Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts

D. S. Pradeep Kumar; Jaejong Baek; Tiffany Bao; Yan Shoshitaishvili; Adam L. Doupe; Ruoyu Wang; Gail Joon Ahn

Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts

D. S. Pradeep Kumar, Jaejong Baek, Tiffany Bao, Yan Shoshitaishvili, Adam L. Doupe, Ruoyu Wang, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.

Original language	English (US)
Title of host publication	Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
Editors	Tung X. Bui
Publisher	IEEE Computer Society
Pages	7217-7226
Number of pages	10
ISBN (Electronic)	9780998133140
State	Published - 2021
Event	54th Annual Hawaii International Conference on System Sciences, HICSS 2021 - Virtual, Online Duration: Jan 4 2021 → Jan 8 2021

Publication series

Name	Proceedings of the Annual Hawaii International Conference on System Sciences
Volume	2020-January
ISSN (Print)	1530-1605

Conference

Conference	54th Annual Hawaii International Conference on System Sciences, HICSS 2021
City	Virtual, Online
Period	1/4/21 → 1/8/21

ASJC Scopus subject areas

General Engineering

Cite this

Pradeep Kumar, D. S., Baek, J., Bao, T., Shoshitaishvili, Y., Doupe, A. L., Wang, R., & Ahn, G. J. (2021). Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. In T. X. Bui (Ed.), Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021 (pp. 7217-7226). (Proceedings of the Annual Hawaii International Conference on System Sciences; Vol. 2020-January). IEEE Computer Society.

Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. / Pradeep Kumar, D. S.; Baek, Jaejong; Bao, Tiffany et al.
Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021. ed. / Tung X. Bui. IEEE Computer Society, 2021. p. 7217-7226 (Proceedings of the Annual Hawaii International Conference on System Sciences; Vol. 2020-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Pradeep Kumar, DS, Baek, J, Bao, T , Shoshitaishvili, Y , Doupe, AL , Wang, R & Ahn, GJ 2021, Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. in TX Bui (ed.), Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021. Proceedings of the Annual Hawaii International Conference on System Sciences, vol. 2020-January, IEEE Computer Society, pp. 7217-7226, 54th Annual Hawaii International Conference on System Sciences, HICSS 2021, Virtual, Online, 1/4/21.

Pradeep Kumar DS, Baek J, Bao T , Shoshitaishvili Y , Doupe AL , Wang R et al. Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. In Bui TX, editor, Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021. IEEE Computer Society. 2021. p. 7217-7226. (Proceedings of the Annual Hawaii International Conference on System Sciences).

Pradeep Kumar, D. S. ; Baek, Jaejong ; Bao, Tiffany et al. / Mutent : Dynamic android intent protection with ownership-based key distribution and security contracts. Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021. editor / Tung X. Bui. IEEE Computer Society, 2021. pp. 7217-7226 (Proceedings of the Annual Hawaii International Conference on System Sciences).

@inproceedings{e1c9fa0fcbbc4c5b85005ac899b19806,

title = "Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts",

abstract = "Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.",

author = "{Pradeep Kumar}, {D. S.} and Jaejong Baek and Tiffany Bao and Yan Shoshitaishvili and Doupe, {Adam L.} and Ruoyu Wang and Ahn, {Gail Joon}",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE Computer Society. All rights reserved.; 54th Annual Hawaii International Conference on System Sciences, HICSS 2021 ; Conference date: 04-01-2021 Through 08-01-2021",

year = "2021",

language = "English (US)",

series = "Proceedings of the Annual Hawaii International Conference on System Sciences",

publisher = "IEEE Computer Society",

pages = "7217--7226",

editor = "Bui, {Tung X.}",

booktitle = "Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021",

}

TY - GEN

T1 - Mutent

T2 - 54th Annual Hawaii International Conference on System Sciences, HICSS 2021

AU - Pradeep Kumar, D. S.

AU - Baek, Jaejong

AU - Bao, Tiffany

AU - Shoshitaishvili, Yan

AU - Doupe, Adam L.

AU - Wang, Ruoyu

AU - Ahn, Gail Joon

PY - 2021

Y1 - 2021

N2 - Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.

AB - Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.

UR - http://www.scopus.com/inward/record.url?scp=85108311367&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85108311367&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85108311367

T3 - Proceedings of the Annual Hawaii International Conference on System Sciences

SP - 7217

EP - 7226

BT - Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021

A2 - Bui, Tung X.

PB - IEEE Computer Society

Y2 - 4 January 2021 through 8 January 2021

ER -

Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this