About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part II

Research Article

HTPD: Secure and Flexible Message-Based Communication for Mobile Apps

Download(Requires a free EAI acccount)
3 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-030-90022-9_14,
        author={Yin Liu and Breno Dantas Cruz and Eli Tilevich},
        title={HTPD: Secure and Flexible Message-Based Communication for Mobile Apps},
        proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part II},
        proceedings_a={SECURECOMM PART 2},
        year={2021},
        month={11},
        keywords={Mobile security Message-based communication Secure inter-component communication},
        doi={10.1007/978-3-030-90022-9_14}
    }
    
  • Yin Liu
    Breno Dantas Cruz
    Eli Tilevich
    Year: 2021
    HTPD: Secure and Flexible Message-Based Communication for Mobile Apps
    SECURECOMM PART 2
    Springer
    DOI: 10.1007/978-3-030-90022-9_14
Yin Liu1,*, Breno Dantas Cruz1, Eli Tilevich1
  • 1: Software Innovations Lab
*Contact email: yinliu@cs.vt.edu

Abstract

In modern mobile message-based communication, malicious apps can illicitly access transferred messages via data leakage attacks. Existing defenses are overly restrictive, as they block all suspicious apps, malicious or not, from receiving messages. As a solution, we present a communication model that allows untrusted-but-not-malicious apps to receive messages. Our model—hiddentransmission andpolymorphicdelivery (HTPD)—transmits sensitive messages in an encrypted envelope and delivers them polymorphically. Depending on the destination’s trustworthiness,HTPDdelivers either no data, raw data, or encrypted data.Homomorphicandconvergentencryption allows untrusted destinations to securely operate on encrypted data deliveries. We realizeHTPDasPoliCC, a plug-in replacement of Android Inter-Component Communication middleware.PoliCCmitigates three classic Android data leakage attacks, and allows untrusted apps to operate on delivered messages. Our evaluation shows thatPoliCCenables mobile apps to securely and flexibly exchange communication messages, with low performance and programming effort overheads.

Keywords
Mobile security Message-based communication Secure inter-component communication
Published
2021-11-04
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-030-90022-9_14
Copyright © 2021–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL