Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2022: Security and Privacy in Communication Networks pp 431–449Cite as

Enabling Accurate Data Recovery for Mobile Devices Against Malware Attacks

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 462)

Abstract

Mobile computing devices today suffer from various malware attacks. After the malware attack, it is challenging to restore the device’s data back to the exact state right before the attack happens. This challenge would be exacerbated if the malware can compromise the OS of the victim device, obtaining the root privilege. In this work, we aim to design a novel data recovery framework for mobile computing devices, which can ensure recoverability of user data at the corruption point against the strong OS-level malware. By leveraging the version control capability of the cloud server and the hardware features of the local mobile device, we have successfully built MobiDR, the first system which can ensure restoration of data at the corruption point against the malware attacks. Our security analysis and experimental evaluation on the real-world implementation have justified the security and the practicality of MobiDR.

Keywords

  • Mobile device
  • Data recovery
  • OS-level malware
  • Corruption point
  • FTL
  • TrustZone
  • Version control

This is a preview of subscription content, access via your institution.

Chapter
EUR   29.95
Price includes VAT (Finland)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR   93.08
Price includes VAT (Finland)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR   120.99
Price includes VAT (Finland)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Notes

  1. 1.

    Typically, delta data are committed to the remote server periodically rather than continuously, to reduce bandwidth/energy consumption imposed on the low-power mobile computing devices.

  2. 2.

    TrustZone has been broadly supported since ARMv7.

  3. 3.

    An extreme case is that the device is almost filled and there are no unused blocks. In this case, if there is a flash block which stores invalid data that have not been backed up yet, \(\textsf{MobiDR}\) will back up those data immediately and garbage collection can be immediately performed on this block.

  4. 4.

    If the malware is impossible to be eliminated, we can unplug the flash storage medium from the victim device and plug it into a clean device for the recovery phase.

  5. 5.

    During recovery, we can simply place the content back to the LBA in the flash memory, since where the content will be physically located is not important.

  6. 6.

    The description here is not very exact. In practice, a few pages together may belong to the same atomic operation and cannot be separated.

  7. 7.

    Currently OP-TEE has not supported TLS yet, which can be implemented as “a glue layer between mbedTLS and the GP API provided [6]”.

References

  1. DRFlash - A Prototype of MobiDR. https://snp.cs.mtu.edu/drflash.html

  2. Firefly AIO-3399J. https://en.t-firefly.com/product/industry/aio_3399

  3. Lpc-h3131. https://www.olimex.com/Products/ARM/NXP/LPC-H3131/

  4. Open Portable Trusted Execution Environment. https://www.op-tee.org/

  5. Raspberry Pi 3 Model B. https://www.raspberrypi.org/products/raspberry-pi-3-model-b/

  6. TLS support in OPTEE #4075. https://github.com/OP-TEE/optee_os/issues/4075

  7. xxHash. https://cyan4973.github.io/xxHash/

  8. Mobile Malware. https://usa.kaspersky.com/resource-center/threats/mobile-malware, 1998

  9. Baek, S.H., Jung, Y., Mohaisen, A., Lee, S., Nyang, D.H.: Ssd-insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In: Proceedings of ICDCS, pp. 875–884 (2018)

    Google Scholar 

  10. Baek, S., Jung, Y., Mohaisen, A., Lee, S., Nyang, D.: Ssd-assisted ransomware detection and data recovery techniques. IEEE Trans. Comput. 70(10), 1762–1776 (2020)

    Google Scholar 

  11. Breeuwsma, M., De Jongh, M., Klaver, C., Van Der Knijff, R., Roeloffs, M.: Forensic data recovery from flash memory. Small Scale Digital Device Forensics J. 1(1), 1–17 (2007)

    Google Scholar 

  12. Chen, B., Curtmola, R.: Auditable version control systems. In: Proceedings of NDSS (2014)

    Google Scholar 

  13. Chen, B., Curtmola, R., Dai, J.: Auditable version control systems in untrusted public clouds. In: Software Architecture for Big Data and the Cloud, pp. 353–366. Elsevier (2017)

    Google Scholar 

  14. Chen, N., Chen, B.: Defending against os-level malware in mobile devices via real-time malware detection and storage restoration. J. Cybersecur. Privacy 2(2), 311–328 (2022)

    CrossRef  Google Scholar 

  15. Chen, N., Xie, W., Chen, B.: Combating the OS-level malware in mobile devices by leveraging isolation and steganography. In: Zhou, J., et al. (eds.) ACNS 2021. LNCS, vol. 12809, pp. 397–413. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81645-2_23

