HTPD: Secure and Flexible Message-Based Communication for Mobile Apps

“…This article extends our earlier paper, presented at the 17 th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021) [1]. In comparison to that conference publication (18-page, single-column), this article reports on additional unpublished research that extends our prior work as follows:…”

“…To seamlessly integrate hidden transmission into Android ICC, we had to determine: (1) where to place the sending/receiving points, (2) how to pack message data into its delivery vehicle, and (3) how to transmit messages uniformly within and across devices. We solve these problems as follows.…”

“…To prevent data leakage, state-of-the-art approaches fall into two general categories: (1) taint message data to track and analyze its data flow [11] [12], and (2) track call chains, as guided by a permission restriction policy for sending/receiving data [13][14] [15]. Although these approaches 4 strengthen the security of message-based communication, their high false positive rates often render them impractical for realistic communication scenarios.…”

“…Mechanism (1) serializes a message object with additional information (e.g., data integrity or routing information) as an encrypted binary stream, and then hides the resulting stream as the data field of another message used for transmission. Intercepting the transmitted message would not leak its hidden content to interceptors.…”

Secure and flexible message-based communication for mobile apps within and across devices

“…This article extends our earlier paper, presented at the 17 th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021) [1]. In comparison to that conference publication (18-page, single-column), this article reports on additional unpublished research that extends our prior work as follows:…”

“…To seamlessly integrate hidden transmission into Android ICC, we had to determine: (1) where to place the sending/receiving points, (2) how to pack message data into its delivery vehicle, and (3) how to transmit messages uniformly within and across devices. We solve these problems as follows.…”

“…To prevent data leakage, state-of-the-art approaches fall into two general categories: (1) taint message data to track and analyze its data flow [11] [12], and (2) track call chains, as guided by a permission restriction policy for sending/receiving data [13][14] [15]. Although these approaches 4 strengthen the security of message-based communication, their high false positive rates often render them impractical for realistic communication scenarios.…”

“…Mechanism (1) serializes a message object with additional information (e.g., data integrity or routing information) as an encrypted binary stream, and then hides the resulting stream as the data field of another message used for transmission. Intercepting the transmitted message would not leak its hidden content to interceptors.…”

Secure and flexible message-based communication for mobile apps within and across devices