research-article

Porscha: policy oriented secure content handling in Android

Authors:
Machigar Ongtang

Dhurakijpundit University, Bangkok, Thailand

Dhurakijpundit University, Bangkok, Thailand
View Profile

,
Kevin Butler

University of Oregon, Eugene, OR

University of Oregon, Eugene, OR
View Profile

,
Patrick McDaniel

Pennsylvania State University, University Park, PA

Pennsylvania State University, University Park, PA
View Profile

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications ConferenceDecember 2010Pages 221–230https://doi.org/10.1145/1920261.1920295

Published:06 December 2010Publication History

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

Pages 221–230

ABSTRACT

The penetration of cellular networks worldwide and emergence of smart phones has led to a revolution in mobile content. Users consume diverse content when, for example, exchanging photos, playing games, browsing websites, and viewing multimedia. Current phone platforms provide protections for user privacy, the cellular radio, and the integrity of the OS itself. However, few offer protections to protect the content once it enters the phone. For example, MP3-based MMS or photo content placed on Android smart phones can be extracted and shared with impunity. In this paper, we explore the requirements and enforcement of digital rights management (DRM) policy on smart phones. An analysis of the Android market shows that DRM services should ensure: a) protected content is accessible only by authorized phones b) content is only accessible by provider-endorsed applications, and c) access is regulated by contextual constraints, e.g., used for a limited time, a maximum number of viewings, etc. The Porscha system developed in this work places content proxies and reference monitors within the Android middleware to enforce DRM policies embedded in received content. A pilot study controlling content obtained over SMS, MMS, and email illustrates the expressibility and enforcement of Porscha policies. Our experiments demonstrate that Porscha is expressive enough to articulate needed DRM policies and that their enforcement has limited impact on performance.

