• No results found

Dynamic Analysis Methods of IOS Application Security

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Dynamic Analysis Methods of IOS Application Security"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

2017 2nd International Conference on Information Technology and Management Engineering (ITME 2017) ISBN: 978-1-60595-415-8

Dynamic Analysis Methods of IOS Application Security

Zi-qiang YIN

*

School of Electronic Information and Electronic Engineering, Shanghai Jiao Tong University, China

*Corresponding author

Keywords: IOS security, Dynamic analysis, Keychain access, Encryption, UI web view.

Abstract. There are increasing numbers of malicious applications in iOS platform, which is a severe threat to the iPhone users. The static analysis and dynamic analysis both play important roles in application security assessment. However, there are a lot of challenges in dynamic analysis technology for iOS applications now. We did some research about the characteristics of the malicious applications and studied the key technologies of the iOS platform. In this paper, we provided some dynamic analysis methods about Keychain access monitoring, encryption and decryption monitoring and UI Web View security monitoring. These methods can discover some vulnerabilities for the iOS applications.

Introduction

With the rapid development of mobile Internet, smart phones have become an indispensable part to us. iOS is one of the dominating smart mobile platforms. By the end of September 2016, more than 140 billion applications had been downloaded on App Store. To ensure the quality and security, every application should be scrutinized by Apple before it is published to App Store. However, this assessment process is not always effective. More and more flaws had been found in iOS applications, which do harm to information security of the user. So the study for the analysis methods of iOS Application is necessary.

In recent years, the research for the static analysis of iOS application security is deep and comprehensive, however, static security detection is only for code analysis, and runtime environment variables should be taken into account when it comes to the application security. application security assessment based on the dynamic analysis can greatly enhance the overall and authenticity for the security detection.

However, because of the characteristics of iOS system, there are a lot of challenges in dynamic analysis technology for iOS applications now. The academic technology research based on dynamic analysis is relatively scarce. This paper presents some key technologies to implement the method of dynamic analysis, which may monitor the key security risks for the iOS application, and it can provide technical support for future researchers to design an integrated dynamic detection system.

Dynamic Analysis

Dynamic Analysis Technology

Dynamic analysis technology refers to the process of the implementation of the program, through the control of input variables and the operating environment of the program to analyze, to detect whether there are security risks in the applications [1].

Dynamic analysis makes it possible to gain an overview of the behavior of the application. So the analysis methods can greatly enhance the overall and authenticity for the security detection.

Hooking Technology

(2)

transfer the control flow to a special hook function. And after the executing of the hook function, control flow can be diverted to the original aimed dispatch function. Therefore, hook function makes it possible to monitor what functions are called by a program, which is the core of dynamic analysis. So if we want to monitor the initial implementations, we should find the key classes and functions and design an appropriate hooking function.

Dynamic Analysis Methods of iOS Application Security

In order to efficiently monitor high-risk security risks of iOS applications, we focus on designing

three important security detection modules:Keychain access monitoring, encryption and decryption

monitoring, UI Web View Security monitoring.

Keychain Access Monitoring

Keychain is a security storage container provided by iOS equipment, which can be used to keep sensitive information such as user names, passwords, authentication tokens. Hence it is important to monitor the access control of Keychain.

We designed the keychain access monitoring module as the Figure 1. IOS uses a class named Key chain Item Wrapper to safe data into keychain. When we make a Key chain Item Wrapper, we will create an identifier and an access group. Different applications can share the data in a keychain item if they are assigned to the same access group in entitlement.

[image:2.612.141.472.391.723.2]

We can focus on the Key chain Item Wrapper to know whether a keychain is accessed by other applications. The attacker may forge the name of access group the same to the targeted keychain. So we should determine whether the application has the real qualification to access for the keychain data security.

(3)
[image:3.612.108.504.73.280.2]

Figure 2. Instructions about Key chain Item Wrapper.

Encryption and Decryption Monitoring

Although some developers realize to make the sensitive data encrypted, an improper choice of encryption algorithm or the storage of algorithm’s key data will still cause serious security risks. We can monitor encryption to assess whether the encryption is safe and monitor the decryption to see whether the application has the authority.

[image:3.612.153.463.385.716.2]
(4)

IOS provides the API, Cryptographic Message Syntax Services, to implement CMS digital

signatures and encryption for S/MIME messages. The Certificate, Key, and Trust Services is another

API used to trust validation and support functions for cryptography [7]. If we want to monitor the encryption process, we have to pay more attention to these two APIs.

And most of the encryption functions are from these header files: Common Cryptor .h, Common

Digest. h, Common Key Derivation. h, Common Symmetric Key wrap. h. So we should concern about the function calls from these header files.

