基于Android内核的图像视频数据保护技术

信息安全研究 ›› 2018, Vol. 4 ›› Issue (4): 342-351.

基于Android内核的图像视频数据保护技术

庞鹏飞¹,韩文聪¹,薛源¹,于长富²,谢长达²

1. 计算机学院北京理工大学
2. 中国人民解放军32133部队

收稿日期:2018-04-20 出版日期:2018-04-15 发布日期:2018-04-20
通讯作者: 庞鹏飞
作者简介:庞鹏飞1，男，1985年生，北京理工大学计算机学院在读硕士，主要研究领域为信息安全、嵌入式技术韩文聪1，男，1990年生，北京理工大学计算机学院在读硕士，主要研究领域为信息安全、嵌入式技术薛源1，男，1985年生，北京理工大学计算机学院在读博士，主要研究领域为信息安全、存储算法于长富2，男，1980年生，博士，32133部队工程师，主要研究领域为信息安全、存储算法、数据挖掘技术谢长达2，男，1983年生，硕士，32133部队工程师，主要研究领域为信息安全、存储算法、数据挖掘技术

An Image and Video Protection Scheme Based on Android Kernel Extension

Received:2018-04-20 Online:2018-04-15 Published:2018-04-20

摘要/Abstract

摘要： 随着移动互联网的普及和网民安全意识的提高，移动安全特别是数据安全变得日益重要。目前，Android系统主要通过粗粒度的权限管理机制和全磁盘加密技术保护数据，无法满足用户的数据安全要求。本文在Android手机中对图像、视频数据存储机制进行分析，提出了一种基于Android内核扩展的数据保护方案. 与现有的研究技术不同，本文解决了Android系统设备权限滥用问题和隐私数据存储、显示及传输过程中数据安全问题。本文在HTC E9pw手机上对基于Android内核扩展的数据保护技术进行研究测试。实验表明，在Android手机上通过定制Android内核实现数据保护是可行的。基于内核进行数据保护增加CPU工作负担很小，系统能够保持稳定运行。同时，本文提出的数据保护技术还可以推广到蓝牙、WiFi、文本和录音等设备和数据的安全防护，具有重要意义。

关键词: 数据安全, 安卓, 权限管理, 内核, 数据保护

Abstract: As mobile security, especially data security, is gaining more and more attention; most mobile phone users protect their data with encryption. At present, Android system mainly protects the data through coarse-grained authority management mechanism and inefficient full-disk encryption technology, which can’t meet user's data security requirements. This paper analyzes the photos and video data in Android mobile phones and proposes a data protection scheme based on Android kernel extension. The difference with other existing research techniques is that our proposed solution solves the problem of abuse of device rights in Android system and data security in the process of storage, display and transmission of private data. This article tests data protection techniques based on Android kernel extensions on real cell phones. Experiments show that it is feasible to implement data protection by customizing the Android kernel on Android phones. Data protection based on the kernel increases the CPU work, but the burden is small. At the same time, the data protection technology proposed in this paper can also be extended to protect other devices and data such as Bluetooth, WIFI, text and voice recording, which is of great significance.

Key words: Data Security, Android, Authority Management, Kernel, Data Protection

庞鹏飞韩文聪薛源于长富谢长达. 基于Android内核的图像视频数据保护技术[J]. 信息安全研究, 2018, 4(4): 342-351.

