Mobile Networks and Applications

, Volume 19, Issue 1, pp 79–87 | Cite as

Quantifying and Classifying Covert Communications on Android

Article

Abstract

By exploiting known covert channels, Android applications today are able to bypass the built-in permission system and share data in a potentially untraceable manner. These channels have sufficient bandwidth to transmit sensitive information, such as GPS locations, in real-time to collaborating applications with Internet access. In this paper, we extend previous work involving an application layer covert communications detector. We measure the stability of the volume and vibration channels on the Android emulator, HTC G1, and Motorola Droid. In addition, we quantify the effect that our detector has on channel capacities for stealthy malicious applications using a theoretical model. Lastly, we introduce a new classification of covert and overt communication for the Android platform.

Keywords

Covert communication Android smartphones Security 

References

  1. 1.
    Damopoulos D, Kambourakis G, Gritzalis S (2013) From keyloggers to touchloggers: Take the rough with the smooth. Comput Sec 32(0):102–114. doi:10.1016/j.cose.2012.10.002. http://www.sciencedirect.com/science/article/pii/S0167404812001654 Google Scholar
  2. 2.
  3. 3.
    Barrera D, Kayacik H, van Oorschot P, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM conference on computer and communications security. ACM, pp 73–84Google Scholar
  4. 4.
    Blasing T, Batyuk L, Schmidt AD, Camtepe S, Albayrak S (2010) An android application sandbox system for suspicious software detection. In: 2010 5th International conference on malicious and unwanted software (MALWARE), pp 55–62. doi:10.1109/MALWARE.2010.5665792
  5. 5.
    Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A (2011) Xmandroid: A new android evolution to mitigate privilege escalation attacks, SecurityGoogle Scholar
  6. 6.
    Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based ids for mobile devices using machine learning classifiers. Secur Commun Networks 5(1):3–14. doi:10.1002/sec.341 CrossRefGoogle Scholar
  7. 7.
    Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach D (2011) Quire: lightweight provenance for smart phone operating systems. In: USENIX securityGoogle Scholar
  8. 8.
    Dini G, Martinelli F, Saracino A, Sgandurra D (2012) Madam: a multi-level anomaly detector for android malware. In: Proceedings of the 6th international conference on mathematical methods, models and architectures for computer network security: computer network security, MMM-ACNS’12. Springer-Verlag, Berlin, pp 240–253. doi:10.1007/978-3-642-33704-821 Google Scholar
  9. 9.
    Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, Sheth A (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX conference on operating systems design and implementation, USENIX Association, pp 1–6Google Scholar
  10. 10.
    Enck W, Ongtang M, McDaniel P (2009) Understanding android security. IEEE Secur Privacy 7(1):50–57CrossRefGoogle Scholar
  11. 11.
    Gianvecchio S, Wang H (2007) Detecting covert timing channels: an entropy-based approach. In: Proceedings of the 14th ACM conference on computer and communications security. ACM, pp 307–316Google Scholar
  12. 12.
    Hansen M, Hill R, Wimberly S (2012) Detecting covert communication on android. In: IEEE local computer networks 2012 conferenceGoogle Scholar
  13. 13.
    Holloway R (2010) Covert dcf-a dcf-based covert timing channel in 802.11 networksGoogle Scholar
  14. 14.
    Kemmerer R (1983) Shared resource matrix methodology: an approach to identifying storage and timing channels. ACM Trans Comput Syst (TOCS) 1(3):256–277CrossRefGoogle Scholar
  15. 15.
    Kemmerer R (2002) A practical approach to identifying storage and timing channels: twenty years later. In: 18th Annual computer security applications conference, 2002. Proceedings. IEEE, pp 109–118Google Scholar
  16. 16.
    Lampson B (1973) A note on the confinement problem. Commun ACM 16(10):613–615CrossRefGoogle Scholar
  17. 17.
    Mulliner C, Vigna G, Dagon D, Lee W (2006) Using labeling to prevent cross-service attacks against smart phones. Detect Intrusions Malware Vulnerability Assess: 91–108Google Scholar
  18. 18.
    Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. In: Annual computer security applications conference, 2009. ACSAC’09. IEEE pp 340–349Google Scholar
  19. 19.
    Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang X (2011) Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: Proceedings of the network and distributed system security symposiumGoogle Scholar
  20. 20.
    Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) Andromaly: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190. doi:10.1007/s10844-010-0148-x CrossRefGoogle Scholar
  21. 21.
    Wang Z, Lee R (2005) New constructive approach to covert channel modeling and channel capacity estimation. Inf Secur: 498–505Google Scholar
  22. 22.
    Wray J (1991) An analysis of covert timing channels. In: Proceedings IEEE computer society symposium on research in security and privacy, 1991. IEEE, pp 2–7Google Scholar
  23. 23.
    Yan LK, Yin H (2012) Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX conference on security symposium, Security’12. USENIX Association, Berkeley, pp 29–29. http://dl.acm.org/citation.cfm?id=2.3627932362822 Google Scholar
  24. 24.
    Zhou Y, Zhang X, Jiang X, Freeh VW (2011) Taming information-stealing smartphone applications (on android). In: Proceedings of the 4th international conference on trust and trustworthy computing, TRUST’11. Springer-Verlag, Berlin, pp 93–107. http://dl.acm.org/citation.cfm?id=2.0222452022255 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Indiana UniversityBloomingtonUS

Personalised recommendations