    CrossRef  Google Scholar 

  16. Google Code. Opennfm. https://code.google.com/p/opennfm/

  17. Continella, A.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of ACSAC, pp. 336–347. ACM (2016)

    Google Scholar 

  18. Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inform. Syst. Secur. (TISSEC), 17(4), 1–29 (2015)

    Google Scholar 

  19. Esiner, E., Datta, A.: Auditable versioned data storage outsourcing. Futur. Gener. Comput. Syst. 55, 17–28 (2016)

    CrossRef  Google Scholar 

  20. Etemad, M., Küpçü, A.: Transparent, distributed, and replicated dynamic provable data possession. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 1–18. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_1

    CrossRef  Google Scholar 

  21. Guan, L., et al.: Supporting transparent snapshot for bare-metal malware analysis on mobile devices. In: Proceedings of ACSAC, pp. 339–349 (2017)

    Google Scholar 

  22. Huang, J., Xu, J., Xing, X., Liu, P., Qureshi, M.K.: Flashguard: Leveraging intrinsic flash properties to defend against encryption ransomware. In: Proceedings of ACM CCS, pp. 2231–2244. ACM (2017)

    Google Scholar 

  23. Krishnan, A.S., Suslowicz, C., Dinu, D., Schaumont, P.: Secure intermittent computing protocol: Protecting state across power loss. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 734–739. IEEE (2019)

    Google Scholar 

  24. Min, D., et al.: Amoeba: an autonomous backup and recovery ssd for ransomware attack defense. IEEE Comput. Archit. Lett. 17(2), 245–248 (2018)

    CrossRef  Google Scholar 

  25. Qiu, P., Wang, D., Lyu, Y., Qu, G.: Voltjockey: Breaching trustzone by software-controlled voltage manipulation over multi-core frequencies. In: Proceedings of ACM CCS, pp. 195–209 (2019)

    Google Scholar 

  26. Subedi, K.P., Budhathoki, D.R., Chen, B., Dasgupta, D.: Rds3: Ransomware defense strategy by using stealthily spare space. In: Computational Intelligence (SSCI), 2017 IEEE Symposium Series on, pp. 1–8. IEEE (2017)

    Google Scholar 

  27. Vaidya, S., Torres-Arias, S., Curtmola, R., Cappos, J.: Commit Signatures for Centralized Version Control Systems. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds.) SEC 2019. IAICT, vol. 562, pp. 359–373. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22312-0_25

    CrossRef  Google Scholar 

  28. Wan, S., Sun, M., Sun, K., Zhang, N., He, X. Rustee: Developing memory-safe arm trustzone applications. In: Annual Computer Security Applications Conference, pp. 442–453 (2020)

    Google Scholar 

  29. Wang, P., Jia, S., Chen, B., Xia, L., Liu, P.: Mimosaftl: Adding secure and practical ransomware defense strategy to flash translation layer. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 327–338 (2019)

    Google Scholar 

  30. Wang, X., Yuan, Y., Zhou, Y., Coats, C.C., Huang, J.: Project almanac: A time-traveling solid-state drive. In: Proceedings of the Fourteenth EuroSys Conference 2019, pp. 1–16 (2019)

    Google Scholar 

  31. Zhang, N., Sun, K., Shands, D., Lou, W., Hou, Y.T.: Trusense: Information leakage from trustzone. In: Proceedings of IEEE INFOCOM, pp. 1097–1105. IEEE (2018)

    Google Scholar 

  32. Zhang, Y., Blanton, M.: Efficient dynamic provable possession of remote data via update trees. ACM Trans. Storage (TOS) 12(2), 1–45 (2016)

    CrossRef  Google Scholar 

Download references

Acknowledgment

This work was supported by US National Science Foundation under grant number 1938130-CNS, 1928349-CNS, and 2043022-DGE.

Author information

Authors and Affiliations

  1. Department of Computer Science, Michigan Technological University, Michigan, USA

    Wen Xie, Niusen Chen & Bo Chen

Authors
  1. Wen Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Niusen Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bo Chen .

Editor information

Editors and Affiliations

  1. University of Kansas, Lawrence, KS, USA

    Fengjun Li

  2. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  3. The Ohio State University, Columbus, OH, USA

    Zhiqiang Lin

  4. Norwegian University of Science and Tech, Gjøvik, Norway

    Sokratis K. Katsikas

Rights and permissions

Reprints and Permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xie, W., Chen, N., Chen, B. (2023). Enabling Accurate Data Recovery for Mobile Devices Against Malware Attacks. In: Li, F., Liang, K., Lin, Z., Katsikas, S.K. (eds) Security and Privacy in Communication Networks. SecureComm 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 462. Springer, Cham. https://doi.org/10.1007/978-3-031-25538-0_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25538-0_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25537-3

  • Online ISBN: 978-3-031-25538-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Search

Navigation