References

Android Community ROM. http://www.cyanogenmod.com/, March 2010.Google Scholar
I hate DRM: A site dedicated to reclaiming consumer digital rights. http://ihatedrm.com, June 2010.Google Scholar
Mobile Watchdog. http://www.mymobilewatchdog.com/, January 2010.Google Scholar
SMS Trap. http://www.smstrap.com/, January 2010.Google Scholar
Stealth SMS. http://stealthsms.trusters.com/s_features.htm, January 2010.Google Scholar
A5/1 Security Project. Creating A5/1 Rainbow Tables. http://reflextor.com/trac/a51, 2009.Google Scholar
Apache Software Foundation. Apache James Mime4j. http://james.apache.org/mime4j/, March 2010.Google Scholar
G. Appenzeller, L. Martin, and M. Schertler. Identity-Based Encryption Architecture and Supporting Data Structures, Jan. 2009. IETF RFC 5408.Google Scholar
L. Bauer, S. Garriss, J. M. Mccune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the grey system. In Proceedings of the 8th Information Security Conference (ISC'05), pages 431--445, 2005. Google ScholarDigital Library
E. Becker, W. Buhse, D. Günnewig, and N. Rump, editors. Digital Rights Management Technological, Economic, Legal and Political Aspects. Springer, 1 edition, 2003. Google ScholarDigital Library
D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In Proceedings of CRYPTO, 2001. Google ScholarDigital Library
J. Clause, W. Li, and A. Orso. Dytan: A Generic Dynamic Taint Analysis Framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA), pages 196--206, 2007. Google ScholarDigital Library
D. E. Denning. A Lattice Model of Secure Information Flow. Commun. ACM, 19(5):236--243, May 1976. Google ScholarDigital Library
O. Dunkelman, N. Keller, and A. Shamir. A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony. In Proceedings of the 30th Annual Cryptology Conference (CRYPTO 2010), 2010. Google ScholarDigital Library
J.-E. Ekberg and M. Kyläanpää. Mobile Trusted Module (MTM) - An Introduction. Technical Report NRC-TR-2007-015, Nokia Research Center, Helsinki, Finland, Nov. 2007.Google Scholar
W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of ACM CCS, November 2009. Google ScholarDigital Library
Free Software Foundation, Inc. The Campaign to Eliminate DRM. http://www.defectivebydesign.org/, June 2010.Google Scholar
Gartner. Gartner Says Worldwide Mobile Phone Sales to End Users Grew 8 Per Cent in Fourth Quarter 2009; Market Remained Flat in 2009. http://www.gartner.com/it/page.jsp?id=1306513, Feb. 2010.Google Scholar
C. Gentry. Certificate-Based Encryption and the Certificate-Revocation Problem. Advances in Cryptology, 2656, January 2003. Google ScholarDigital Library
M. Gholami, S. M. Hashemi, and M. Teshnelab. A Framework for Secure Message Transmission Using SMS-Based VPN. Research and Practical Issues of Enterprise Information Systems II, 1:503--511, 2008.Google Scholar
GigaOm. The Apple App Store Economy. http://gigaom.com/2010/01/12/the-apple-app-store-economy, Jan. 2010.Google Scholar
J. Horwitz and B. Lynn. Toward Hierarchical Identity-Based Encryption. In Proceedings of EUROCRYPT '02, pages 466--481, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
J.-S. Hwu, R.-J. Chen, and Y.-B. Lin. An Efficient Identity-Based Cryptosystem for End-to-End Mobile Security. IEEE Trans. Wireless Comm., 5(9):2586--2593, September 2006. Google ScholarDigital Library
R. Iannella. Digital Rights Management (DRM) Architectures. D-Lib Magazine, 7(6), 2001.Google ScholarCross Ref
IETF Network Working Group. Post Office Protocol - Version 3. http://www.ietf.org/rfc/rfc1939.txt, May 1996.Google Scholar
IETF Network Working Group. Internet Message Access Protocol - Version 4, rev1. http://www.ietf.org/rfc/rfc1939.txt, March 2003.Google Scholar
IETF Network Working Group. DNS Security Introduction and Requirements. http://www.ietf.org/rfc/rfc4033.txt, March 2005.Google Scholar
ITU. Measuring the Information Society. http://www.itu.int/ITU-D/ict/publications/idi/2010/index.html, 2010.Google Scholar
S. Jobs. Thoughts on Music. http://www.apple.com/hotnews/thoughtsonmusic/, February 2007.Google Scholar
M. Kirkpatrick and E. Bertino. Enforcing Spatial Constraints for Mobile RBAC Systems. In Proceedings of the 15th ACM symposium on Access control models and technologies, 2010. Google ScholarDigital Library
B. Lee, C. Boyd, E. Dawson, K. Kim, J. Yang, and S. Yoo. Secure Key Issuing in ID-based Cryptography. In Proceedings of the ACSW Frontiers Workshop, 2004. Google ScholarDigital Library
P. A. Loscocco, P. W. Wilson, J. A. Pendergrass, and C. D. McDonell. Linux Kernel Integrity Measurement Using Contextual Inspection. In Proceedings of ACM STC, 2007. Google ScholarDigital Library
Microsoft Corporation. ActiveSync HTTP Protocol Specification, version 6.0. http://msdn.microsoft.com/en-us/library/dd299446(EXCHG. 80).aspx, May 2010.Google Scholar
Microsoft Corporation. Microsoft PlayReady. http://www.microsoft.com/playready/default.mspx, June 2010.Google Scholar
D. Muthukumaran, A. Sawani, J. Schiffman, B. M. Jung, and T. Jaeger. Measuring Integrity on Mobile Phone Systems. In Proceedings of ACM SACMAT, June 2008. Google ScholarDigital Library
M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of Annual Computer Security Applications Conference (ACSAC), December 2009. Google ScholarDigital Library
Open Mobile Alliance Ltd. Rights Expression Language Version 1.0. Technical Report OMA-Download-DRMREL-V1_0-20040615-A, Open Mobile Alliance, June 2004.Google Scholar
Open Mobile Alliance Ltd. DRM Architecture 2.0.1. Technical Report OMA-AD-DRM-V2_0_1-20080226-A, Open Mobile Alliance, February 2008.Google Scholar
Open Mobile Alliance Ltd. DRM Rights Expression Language Version 2.0.2. Technical Report OMA-TS-DRM_REL-V2_0_2-20080723-A, Open Mobile Alliance, July 2008.Google Scholar
PacketVideo Corporation. Content Policy Manager Developer's Guide OHA 1.0 r.1. November 2008.Google Scholar
PacketVideo Corporation. PV Android DivX Premium Package. July 2009.Google Scholar
PacketVideo Corporation. PV Android Windows Media Package. November 2009.Google Scholar
Portio Research. Mobile Messaging Futures 2010--2014: Analysis and Growth Forecsts for Mobile Messaging Markets Worldwide, 2010.Google Scholar
V. Rao and T. Jaeger. Dynamic Mandatory Access Control for Multiple Stakeholders. In Proceedings of ACM SACMAT, June 2009. Google ScholarDigital Library
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th USENIX Security Symposium, Aug. 2004. Google ScholarDigital Library
A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-Powered Mobile Devices Using SELinux. IEEE Security and Privacy, 8:36--44, 2010. Google ScholarDigital Library
S. Smalley, C. Vance, and W. Salamon. Implementing SELinux as a Linux Security Module. Technical Report 01--043, NAI Labs, 2001.Google Scholar
M. Smith, C. Schridde, B. Agel, and B. Freisleben. Securing Mobile Phone Calls with Identity-Based Cryptography. LNCS: Advances in Information Security and Assurance, 5576:210--222, June 2009. Google ScholarDigital Library
TCG. TPM Main: Part 1 - Design Principles. Specification Version 1.2, Level 2 Revision 103. 2007.Google Scholar
P. Traynor, P. McDaniel, and T. La Porta. Security for Telecommunications Networks. Advances in Information Security. Springer, July 2008. Google ScholarDigital Library
Z. Wan, K. Ren, and B. Preneel. A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for Mobile Networks. In Proceedings of ACM WiSec, 2008. Google ScholarDigital Library
H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis. In Proceedings of ACM CCS, 2007. Google ScholarDigital Library