Through these two APIs and the header files, we can list the function names when they are called. We can make a security assessment when we get the function names. If the unsafe functions are used,

we should be on the alert. RC4, random and srand are all unsafe encryption algorithms, which may

cause security risks. Meanwhile, we should care about the identity of the user of encryption and decryption users.

UI Web View Security Monitoring

UI Web View is a kind of control in iOS development, which makes it possible to browse web pages in App application. iOS applications and network applications are able to interact due to the UI Web View. However, the insecurity of the web page is easy to pose a threat to the Application itself.

As the Figure 4. shows, When we find a URL request we can make a series of detection before

loading the web page. First, we can use data With Contents Of URL of NSdata to detect the contents

[image:4.612.118.491.390.677.2]

which may be loaded to the UI Web View. And it can make sure that there are no illegal scripts loaded by UI Web View. The program is as Figure 5. shows. Then, we can make a security assessment about whether the protocol is https or not, Whether the encryption algorithm for SSL/TLS is safe and verify the certificate for SSL/TLS.

(5)
[image:5.612.82.531.64.224.2]

Figure 5. Instructions about detection by data With Contents of URL.

Summary

More and more malicious applications have been found in the market, and the users of iPhone have concerned more about their information security. The static analysis can’t make a full-scale security assessment for iOS application. Hence it’s necessary to do a deep research about dynamic analysis technology.

Because of the characteristics of iOS system, there are a lot of challenges in dynamic analysis technology for iOS applications security now. In this paper, we provide some dynamic analysis methods about Keychain access monitoring, encryption and decryption monitoring and UI Web View Security monitoring. These will help to discover the key security risks for the iOS application.

References

[1] Szydlowski M, Egele M, Kruegel C, et al. Challenges for dynamic analysis of iOS applications[M]//Open Problems in Network Security. Springer Berlin Heidelberg, 2012: 65-77.

[2] Deng Z, Saltaformaggio B, Zhang X, et al. iris: Vetting private api abuse in ios applications[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015: 44-56.

[3] Egele M, Kruegel C, Kirda E, et al. PiOS: Detecting Privacy Leaks in iOS Applications[C]//NDSS. 2011: 177-183.

[4] Dinaburg A, Royal P, Sharif M, et al. Ether: malware analysis via hardware virtualization extensions[C]//Proceedings of the 15th ACM conference on Computer and communications security. ACM, 2008: 51-62.

[5] Egele M, Scholte T, Kirda E, et al. A survey on automated dynamic malware-analysis techniques and tools[J]. ACM Computing Surveys (CSUR), 2012, 44(2): 6.

[6] Dhanjani N. New Age Application Attacks Against Apple's iOS (and Countermeasures)[J]. Black Hat Europe, 2011.

Figure

Figure 1. Keychain Access Monitoring Module.
Figure 2. Instructions about Key chain Item Wrapper.
Figure 4. UI Web View Security Monitoring Module.
Figure 5. Instructions about detection by data With Contents of URL.

References

Download now ( PDF - 5 Page - 0.93 MB )

Related documents

Engineering Capabilities Industry Experience Certification & Approvals Typical Applications Global Operations Markets & Applications

(See “Maintenance” Section for procedure.) Due to the weight of the diaphragm assembly this procedure is not possible on valves 8” and larger. on these valves, the same

Monopoly Capital and Capitalist Inequality: Marx after Piketty

The bulk of the gains made by the upper classes in US society appear to have occurred because of increases in US economic surplus, which grew as a result of

The College of Idaho Representation, Inclusion, and Equity Action Plan May 2020

Goal 3: To develop and sustain a diverse faculty, staff, and board of trustees that exceeds the aggregate representation of Historically Underrepresented Groups (HUGS) in the State

A Conceptual Model of Investor Behavior

Abstract Based on a survey of behavioral finance literature, this paper presents a descriptive model of individual investor behavior in which investment decisions are seen as

HUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE

Effective controls, such as access controls, Web application configuration controls, and security controls, and performance monitoring are needed to protect State employee

Becoming Style Conscious

But if we analyze the stocks in the Russell indexes using a P/E-based model, the message is totally different, with constituent stocks dispersed all over style space, and the

BBN-Based Portfolio Risk Assessment for NASA Technology R&D Outcome

In the case for a child node, SMEs will provide relative risk importance values of parent nodes to the child node, which is the alternative approach to directly eliciting CPs

Client and clinical staff perceptions of barriers to and enablers of the uptake and delivery of behavioural interventions for urinary incontinence: qualitative evidence synthesis

Full title: Client and clinical staff perceptions of barriers to and enablers of the uptake and delivery of behavioural interventions for urinary incontinence: a systematic