Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method for detecting cryptology misuse of Android application programs

A technology for application and misuse detection, applied in program control devices, digital data protection, etc., to solve problems such as inability to process applications

Active Publication Date: 2015-04-01
SHANGHAI JIAO TONG UNIV +1
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But the defects and deficiencies of this technology are: first, the platform of this program analysis technology is Windows, which cannot handle the application programs of Android platform; second, the main function of this technology is a technology for extracting internal information of Windows applications, The information mentioned here includes application format, development language, protection type, cryptographic algorithm used, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting cryptology misuse of Android application programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Such as figure 1 As shown, this embodiment includes the following steps:

[0041] The first step is to conduct a reverse analysis of the application to be detected to obtain the source code. The specific steps include:

[0042] 1.1 Use JEB to reverse process the application to be detected, reversely restore the program code in the compiled Android application apk file to smali code and java code.

[0043] 1.2 The application program processed by JEB includes smali code and java code. The smali code includes all class codes and can be used as a code library. The java code is divided into different files by class.

[0044]The second step is to find the code segment related to the cryptographic algorithm in the reversed smali code. The specific steps include:

[0045] 2.1 Statically scan the smali code reversed by the application to be detected, and find the API that the java cryptography library must use: the dofinal() function. By looking for this function, you can loc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting cryptology misuse of Android application programs. The method comprises the following steps of decompiling a to-be-detected program and generating a codebase; then, looking up code segments related with a cryptographic algorithm from the codebase; then, stripping the code segments related with the cryptographic algorithm out of an original program to obtain a complete cryptographic algorithm implementation process code; finally, performing data abstraction and process modeling processing on each cryptographic algorithm implementation process code segment obtained in the step 3; comparing the cryptographic algorithm implementation process code segments item by item through pattern matching and a cryptographic algorithm implementation rule appointed in advance, outputting items which do not meet the implementation rule and summarizing to form a safety analysis result. According to the method disclosed by the invention, through static analysis on an Android application program, a cryptographic algorithm type used in the application program can be automatically judged, and the code segments related with the cryptographic algorithm are automatically extracted; safety analysis is performed on the code segments so as to find out a problem link during a cryptographic algorithm implementation process, and the safety analysis result of the cryptology misuse of the application program is finally obtained.

Description

technical field [0001] The invention relates to an application program security analysis technology in the field of mobile intelligent terminals, and relates to a detection scheme for whether there is a cryptography misuse loophole in an Android application program. Background technique [0002] With the development of the mobile Internet, mobile smart terminals are playing an increasingly important role in people's daily life, followed by mobile smart terminals storing and processing more and more information closely related to user privacy or interests. important data. When processing these important data, in order to ensure the security of the data, the application program will encrypt the data before storing and sending the data. [0003] The encryption and decryption of data in the application is generally a mature cryptographic algorithm. As mature cryptographic algorithms, these algorithms have been analyzed and tested by many cryptographic researchers in the world,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/44G06F21/60
Inventor 张媛媛束骏亮杨文博李卷孺谷大武
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com