参考文献

[1] Jiang F, Huang X. Development Report on China’s Wearable Devices in 2014[M]//Development Report on China’s New Media. Springer, Singapore, 2017: 129-145 [2] Enck W, Ongtang M, Mcdaniel P. Understanding Android Security[J]. IEEE Security & Privacy, 2009, 7(1):50-57 [3] Shen J, Gong S, Bao W. Analysis of Network Security in Daily Life[J]. INFORMATION AND COMPUTER SECURITY, 2018, 1(1) [4] Yu L, Luo X, Liu X, et al. Can We Trust the Privacy Policies of Android Apps?[C]// Ieee/ifip International Conference on Dependable Systems and Networks. IEEE, 2016:538-549 [5] Basu P, Rajamanikkam C, Bal A, et al. FIFA: Exploring a Focally Induced Fault Attack Strategy in Near-Threshold Computing[J]. IEEE Embedded Systems Letters, 2017, PP(99):1-1 [6] 李金龙. 基于内核扩展的智能手机安全加固技术[D]. 北京理工大学, 2015 [7] Prashantjawade P, Thakre S S. PHYSICAL SECURITY FOR MOBILE DEVICES USING NOVEL APPLICATION LOCKBOX[J]. International Journal of Innovative Research in Computer & Communication Engineering, 2013, 1(5) [8] Cortier V, Filipiak A, Florent J, et al. Designing and proving an EMV-compliant payment protocol for mobile devices[C]//Security and Privacy (EuroS&P), 2017 IEEE European Symposium on. IEEE, 2017: 467-480 [9] Shezan F H, Afroze S F, Iqbal A. Vulnerability detection in recent Android apps: An empirical study[C]//Networking, Systems and Security (NSysS), 2017 International Conference on. IEEE, 2017: 55-63 [10] Liu X, Diao W, Zhou Z, et al. Gateless treasure: How to get sensitive information from unprotected external storage on Android phones[J]. CoRR, vol. abs/1407.5410, 2014 [11] Cai S, Huang R, Yang N, et al. Research on Dynamic Safe Loading Techniques in Android Application Protection System[C]//International Conference on Smart Computing and Communication. Springer, Cham, 2017: 134-143 [12] Wijesekera P, Baokar A, Tsai L, et al. The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences[C]//Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 2017: 1077-1093 [13] Andriotis P, Sasse M A, Stringhini G. Permissions snapshots: Assessing users' adaptation to the Android runtime permission model[C]// IEEE International Workshop on Information Forensics and Security. IEEE, 2017 [14] 杨博. Android系统下应用程序的安全性研究[D]. 上海交通大学, 2013 [15] Hong S, Liu C, Cheng B, et al. MobiGemini: sensitive-based data and resource protection framework for mobile device[J]. China Communications, 2017, 14(7): 1-11 [16] Müller T, Spreitzenbarth M. FROST[C]// International Conference on Applied Cryptography and Network Security. Springer Berlin Heidelberg, 2013:373-388 [17] Rosculete L, Rosculete L, Mitra T, et al. Automated partitioning of android applications for trusted execution environments[C]// Ieee/acm, International Conference on Software Engineering. IEEE, 2017:923-934 [18] Zhang Y, Zhao S, Qin Y, et al. TrustTokenF: A Generic Security Framework for Mobile Two-Factor Authentication Using TrustZone[C]// IEEE Trustcom/bigdatase/ispa. IEEE Computer Society, 2015:41-48 [19] Gao C, Yang C H. File-Based Encryption with SM4[C]//Data Science in Cyberspace (DSC), 2017 IEEE Second International Conference on. IEEE, 2017: 426-430 [20] Hazra S, Mateti P. Challenges in Android Forensics[C]//International Symposium on Security in Computing and Communication. Springer, Singapore, 2017: 286-299 [21] Cai X, Gu X, Wang Y, et al. Enforcing ACL Access Control on Android Platform[C]//International Conference on Information Security. Springer, Cham, 2017: 366-383 [22] Chang R, Jiang L, Chen W, et al. Towards a multilayered permission‐based access control for extending Android security[J]. Concurrency & Computation Practice & Experience, 2017(2):e4180 [23] Wu J, Yang M, Luo T. PACS: Pemission abuse checking system for android applictions based on review mining[C]//Dependable and Secure Computing, 2017 IEEE Conference on. IEEE, 2017: 251-258 [24] Enck W, Octeau D, Mcdaniel P, et al. A study of android application security[C]// Usenix Conference on Security. USENIX Association, 2011:21-21 [25] Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009: 235-245 [26] Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid: behavior-based malware detection system for Android[C]// ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2011:15-26 [27] 王磊. Android增强型权限控制机制的设计与实现[D]. 北京大学, 2011 [28] 汤瑾. Android平台下的隐私数据保护方法的研究与实现[D]. 北京邮电大学, 2014 [29] 苑举立. Android应用的权限泄露分析[D]. 上海交通大学, 2014 [30] Huang F, Wu W, Yang M, et al. A fine-grained permission control mechanism for external storage of Android[C]// IEEE International Conference on Systems, Man, and Cybernetics. IEEE, 2017:002911-002916 [31] Lu Y F, Kuo C F, Fang Y Y. Efficient Storage Encryption for Android Mobile Devices[C]// International Conference on Research in Adaptive and Convergent Systems. ACM, 2016:213-218