107089A (en) | 2020-05-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107483419B (en) | Method, device and system for authenticating access terminal by server, server and computer readable storage medium | |
| CN104767713B (en) | Account binding method, server and system | |
| US20090298468A1 (en) | System and method for deleting data in a communication device | |
| CN111193817B (en) | Method and device for automatically registering equipment serial number, computer equipment and storage medium | |
| CN110635898A (en) | Encryption method and encryption system | |
| US20100223668A1 (en) | Apparatus and method for managing terminal users | |
| CN112448956B (en) | Authority processing method and device of short message verification code and computer equipment | |
| CN111506497A (en) | Service logic debugging method, device, equipment and computer readable storage medium | |
| CN113987543A (en) | Online data monitoring method and device | |
| CN111107089B (en) | Method and device for protecting data transmission safety of Android system | |
| CN117032908B (en) | Integrated computing device deployment operation method and system based on redundancy architecture | |
| CN111898101A (en) | Application security equipment verification method and device | |
| CN113438225B (en) | Vehicle-mounted terminal vulnerability detection method, system, equipment and storage medium | |
| CN110674499A (en) | Method, device and storage medium for identifying computer threat | |
| CN110717770A (en) | Anti-counterfeiting detection method, device, equipment and storage medium for vehicle parts | |
| CN108574658B (en) | Application login method and device | |
| CN107172082B (en) | File sharing method and system | |
| CN106446719B (en) | Method for preventing eSIM file from being tampered and mobile terminal | |
| CN115086090A (en) | Network login authentication method and device based on UKey | |
| EP3926992A1 (en) | Electronic device, and authentication method in electronic device | |
| CN109241728B (en) | Method and device for acquiring password information, computer equipment and storage medium | |
| CN114172714A (en) | Account access authority control method and device and electronic equipment | |
| CN113613313A (en) | Communication method, device and medium for Bluetooth equipment pairing | |
| CN110912704B (en) | Certificate loading method and related product | |
| CN112637855A (en) | Machine-card binding method based on block chain and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |