ZTE

ZTE Communications ›› 2016, Vol. 14 ›› Issue (S0): 44-50.doi: 10.3969/j.issn.1673-5188.2016.S0.005

• Special Topic • Previous Articles     Next Articles

SeSoa: Security Enhancement System with Online Authentication for Android APK

DONG Zhenjiang1, WANG Wei1, LI Hui2, ZHANG Yateng2, ZHANG Hongrui2, ZHAO Hanyu2   

  1. 1. Cloud Computing and IT Research Institute,ZTE Corporation,Nanjing 210012,China;
    2. Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Received:2016-01-10 Online:2016-06-01 Published:2019-11-29
  • About author:DONG Zhenjiang (dong.zhenjiang@zte.com.cn) received his MS degree from Harbin Institute of Technology, China. He is the leader of the Business Expert Team of Expert Committee for Strategy and Technology of ZTE Corporation and the deputy president of Cloud Computing and IT Research Institute of ZTE Corporation. His research interests include cloud computing, big data, new media, and mobile internet. He has led more than ten funded programs and published a monograph and more than ten academic papers.
    WANG Wei (wang.wei8@zte.com.cn) received her BS degree from Nanjing University of Aeronautics and Astronautics, China. She is an engineer and project manager in the field of mobile internet at Cloud Computing and IT Research Institute of ZTE Corporation. Her research interests include new mobile internet services and applications, PaaS, and terminal application development. She has authored five academic papers.
    LI Hui (lihuill@bupt.edu.cn) received her PhD in cryptography in 2005 from Beijing University of Posts and Telecommunications (BUPT), China. From July 2005, she has been working for School of Computer Science at BUPT as a lecturer and associate professor. Her research interests are cryptography and its applications, information security and wireless communication security.
    ZHANG Yateng (526551337@qq.com) is a graduate student in School of Computer Science at BUPT. His research interests include smart phone security, application of cryptographic algorithms, and implementation of white-box encryption algorithm on mobile platform.
    ZHANG Hongrui (zhanghongrui@bupt.edu.cn) is a graduate student in School of Computer Science at BUPT. He is conducting research on information security and software protection.
    ZHAO Hanyu (hyzhao1990@163.com) is a graduate student in School of Computer Science at BUPT. He is conducting research on software protection in smartphone.
  • Supported by:
    National Natural Science Foundation of China(61370195); ZTE Industry-Academia-Research Cooperation Funds

PDF (PC)

Abstract: Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.

Key words: software protection, anti-reverse, Android, authentication