基于Android平台的软件保护研究与实现

发布时间：2018-03-09 06:22

本文选题：Android安全　切入点：白盒AES　出处：《北京邮电大学》2015年硕士论文　论文类型：学位论文

【摘要】：自从Android系统发布以来,由于其基于Linux和开源性等特点受到了全世界广泛的关注,目前已经成为世界上最流行的手机操作系统之一。而随着Android系统的应用越来越广泛,其安全问题日益突出,目前Android的安全在很大程度上是其应用程序的安全,很多软件可以很容易地被破解,并插入广告或者恶意代码,严重损害了广大开发者和用户的权益。本文首先分析了目前Android应用程序面临的威胁,针对这些威胁提出了对应的安全保护技术,基于这些安全保护技术设计并实现了一个对Android应用程序进行加密保护的系统。论文所做的主要工作成果如下： 1.本文提出了两种适合运行在移动智能终端的白盒加密算法：白盒AES和白盒CLEFIA,算法利用了拆分密钥并添加随机数的方法缩小了白盒查找表的体积,提高了算法的执行效率,为本文接下来介绍的软件加密方法提供安全高效率的算法解决方案。 2.本文针对目前Android应用程序面临的威胁,分别研究了对Android应用程序中的可执行文件dex和so进行保护的方法,通过分析系统源码,开发出了一套对应用程序的自定义加载器,在应用程序运行时释放并在内存中加载受保护数据,避免了攻击者轻易获得受保护数据。 3.最后,基于以上提出的技术,本文设计并实现了一种基于白盒加密算法的软件保护框架,并对保护前后的APK进行了效率和安全性测试,可以得出,经过保护后的软件在一定程度上抵御了逆向攻击。
[Abstract]:Since the release of Android system, because of its characteristics of Linux and open source, it has become one of the most popular mobile phone operating systems in the world, and with the application of Android system is more and more widespread. The security problem of Android is becoming more and more serious. At present, the security of Android is to a large extent the security of its application program. Many software can be easily cracked and inserted into advertisement or malicious code, which seriously damages the rights and interests of developers and users. In this paper, the threats to Android applications are analyzed, and the corresponding security protection technologies are proposed. Based on these security technologies, a system for encrypting and protecting Android applications is designed and implemented. The main achievements of the thesis are as follows:. 1. This paper presents two white box encryption algorithms for mobile intelligent terminals: White box AES and white box CLEFIA. The algorithm reduces the size of the white box lookup table and improves the efficiency of the algorithm by splitting the key and adding the random number. This paper introduces the software encryption method to provide a secure and efficient algorithm solution. 2. Aiming at the threat of Android application at present, this paper studies the methods of protecting the executable file dex and so in Android application. By analyzing the source code of the system, a set of custom loader for the application is developed. Frees and loads protected data in memory at application run time, avoiding easy access to protected data. 3. Finally, based on the above technology, this paper designs and implements a software protection framework based on white box encryption algorithm, and tests the efficiency and security of APK before and after protection. The protected software resists the reverse attack to some extent.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP316;TP309

【参考文献】