Index Terms

Porscha: policy oriented secure content handling in Android

Recommendations

Analyzing inter-application communication in Android
MobiSys '11: Proceedings of the 9th international conference on Mobile systems, applications, and services

Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-...
Read More
An automated testing approach for inter-application security in Android
AST 2014: Proceedings of the 9th International Workshop on Automation of Software Test

Recently, Google Android has occupied a major market share of mobile phone systems as a result of its openness for developers and richness for users. By the distribution channels of the Android market, both development and use of Android applications ...
Read More
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Read More

Reviews

Reviewer: Eduardo B. Fernandez

There is little protection for the content downloaded to cell phones. In Android, it is up to the programmers to define what their applications can access-malicious applications can exploit this in order to access unauthorized data. The Open Mobile Alliance (OMA), a consortium of phone manufacturers, defined digital rights management (DRM) requirements to enforce control of access to content. However, its granularity is too coarse: it does not protect content that is already on a phone because the rights are assigned to the whole phone, not to specific applications. To improve this situation, this paper proposes a policy-based access control system (Porscha) that protects the content when it is delivered to the phone and once it is on the phone. This clear and well-written paper provides a concise survey of the main system and application features of Android architectures, with particular emphasis on security. It starts with a description of a phone's uses, trying to understand its threats and define security requirements for the system; a set of DRM policies is defined from this analysis. The authors then analyze how content is delivered and used by applications, as well as any threats. They define a trusted computing base (TCB) and consider the network to be untrusted because of the deficiencies of current encryption approaches. In order to protect content in transit, they define a type of public key infrastructure (PKI) that uses identity-based public keys. They also propose a mediator to enforce policies for the content on the phone. The paper evaluates the cost (overhead) of policy enforcement and finds it to be reasonable. The authors' security evaluation includes protecting the private key, dealing with recipients without Porscha, and their assumptions about the level of trust on the platform, including Android and the Linux kernel. They also discuss Porscha as an access control system for content. The paper includes a good set of references. This excellent paper will be very useful to readers who work in this field or who are concerned with the security of wireless applications. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference
December 2010
419 pages
ISBN:9781450301336
DOI:10.1145/1920261
Conference Chair:
Carrie Gates
CA Labs
,
Program Chairs:
Michael Franz
University of California, Irvine
,
John McDermott
Naval Research Lab
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 December 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Android
DRM
mobile phone security
security policy
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate104of497submissions,21%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 51
  Total Citations
  View Citations
- 1,856
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Porscha: policy oriented secure content handling in Android

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Analyzing inter-application communication in Android

An automated testing approach for inter-application security in Android

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective

Reviews

Access critical reviews of Computing literature here