공인인증서 유출형 안드로이드 악성앱 탐지를 위한 Tainting 기법 활용 연구

A Study on Tainting Technique for leaking official certificates Malicious App Detection in Android

  • 투고 : 2018.08.16
  • 심사 : 2018.09.23
  • 발행 : 2018.09.30

초록

공인인증서는 개인을 증명하거나 통신간의 위변조 등을 방지하기 위하여 공인인증기관에서 발행하는 전자화된 정보로써 사이버 상의 인감도장이라 할 수 있다. 공인인증서는 암호화 된 파일의 형태로 PC 및 스마트폰에 저장되어 인터넷뱅킹 및 스마트뱅킹 서비스를 이용할 때 개인을 증명하기 위해 사용하기 때문에 외부로 유출될 경우 위험할 수 있다. 급증하는 안드로이드 기반 악성 어플리케이션 중 파일로 존재하는 공인인증서와 개인정보 등을 외부의 서버에 전송하는 악성 어플리케이션 또한 발견되고 있다. 본 논문은 공인인증서 탈취 악성코드를 사전에 판단하여 차단하기 위해 안드로이드 기반 동적 분석 도구인 DroidBox를 이용하여 공인인증서 외부 유출행위 여부를 판단하는 방안을 제안한다.

The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

키워드

참고문헌

  1. 개인정보보호 종합포털-주민등록번호 수집금지 제도 가이드라인, https://www.privacy.go.kr/nns/ntc/selectBoardArticle.do?nttId=5006
  2. 금융위원회 고시 제 2015-7호, http://www.fsc.go.kr/know/law_most_view.jsp?menu=7410100&bbsid=BBS0079&no=30700
  3. YTN, http://www.ytn.co.kr/_ln/0103_201603220904243529
  4. 미래창조과학부, theminjoo.kr/fileDn.do?seq=17260
  5. http://www.dailysecu.com/news/articleView.html?idxno=3637
  6. Youngseok Choi, Sunghhon Kim, Dong Hoon Lee, "Study to detect and block leakage of personal informaion : Android-platform environment," Journal of The Koread Institute of Information Security & Cryptology(JKIISC), Vol.23, No.4, August 2013
  7. Dorae Kim, Yongsu Park, "Detection of Privacy Information Leakage for Android Applications by Analyzing API Inter-Dependency and the Shortest Distance," Journal of KIISE, Vol. 41, NO. 9, pp. 707-714, September, 2014. https://doi.org/10.5626/JOK.2014.41.9.707
  8. Francesco Di Cerbo, Andrea Girardello, Florian Michahelles, Svetlana Voronkova, "Detection of Malicious Applications on Android OS," Proceedings of the 4th international conference on Computational forensics, IWCF'10, pp 138-149, November 2011.
  9. Yajin Zhou, Zhi Wang, Wu Zhou, Xuxian Jiang, "Hey, you, Get Off of My Market; Detecting Malicious Apps in Official and Alternative Android Markets," Proceedings of the 19th Annual Network&Distributed System Security Symposium. February 2012.
  10. Vaibhav Rastogi, Yan Chen, William Enck, "AppsPlayground: Automatic Security Analysis of Smartphone Applications", Proceedings of the third ACM conference on Data and application security and privacy, pp. 209-220, 2013.
  11. Min Zheng, Mingshen Sun, John C.S. Lui, "DroidTrace: A Ptrace Based Android Dynamic Analysis System with Forward Execution Capability", Wireless Communications and Mobile Computing Conference, 2014.
  12. Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, "ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors", Building Analysis Datasets and Gathering Experience Returns for Security, 2014.
  13. Willian Enck, Peter Gilbert, Byung-Gon Chun, Landon P.Cox, Jeayeon Jung, Patrick McDaniel and Anmol N.Sheth, "TaintDroid: An Informatin-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," OSDI vol. 10. pp.255-270, October, 2010.
  14. oungseok Choi, Sunghhon Kim, Dong Hoon Lee, "Study to detect and block leakage of personal informaion : Android-platform environment," Journal of The Koread Institute of Information Security & Cryptology(JKIISC), Vol.23, No.4, August 2013
  15. Dorae Kim, Yongsu Park, "Detection of Privacy Information Leakage for Android Applications by Analyzing API Inter-Dependency and the Shortest Distance," Journal of KIISE, Vol. 41, NO. 9, pp. 707-714, September, 2014. https://doi.org/10.5626/JOK.2014.41.9.707
  16. Francesco Di Cerbo, Andrea Girardello, Florian Michahelles, Svetlana Voronkova, "Detection of Malicious Applications on Android OS," Proceedings of the 4th international conference on Computational forensics, IWCF'10, pp 138-149, November 2011.
  17. Yajin Zhou, Zhi Wang, Wu Zhou, Xuxian Jiang, "Hey, you, Get Off of My Market;Detecting Malicious Apps in Official and Alternative Android Markets," Proceedings of the 19th Annual Network& Distributed System Security Symposium. February 2012.
  18. Google code - DroidBox, https://code.google.com/p/DroidBox