Research Article
HTPD: Secure and Flexible Message-Based Communication for Mobile Apps
@INPROCEEDINGS{10.1007/978-3-030-90022-9_14, author={Yin Liu and Breno Dantas Cruz and Eli Tilevich}, title={HTPD: Secure and Flexible Message-Based Communication for Mobile Apps}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part II}, proceedings_a={SECURECOMM PART 2}, year={2021}, month={11}, keywords={Mobile security Message-based communication Secure inter-component communication}, doi={10.1007/978-3-030-90022-9_14} }- Yin Liu
Breno Dantas Cruz
Eli Tilevich
Year: 2021
HTPD: Secure and Flexible Message-Based Communication for Mobile Apps
SECURECOMM PART 2
Springer
DOI: 10.1007/978-3-030-90022-9_14
Abstract
In modern mobile message-based communication, malicious apps can illicitly access transferred messages via data leakage attacks. Existing defenses are overly restrictive, as they block all suspicious apps, malicious or not, from receiving messages. As a solution, we present a communication model that allows untrusted-but-not-malicious apps to receive messages. Our model—hiddentransmission andpolymorphicdelivery (HTPD)—transmits sensitive messages in an encrypted envelope and delivers them polymorphically. Depending on the destination’s trustworthiness,HTPDdelivers either no data, raw data, or encrypted data.Homomorphicandconvergentencryption allows untrusted destinations to securely operate on encrypted data deliveries. We realizeHTPDasPoliCC, a plug-in replacement of Android Inter-Component Communication middleware.PoliCCmitigates three classic Android data leakage attacks, and allows untrusted apps to operate on delivered messages. Our evaluation shows thatPoliCCenables mobile apps to securely and flexibly exchange communication messages, with low performance and programming effort overheads.
