Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts

D. S. Pradeep Kumar, Jaejong Baek, Tiffany Bao, Yan Shoshitaishvili, Adam L. Doupe, Ruoyu Wang, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.

Original languageEnglish (US)
Title of host publicationProceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
EditorsTung X. Bui
PublisherIEEE Computer Society
Pages7217-7226
Number of pages10
ISBN (Electronic)9780998133140
StatePublished - 2021
Event54th Annual Hawaii International Conference on System Sciences, HICSS 2021 - Virtual, Online
Duration: Jan 4 2021Jan 8 2021

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2020-January
ISSN (Print)1530-1605

Conference

Conference54th Annual Hawaii International Conference on System Sciences, HICSS 2021
CityVirtual, Online
Period1/4/211/8/21

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint

Dive into the research topics of 'Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts'. Together they form a unique fingerprint.

Cite this