SlideShare uma empresa Scribd logo

Detection and prevention method of rooting attack on the android phones

IAEME Publication
IAEME Publication

Detection and prevention method of rooting attack on the android phones

Tecnologia
1 de 9
Baixar para ler offline
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 158 DETECTION AND PREVENTION METHOD OF ROOTING ATTACK ON THE ANDROID PHONES Litty Antony, Asst. Prof. Harlay Maria Mathew, Prof. Jayakumar.P Department of computer science and Engineering, Sree Narayana Gurukulam college of Engineering, kerala, India ABSTRACT As we all know e-banking transactions are increasing day by day with our needs. Developers develop new applications for e-banking transactions. But do not provide any perfect securities in these applications [2]. E-transaction plays a vital role in our day to day life, everyone is emerge from the pc to smart phone devices. Smart phones like Android based OS are experiencing some vulnerabilities when doing transactions. The problems like, getting root access to the android phone when saving the user’s personal information with the authentication certificate provided during e- transactions. In this thesis, analyze the structure of the smart phone, from that establishing methods as detection against it and the preventive measures [3, 4]. Keywords: Android, Rooting Attack, Countermeasure Techniques, Exploit Attack for Smart Work Device Introduction. 1. INTRODUCTION Recently, the emergence of smart phones, and are the essential factors for doing e-transactions. Almost of the banks all over the world provide e-banking in smart phones as iPhone and android phones. In android phones banking applications are available in play store and their own sites. However, Mobile banking is viewed as a critically important strategic channel by almost financial institutions. In order to ensure a secure experience for everyone, the protections must increase alongside the risks. Few consumers have any form of anti-malware software on their mobile devices and, with little consideration for security, many are willing to download apps of completely unknown provenance from app stores. From that user may experience any leakage of the personal information’s and authentication certificate that an attacker targeting the android device. By, the use of e-financial services have to analyze the saving structure of information and vulnerabilities forms in these applications. Also,it is required to find out the countermeasures against these attacks. In this thesis, the smart phone device provide a structure for the information that is saved and have to analyze it.Also, need to analyze the vulnerabilities that could be found in smart phone devices when doing transaction and the saved personal information in the device follows rooting attack. For a safety measure establishing the personal information when doing a transaction must be changed, introducing new countermeasures against rooting attacks. Chapter 2, concerning with the saving structure of personal information in smart phone device .In chapter 3, related on how the personal information such as authentication certificates affected by the rooting attack and the vulnerabilities. Chapter 4 specifies the rooting attack detection mechanism. Chapter 5 including the prevention mechanism against the rooting attack. Chapter 6 concern with the prevention method. Finally in chapter 7, conclusions based on the counter measures and the task made. INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 12, December (2014), pp. 158-166 © IAEME: www.iaeme.com/IJCET.asp Journal Impact Factor (2014): 8.5328 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 159 2. RELATED WORKS 2.1 Application using for E-financial Transaction Based on the e-financial transactions, people usually download and install the android application without another registration process. If the users are a part of the e-financial process he/she can do with the same procedure. During the e-financial transaction, it is relevant to save the public authentication certificate and other personal information in the smart phone for the security purposes of the procedure. For the use of public authentication certificate saved in the android based smart phone device, it is needed to transmit the public authentication which is saved in a PC to the smart phone. In order for doing that, need to install the application for the e-transaction. Figure 1 shows how the public authentication certificate transmitted from PC to android phone. Firstly, when we open the application, click on the ‘digital certificate and copy certificate’ as a request given to the PC. The user have to enter the accreditation number, resident registration number and password. If the numbers which is entered are correct, then the PC approve the user by generating a public authentication certificate to the user’s smart phone device. Figure 1: Public authentication certificate transmitted from PC to android phone 2.2. A structure of saving the public authentication certificate in the smart-phone Device After generating the public authentication certificate, required to use for each e-transactions via smart phone where it is saved. Figure 2 shows the internal saving structure. All the information’s saved about the e-transaction including the public authentication certificate are saved in the sdcard folder in the android device.
