Android 鍵盤的隱私洩露分析

Peng Lo; 羅芃

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/20920

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Peng Lo	en
dc.contributor.author	羅芃	zh_TW
dc.date.accessioned	2021-06-08T03:10:21Z	-
dc.date.copyright	2020-09-16
dc.date.issued	2020
dc.date.submitted	2020-08-23
dc.identifier.citation	[1] J. Chen, H. Chen, E. Bauman, Z. Lin, B. Zang, and H. Guan. You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps. In 24th USENIX Security Symposium (USENIX Security 15), pages 657–690, 2015. [2] J. Cho, G. Cho, and H. Kim. Keyboard or keylogger?: A security analysis of third party keyboards on Android. In 2015 13th Annual Conference on Privacy, Security and Trust (PST), pages 173–176. IEEE, 2015. [3] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.G. Chun, L. P. Cox, J. Jung, P. Mc Daniel, and A. N. Sheth. Taintdroid: an informationflow tracking system for real time privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):1–29, 2014. [4] F. Mohsen, E. BelloOgunu, and M. Shehab. Investigating the keylogging threat in android—User perspective (Regular research paper). In 2016 Second International Conference on Mobile and Secure Services (MobiSecServ), pages 1–5. IEEE, 2016. [5] F. Mohsen and M. Shehab. Android keylogging threat. In 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Workshar ing, pages 545–552. IEEE, 2013.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/20920	-
dc.description.abstract	在安卓系統（Android）的手機中，用戶必須透過虛擬鍵盤來輸入文字。安卓系統的虛擬鍵盤不只有手機內建的預設鍵盤，使用者也能自行安裝第三方鍵盤，但這些第三方鍵盤可能帶來隱私洩露的風險。雖然現在已經有非常多的自動化測試工具能夠測試安卓系統的應用程式，例如 monkey runner 等等，但是因為虛擬鍵盤的應用程式介面（API）或是使用者介面都與一般的安卓應用程式不同，所以目前並沒有任何自動化工具能夠針對虛擬鍵盤做測試與分析。在本篇論文中，我們提出了 IMEAnalyzer 這個系統。本系統是第一個針對安卓虛擬鍵盤的自動化分析系統，它可以幫助我們快速地過濾出相對可疑的虛擬鍵盤。為了衡量 IMEAnalyzer，我們對台灣 Google Play Store 上的 112 個虛擬鍵盤做了自動化的測試與分析，最後成功篩選出 7.14% 的可疑虛擬鍵盤。	zh_TW
dc.description.abstract	Third-party keyboards, namely input method editors (IMEs), are indispensable in the Android system for users to enter their sensitive information. To detect whether an IME stealthily collect those information or not, it is important to have a automated testing system to analyze IMEs efficiently. However, although there exist a lot of tools for Android app automated testing, for instance the monkey runner, none of them are applicable for testing IME services. The reason is that the components of IME service, such as the APIs and user interface, are different from the other Android application. Those tools simulate user tapping behavior by sending the keycode directly to EditText of application, and thus the IME service cannot receive the tapping events. As a result, in order to solve the problem and efficiently analyze privacy leakage issues in IMEs, we present IMEAnalyzer, the first automated IME testing system. IMEAnalyzer reconstructs IME layouts in advance and sends screen tapping commands to trigger keycode events for IMEs. Additionally, IMEAnalyzer supports three different user typing behavior models to mimic different user behaviors, and record all network traffic. By using IMEAnalyzer to speed up our analysis process, we study in the 112 most downloaded IMEs in Google Play Store and filter out 92.86% non suspicious IMEs.	en
dc.description.provenance	Made available in DSpace on 2021-06-08T03:10:21Z (GMT). No. of bitstreams: 1 U0001-1808202020305800.pdf: 3412419 bytes, checksum: da0427d206eaf3a9df78fa2b480df51f (MD5) Previous issue date: 2020	en
dc.description.tableofcontents	口試委員會審定書 i 誌謝 ii Acknowledgements iii 摘要 vi Abstract v 1 Introduction 1 2 Background 4 2.1 Android Input Method Editor........................ 4 2.2 How Android IME works.......................... 5 2.3 Android Permissions ............................ 5 3 Related Work 7 4 Problem Definition 9 4.1 Threat Model ................................ 9 5 Proposed Solution 11 5.1 IMEAnalyzer Overview........................... 11 5.1.1 A running example......................... 12 5.2 Challenge.................................. 12 5.3 User Typing Emulation........................... 12 5.4 Keyboard Layout Reconstruction...................... 13 5.5 Lightweight Traffic-based Filter ...................... 15 5.5.1 Sending all user input........................ 15 5.5.2 Sending sensitive data only..................... 16 6 System Architecture and Implementation 18 6.1 System Architecture............................. 18 6.1.1 Package Crawler .......................... 18 6.1.2 IMEAnalyzer Server ........................ 18 6.1.3 IMEAnalyzer Application ..................... 20 6.2 Test Flow .................................. 21 6.2.1 Environment Setup......................... 21 6.2.2 Testing Process........................... 22 6.2.3 Analysis .............................. 22 7 Evaluation 23 7.1 Experiments Settings ............................ 23 7.2 Security Evaluation............................. 24 7.2.1 Classification............................ 24 7.2.2 Result................................ 25 8 Discussion 28 9 Future Work 29 9.1 Support Multiple Language systems................ 29 9.2 Record UDP Network Traffic ................... 29 9.3 System Log Analysis........................ 29 9.4 DetectAttack:StoreandSendLater .................... 30 10 Conclusion 31 Bibliography 32
dc.language.iso	en
dc.subject	鍵盤側錄	zh_TW
dc.subject	手機安全	zh_TW
dc.subject	安卓	zh_TW
dc.subject	keylogging	en
dc.subject	mobile security	en
dc.subject	Android	en
dc.title	Android 鍵盤的隱私洩露分析	zh_TW
dc.title	Android IME Privacy Leakage Analyzer	en
dc.type	Thesis
dc.date.schoolyear	108-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鄭欣明(Shin-Ming Cheng),林忠緯(Chung-Wei Lin),黃俊穎(Chun-Ying Huang)
dc.subject.keyword	安卓,手機安全,鍵盤側錄,	zh_TW
dc.subject.keyword	Android,mobile security,keylogging,	en
dc.relation.page	32
dc.identifier.doi	10.6342/NTU202004027
dc.rights.note	未授權
dc.date.accepted	2020-08-24
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊網路與多媒體研究所	zh_TW
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
U0001-1808202020305800.pdf 未授權公開取用	3.33 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。