Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Hey, NSA: Stay away from my market! Future proofing app markets against powerful attackers

 
: Fahl, S.; Dechand, S.; Perl, H.; Fischer, F.; Smrcek, J.; Smith, M.

:

Ahn, G.-J. ; Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
21st ACM Conference on Computer and Communications Security, CCS 2014. Proceedings. Book 2 : November 3 - 7, 2014, Scottsdale, Arizona, USA
New York: ACM, 2014
ISBN: 978-1-4503-2957-6
ISBN: 978-1-4503-3429-7
pp.1143-1155
Conference on Computer and Communications Security (CCS) <21, 2014, Scottsdale/Ariz.>
English
Conference Paper
Fraunhofer FKIE ()

Abstract
Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect. In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against "targeted-and-stealthy" attacks, mount by malicious markets. We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app's telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.

: http://publica.fraunhofer.de/documents/N-350999.html