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 160 Figure 2: saving structure of public authentication certificate The important information’s are saved in subfolders of the sdcard. The signCert file, is the public authentication certificate using the encoding methods. Another file named signPri.key uses the encoding algorithm SEED and PKCS#8 which the information about encrypted personal keys. The below figure shows public authentication certificate the saved in the PC and the smart phone device. While analyzing it, possible the OS used in those device are different. Figure 3: saving structure comparison between Pc and smart phone device 2.3 Android Rooting Vulnerability For the use of the e-financial transaction in the android OS, need to have an authentication certificate. Most of the android device have to face a security related vulnerabilities, which makes the smart phone for the illegal access of the malicious process named such as rooting attack. Which gives the device authority for the attacker. During rooting, an application named Superuser and a program su are installed. We can use su to open a root- privileged shell. Superuser exchanges information with su and can identify the application, which requested the open a root shell. Superuser also can ask a user whether she allow or deny the request of su. RageAgainstTheCage[4] or GingerBreak[5] are the 2 methods mainly used for the rooting attack of the smart phone, they are made up of C based language. Firstly, what the attacker do is, he/she will create a malignant code which is based on the Java language in the android device in the android application for the e-transaction. The attacker gives the user with the C language which is based on the rooting source code, and cross complied it.When the user download, install and use this application for the android device, this source code is applied to that application for getting the rooting authority of the smart phone. While getting the root access to the attacker, users have an experience of leakage of the personal information’s during e-transaction. The above process running in the android device is a background work without user awareness.
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 161 As shown in figure 4, the method called RageAgainstTheCage is used for the rooting purpose. The android OS which have LINUX-based shell, so in that method it executes self-reproducing process and a fork () procedure continuously. When multiple execution is done will cause the internal memory crashed due to process termination and a new authority is requested to the kernel, then it acquires the rooting authority[6,7,8]. The fork () procedure being executed about 400 times in the Linux shell. Figure 4: RageAgainstTheCage-based Rooting method Next, another rooting method called GingerBreak shown in the figure.5.It will manipulate and interrupt the message sent to the kernel by the Linux shells, for asking the rooting privilege from the manager. It copies a falsified su file in the system folder su /system/bin into /system/bin folder. When a process executes su, Superuser asks the user whether to give the Privilege to the process. This method can be divided into 2,one is temporarily getting the rooting authority using hooking method and another is permanently getting rooting authority in the android device. Figure 5: GingerBreak-based rooting method 3. EXPLOIT ATTACK FOR THE PUBLIC AUTHENTICATION CERTIFICATE FOR E-FINANCIAL TRANSACTION 3.1 Android-based E-financial service attack The malignant application[6,7,8,9] is executed served by the attacker gets the root access, and by that the financial information which is in the android device can be used by the attacker. Figure 6, how an attacker gets the root access while executing it. After getting the authentication certificate he/she can do whatever wants.
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 162 When the user download and install and run the malignant application created by the attacker, which gets the rooting authority after some procedures. After that the rooting attack is initiated, and the information’s regarding financial transactions saved in the phone are compressed. Then this file is send to the attacker’s server. Figure 6: Exposure attack for the public authentication certificate based on the rooting attack 3.2 Exposure Attack for the Public Authentication Certificate 3.2.1. Execution of the rooting attack for the android based device The rooting attack for the android-based device is a kind of preliminary attack to acquire financial information as shown in Fig. 7. The rooting attack makes it possible to acquire the manager's authority and get access to every system file. The financial information is compressed by using the tar command in the rooting state, as there is a folder with a Korean title in thefolde r of the public authentication certificate. The rooting attack can be classified into the temporary rooting attack and the permanent rooting attack. Through the temporary rooting attack, it is possible to avoid the detection of the vaccine application. Figure 7: Requesting root access to the user 3.2.1 Acquisition of the public authentication certificate following the rooting attack Figure 8. showing how an attacker access the credentials while getting the root access. Firstly, the credentials of e-transactions are saved in sdcard folder. Subfolder named NPKI which is having the all the personal informations. The attacker first compress the files creates as xxx.tar file, finally it will send to the attackers specific location (in figure 8 ‘package4’ is the folder created by the malicious app).
