SlideShare a Scribd company logo

Paranoid android versatile protection for smartphone

source paper: http://www.syssec-project.eu/m/page-media/3/paranoid-android-acsac10.pdf

1 of 19
Download to read offline
Versatile Protection for Smartphone
Presenter: Vichhaiy, 5938445
Professor: Vasaka
1
 Introduction
 Paranoid Android Architecture
 Implementation
 Evaluation
 Conclusion
 Reference
 Q&A
2
 Smartphones:
 Do things we used to do with
computers
 Games, videos, notes…
 Store sensitive data
 Bank account, passwords…
 Perform calls
 Sensors
 GPS, Accelerometer, Compass,
Proximity , Light, Mics, Camera …
 Not like PC, where many security
approaches available
 Highly valuable target for hackers
3
 Experiment on Android HTC G1
 Perform a scan with ClamAV
 ~ 30 mn & consume 2% battery
 Normal file scanning apps
 11.8x slower than a single-core VM
 They propose a new model called Paranoid Android where all checks
are perform NOT on phone, but on the replica hosted on security server
in the cloud
4
5
Figure 1: Paranoid Android architecture overview
On the smartphone:
Recorder
Tracer records all information , filters the
needed one, secures with hash (HMAC),
compress and transmit to the replayer
*synchronise: they use loose synchronization
strategy (ex. Synchronise to server only when
recharging)
*temper-evident storage: prevent alter from
hackers
6
Ad

Recommended

10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network Monitoring10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network MonitoringHelpSystems
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring BasicsRob Dunn
 
Real Time Network Monitoring System
Real  Time  Network  Monitoring  SystemReal  Time  Network  Monitoring  System
Real Time Network Monitoring SystemGirish Naik
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 

More Related Content

Similar to Paranoid android versatile protection for smartphone

Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...
Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...
Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...rickschwar
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...IJNSA Journal
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc  Lyon Part 1Portakal Teknoloji Otc  Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Cse318,lab report
Cse318,lab reportCse318,lab report
Cse318,lab reportFarhadHimel
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperJoanna Paulsen
 
Embedded
EmbeddedEmbedded
EmbeddedAbindas
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protectionHieu Le Dinh
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceChittagong University
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksIOSR Journals
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
Unit 1os processes and threads
Unit 1os processes and threadsUnit 1os processes and threads
Unit 1os processes and threadsdonny101
 

Similar to Paranoid android versatile protection for smartphone (20)

Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...
Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...
Samsung Developer's Conference - Maximize App Performance while Minimizing Ba...
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc  Lyon Part 1Portakal Teknoloji Otc  Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
fall2013
fall2013fall2013
fall2013
 
Cse318,lab report
Cse318,lab reportCse318,lab report
Cse318,lab report
 
CT
CTCT
CT
 
569 492-500
569 492-500569 492-500
569 492-500
 
Project report,nowrin
Project report,nowrinProject report,nowrin
Project report,nowrin
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis Paper
 
Security
SecuritySecurity
Security
 
Embedded
EmbeddedEmbedded
Embedded
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerce
 
Seguridad en laptops
Seguridad en laptopsSeguridad en laptops
Seguridad en laptops
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos Attacks
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
Unit 1os processes and threads
Unit 1os processes and threadsUnit 1os processes and threads
Unit 1os processes and threads
 

Paranoid android versatile protection for smartphone

  • 1. Versatile Protection for Smartphone Presenter: Vichhaiy, 5938445 Professor: Vasaka 1
  • 2.  Introduction  Paranoid Android Architecture  Implementation  Evaluation  Conclusion  Reference  Q&A 2
  • 3.  Smartphones:  Do things we used to do with computers  Games, videos, notes…  Store sensitive data  Bank account, passwords…  Perform calls  Sensors  GPS, Accelerometer, Compass, Proximity , Light, Mics, Camera …  Not like PC, where many security approaches available  Highly valuable target for hackers 3
  • 4.  Experiment on Android HTC G1  Perform a scan with ClamAV  ~ 30 mn & consume 2% battery  Normal file scanning apps  11.8x slower than a single-core VM  They propose a new model called Paranoid Android where all checks are perform NOT on phone, but on the replica hosted on security server in the cloud 4
  • 5. 5 Figure 1: Paranoid Android architecture overview
  • 6. On the smartphone: Recorder Tracer records all information , filters the needed one, secures with hash (HMAC), compress and transmit to the replayer *synchronise: they use loose synchronization strategy (ex. Synchronise to server only when recharging) *temper-evident storage: prevent alter from hackers 6
  • 7. On the cloud (security server) Replayer receives the trace and replays the execution same as on phone, then they can apply security checks within emulator Security checks: - Dynamic analysis (detect 0-day) - AV (scan files) - Memory scanner (abnormal code) - System call anomaly detection (abnormal activities) 7
  • 8. They use a network proxy that temporarily stores traffic destined to the phone, to reduce the amount of data the tracer needs to store and transmit to the replica. The replayer can later access the proxy to retrieve the data needed for the replaying. 8
  • 9.  This is kind of PA’s prototype implementation  Platform:  Android OS 1.6  HTC G1 developer phone  Record using linux ptrace()  Mechanism:  Shared memory  Create spinlock algorithm for scheduling, ensures no two threads that share a memory object can ever run concurrently.  Use ioctls I/O control system, allow communication with drivers for each request commands 9
  • 10.  Execution Trace Compression  Record only system call (non-deterministic)  Use network proxy so that inbound data are not logged  Compress data using 3 algorithms: delta encoding, Huffman encoding, DEFLATE ( also used gzip)  Attack Detection Mechanism  Virus Scanner, modified version of open source ClamAV with more than 500000 signatures  Dynamic Taint Analysis (DTA), a powerful tool to analyze against zero-day attack 10
  • 11. 11
  • 12. Figure 3: Average data generation rate, when performing various tasks. 12
  • 13.  The volume of data generated directly affects the amount of energy required to transmit the trace log to the server, Figure 4: Battery level and CPU load average while browsing on the HTC G1 developer phone. 13 PA introduces 2 overheads: - Increase CPU usage - Consume power  Idle operation and performing calls  CPU load and battery life are not affected  During intensive usage like browsing  CPU load average increased by ~15%  Battery consumption increased by ~30%
  • 14.  They suggest to implement tracer within kernel to reduce the power consumption 14
  • 15. Figure 5: Number of replica instances that can be run on a server without delay. As CPU utilization increases on the phone, fewer replicas can be executing in sync with the phone. 15
  • 16. 16 Intercepting the read() system call in user space is ~25x slower than doing so in the kernel
  • 17.  Smartphones are valuable targets and they will be under attack  They provide prototype of recording and replaying framework specifically for Android  Mechanisms for detection attacks, backup state  Apply multiple security checks simultaneously  They’re still working on the kernel implementation to handle overhead 17
  • 19. 19

Editor's Notes

  1. While this implies that PA may not be able to detect an attack against the kernel, most kernel vulnerabilities are only exploitable locally You may not use HMAC, but other heavyweight algorithm
  2. While this implies that PA may not be able to detect an attack against the kernel, most kernel vulnerabilities are only exploitable locally A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
  3. Alternatively, PA could be oered as a service by wireless providers,
  4. Prototype is the early version, trial or a sample (not yet practical)
  5. We introduce a transparent proxy that logs all Internet traffic towards the phone, and makes it available to the security server upon request. This way the phone does not need to waste precious energy to log and transmit them to the replica. A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory A computer program is by nature deterministic, but it receives nondeterministic inputs and events that influence its execution ow.
  6. The effects because of compression and encryption