Unlock instant, AI-driven research and patent intelligence for your innovation.

A defense method against masquerading attacks on ios-based applications

A technology of application programs and masks, which is applied in the security field of mobile smart operating systems, can solve problems such as difficult to prevent installation, difficult to verify the authenticity of enterprise certificates, and unavoidable mask attacks, so as to achieve the effect of defending against mask attacks

Active Publication Date: 2020-02-18
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] In solving the problem of masquerade attacks, if the number of mobile devices that install enterprise certificate-signed applications is adopted, it will hinder normal iOS development; on the other hand, prohibiting applications that contain the same bundle ID (bundle ID) is also Impractical as it would prohibit normal updates
In addition, since malicious applications do not need to pass the review of the AppStore, it is difficult to verify the authenticity of their enterprise certificates, and due to the closed nature of iOS (external monitoring is prohibited), it is difficult to prevent the inclusion of the same software package through existing processing methods. The installation of the application of the identifier, that is, the existing iOS security measures cannot avoid the masquerade attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A defense method against masquerading attacks on ios-based applications
  • A defense method against masquerading attacks on ios-based applications
  • A defense method against masquerading attacks on ios-based applications

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the implementation methods and accompanying drawings.

[0026] see figure 2 , the bundle ID of the target APP is com.company.product, and the version number is V.1.0. By imitating the bundle ID of the target APP, the masquerade attacker generates a malicious APP with a fake updated version V.1.1, and guesses the malicious APP and The updated key is sent to the user. When the installation package arrives at the user device, the system (iOS) will obtain the bundle ID and version number information of the target APP from the plist (ie property list file) file. Because in the present invention, update information (including the update key of signature) is added in the plist file of the application program, when iOS receives the same update installation request as the bundle ID of the installed...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a defense method for an iOS-based application program encountering a masquerade attack, belonging to the category of mobile intelligent operating system security. The invention utilizes the synergy between the authentication mechanism and the exclusive private key to prevent different forms of masquerade attacks. The protection mechanism of the present invention prevents two frequently used attack means in masquerade attacks, namely replay attack and unauthenticated application update. Therefore, the implementation of the present invention can provide a practical and easy-to-implement solution for masquerading attacks.

Description

technical field [0001] The invention belongs to the technical field of mobile intelligent operating system security, and specifically relates to trusted guidance, program signature, sandbox and authority management and key chain technology. Background technique [0002] Apple launched the mobile smart operating system iOS in 2007, which provides strong security protection for iOS mobile devices through a high degree of hardware and software integration and a closed operating system. iOS ensures that only trusted code and applications can run on mobile devices by enforcing trusted boot, program signatures, sandbox mechanisms, and runtime process security. Additional encryption and data protection can effectively protect the security of mobile devices. User data. In addition, iOS prevents third-party applications from loading and executing unauthorized code by enforcing program signatures and applying sandbox technology; and detects any suspicious program operation behavior b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51H04L9/00H04L9/08H04L9/32
CPCG06F21/51G06F2221/033H04L9/002H04L9/0869H04L9/0891H04L9/3247
Inventor 梁泽华于鸿洋
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA