AN EXTENDED DISCUSSION ON A HIGH-CAPACITY COVERT CHANNEL FOR THE ANDROID OPERATING SYSTEM

Timothy Heard; Daryl Johnson

doi:10.47839/ijc.15.3.852

Authors

Timothy Heard
Daryl Johnson

DOI:

https://doi.org/10.47839/ijc.15.3.852

Keywords:

Android, covert channel, mobile security.

Abstract

In “Exploring a High-Capacity Covert Channel for the Android Operating System” [1], a covert channel for communicating between different applications on the Android operating system was introduced and evaluated. This covert channel proved to be capable of a much higher throughput than any other comparable channels which had been explored previously. This article will expand on the work which was started in [1]. Specifically, further improvements on the initial covert channel concept will be detailed and their impact with regards to channel throughput will be evaluated. In addition, a new protocol for managing connections and communications between collaborating applications purely using this channel will be defined and explored. A number of different potential mechanisms and techniques for detecting the presence and use of this covert channel will also be described and discussed, including possible counter-measures which could be implemented.

References

T. Heard, D. Johnson, and B. Stackpole, “Exploring a high-capacity covert channel on the Android operating system,” in Proceedings of the IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS’2015), Warsaw, Poland, (September 24-26, 2015), vol. 1, pp. 393-398.

Hubert Ritzdorf, Analyzing Covert Channels on Mobile Devices, Master Thesis, available online on http://e-collection.library.ethz.ch/eserv/eth:5608/eth-5608-01.pdf, accessed June 2016.

S. Chandra, Z. Lin, A. Kundu, and L. Khan, “Towards a systematic study of the covert channel attacks in smartphones,” in Proceedings of the International Conference on Security and Privacy in Communication Networks, Beijing, China (September 24-26, 2014), pp. 427-435.

W. Gasior and L. Yang, “Network covert channels on the Android platform,” in Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, Tennessee, USA (October 12-14, 2011), p. 61.

R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang, “Soundcomber: A stealthy and context-aware sound Trojan for smartphones,” in Proceedings of the 18th Annual Network & Distributed System Security Symposium, San Diego, California, USA (February 6-9, 2011), vol. 11, pp. 17-33.

A. Al-Haiqi, M. Ismail, R. Nordin, A. Al-Haiqi, M. Ismail, and R. Nordin, “A new sensors-based covert channel on Android,” Scientific World Journal, Vol. 2014 (2014), available online on http://www.hindawi.com/journals/tswj/2014/969628/, accessed June 2016.

C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun, “Analysis of the communication between colluding applications on modern smartphones,” in Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, Florida, USA (December 3-7, 2012), pp. 51-60.

J.-F. Lalande and S. Wendzel, “Hiding privacy leaks in android applications using low-attention raising covert channels,” in Proceedings of the Eighth International Conference on Availability, Reliability, and Security (ARES), Regensburg, Germany (September 2-6, 2013), pp. 701-710.

W. Gasior and L. Yang, “Exploring covert channel in Android platform,” in Proceedings of the International Conference on Cyber Security (CyberSecurity), Washington, D.C., USA, (December 14-16, 2012), pp. 173-177.

Intents and Intent Filters, Android Developers, Android Online Documentation, available online on https://developer.android.com/guide/components/intents-filters.html, accessed June 2016.

Intent, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/content/Intent.html, accessed June 2016.

Bundle, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/os/Bundle.html, accessed June 2016.

MediaStore: ACTION_IMAGE_CAPTURE, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/provider/MediaStore.html#ACTION_IMAGE_CAPTURE, accessed June 2016.

BroadcastReceiver, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/content/BroadcastReceiver.html, accessed June 2016.

Context: sendBroadcast, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/content/Context.html#sendBroadcast(android.content.Intent), accessed June 2016.

Intent: ACTION_PACKAGE_REMOVED, Android Developers, Android Online Documentation, available online on https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_REMOVED, accessed June 2016.

K. O. Elish, D. Yao, and B. G. Ryder, “On the need of precise inter-app ICC classification for detecting Android malware collusions,” in Proceedings of the IEEE Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy, San Jose, CA, USA (May 18-20, 2015).

Common Intents, Android Developers, Android Online Documentation, available online on https://developer.android.com/guide/components/intents-common.html, accessed June 2016.

International Journal of Computing

AN EXTENDED DISCUSSION ON A HIGH-CAPACITY COVERT CHANNEL FOR THE ANDROID OPERATING SYSTEM

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Information