计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (18): 24-31.DOI: 10.3778/j.issn.1002-8331.1707-0036

• 热点与综述 • 上一篇    下一篇

SCBox——保护Android应用网络通信的安全工具

曹  泽,张  文,牛少彰   

  1. 北京邮电大学 智能通信软件与多媒体北京市重点实验室,北京 100876
  • 出版日期:2017-09-15 发布日期:2017-09-29

SCBox:efficient, policy-configured tool for enhance Android apps network communications security

CAO Ze, ZHANG Wen, NIU Shaozhang   

  1. Beijing Key Lab of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Online:2017-09-15 Published:2017-09-29

摘要: Android应用程序的社交、支付等功能给人们的生活带来了很大的便利,但是WIFI热点攻击、应用程序加密协议误用等问题的不断出现导致Android应用的网络通信非常容易遭受中间人攻击。针对这种威胁,实现了一个高效的、可配置安全优化策略的、保护Android应用网络通信的安全工具SCBox(Secure Communication Box)。SCBox是运行在Android系统上的一个应用程序,它基于应用程序插件化,可以让第三方应用导入其中并正常运行在一个安全沙箱中。通过代理第三方应用程序的网络通信,SCBox与中继服务器建立安全连接,然后数据经过中继服务器的转发安全到达应用服务器,实现加密的安全通信。相比较于保护Android应用网络通信的其他方案,SCBox不用修改操作系统和第三方应用程序代码,解决了这种修改源代码方案面临的部署困难的问题。而且,SCBox还可以配置安全优化策略,在静态导入阶段选择是否保护此应用程序、与哪个中继服务器建立安全连接,在动态运行阶段根据应用程序的上下文选择是否授予相应权限,限制了应用程序中第三方库的恶意上传隐私数据行为。实验证明,SCBox可以有效抵御WIFI热点攻击和加密协议误用等问题造成的中间人攻击,而且不会带来太大的性能消耗。

关键词: Android, 通信, 安全, 加密协议

Abstract: The Android application facilitates people’s life which provides some functions such as chat with your friends, pay for the bill, and so on. Unfortunately, some problems caused by rouge access point and misuse cryptographic protocol make Android apps vulnerable to man-in-the-middle attack. This paper presents SCBox(Secure Communication Box), an efficient tool that can customize secure strategy for enhance Android apps network communications security. SCBox is based on application virtualization that can make encapsulated apps run in isolated sandboxing environment without install on stock Android. It can establish secure connection with relay server which retransmit the data to application server securely by intercepting network socket between the app and the system. Compared to other related work, SCBox combines the strong security guarantees of OS security extension with the deployability of application layer solution without modify OS and application. Meanwhile, SCBox can customize secure optimized strategy that it is optional for user whether the network communication of the app is to be protected and which relay server is to be selected. It can also limit the Internet permission of apps to prevent the malicious third-party library from uploading privacy data. The implementation and evaluation of SCBox on some vulnerable apps show that it can enhance network communications security of Android apps without much performance overhead.

Key words: Android, communication, security, cryptographic protocol