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 163 Figure 8: acquisition of the public authentication certificate within the device 3.2.3. Exposure of the public authentication certificate in the device In figure 9. tells the details about exposure of the public authentication certificate in android device. After compression and creation of the files, they are send to a specific folder in a specific location. From there the xxx.tar file (i.e, compressed file) is send to the attacker’s server. For getting rid from trace of this, attacker delete the file. Therefore, in order to positively respond to such vulnerability, it is necessary to prevent the android-based device subject to the rooting attack from executing a fmancial application. It is necessary to allow the device which is not subject to the rooting attack to execute a fmancial application. For such a purpose, it is necessary to provide the necessary detecting and responding techniques for the rooting attack. Throughout this study, the following four methods were specifically suggested, compared and analyzed. Figure 9: Exposure of Financial Information 4. ROOTING ATTACK DETECTION MECHANISM 4.1 IPC Monitoring-based Rooting Detecting Technique IPC (Inter Process Communication) is a communicating method among different processes. In case of the rooting attack module, the hooking process is executed while acquiring the rooting authority. Also, by using the Pipe method, the hooking process is executed for messages. The OpenBinder-based android IPC provides communication
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 164 services among different applications at the JAVA code level. Therefore, as shown inFig. 10, the IPC message-based rooting attack detecting technique detects the rooting attack by analyzing the number of occurrence for the Pipe messages executed in the application. As a result, in case of the GingerBreak method, it is possible to distinguish the process, which is suspicious of being the rooting attack, by analyzing the number of occurrence for the IPC Pipe messages related with the attempt to carry out the rooting attack. Figure 10: IPC monitoring based responding technique However, since the general process also generates the Pipe messages, it is likely to be impossible to provide an accurate detecting process. 4.2 Signature based rooting detection technique When users generally download android apk files from internet. But they are not concerned about the digital signatures given to them.so the verification of the signature of the downloaded e-financial app, this method is useful. Figure 11 shows by using the technique, downloaded application let for decompilation and find out whether it contains and any cross compiled file. If it is carrying, then the ELF characteristic of the file is extracted. From the ELF character string, it will determine whether it is contains any signature or not and detects the rooting module. Figure 10: Cross-Compile-Based Responding Technique 4.3 Activity based rooting attack detecting technique This method what does is shown in figure 12, it regularly monitors the data’s send from our phone to other phones or attackers database. When the attacker sends the packets from the phone, the CPU consuming rate of android device is very high. This technique can be used in 2 rooting methods. In RageAgainstTheCage rooting method, when
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 165 fork () executed with infinite number of times and therefore increase the number of process in the device. In activity based method, it detect by excessive use of memory. In GingerBreak method, it executes message hooking method in the program. By the use of activity based method, it can easily detect the problem. Figure 12: Activity based rooting attack detection 5. ANDROID BASED STEGANOGRAPHY APPLICATION Cryptography and steganography are two techniques used to ensure information confidentiality, integrity and authenticity. Cryptography uses encryption to scramble the secret information in such a way that only the sender and the intended receiver are able to reveal it. Steganography hides the secret information in different carriers in such a way that it becomes difficult to detect. It is to transmit secret files through Internet and Mobile Networks using a smart phone that run Android operating system. The method says that, select BMP Bitmap format for the cover images because it is a lossless format and allows embedding large quantity of information. The image view tool does not access directly the original image file. It makes a copy of the original image file and transforms it in an (.png) image type no matter the type of the original image. This technique reduces very much the dimension of the cover image and this is not proper for LSB because it reduces the quantity of secret information which is to be hidden. It is able to manipulate carrier images of MB dimensions usually transferred through Internet and Mobile Networks. To process the method, follow these steps: • In the e-financial application, by integrating the steganography application for the hidden purposes. • After all the verification, personal information have to send from PC to our device and follow some verifications, also it contain this technique asking the name of the image file to hide and a secret key. So Cover image, secret file, and the secret key are loaded into application. • It verifies the dimension of the two files (cover image and secret file) to see if they are suitable. • The secret file, its dimension and its execution are encrypted by means of a stream cipher algorithm using the secret key. The encrypted bits are stored in a temporary array. • LSB algorithm starts to embed secret bits inside the cover image file using the pseudo random function completed with modulo 3 operations. The purpose of this random algorithm is to spread the secret message over the cover in a rather random manner. • The cover image with the secret file embedded is saved in a specified phone location. Figure 13: Cover image: original and with secret message embedded
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 166 If a person is doing an e-transaction have some verifications like to reveal the public authentication certificate. So when we click to the image which is hiding the folder needs a secret key verification. If it is success, then it can be used for the financial purposes. Here the folder extracted from the image is not saved only can view. 5. CONCLUSION The study about the technique rooting attack detection and prevention technique is used to find out the possibility of the attacker get inside to the device. The e-financial service used by the user in android phone can be compromised with the financial information’s saved in the android phone. From the financial app itself the malicious code can be injected by the attacker and get the root access while executing it. By using the detection method somehow can find out the attack by the attacker, and prevention method like steganography we can save the file. REFERENCES [1] Android.com. (2009b, December 16). What is android? Retrieved December 21, 2009, from http://developer.android.comlguide/basics/what-is-android.html. [2] Wikipedia, Rooting (Android OS), November 20, 2011, from http://en.wikipedia.orgiwiki/Rooting_(Android_OS). [3] Thesnkchrmr, RageAgainstTheCage, March 24, 2011, from http://thesnkchrmr. wordpress.com/20 11/03124/rageagainstthecagel. [4] Egzthunderl, Root your Gingerbread Device with Gingerbreak, April 21, 20 II, from http://www.xda·developers.com/android/root·your·gingerbread·device·with·gingerbreak!. [5] Jill Duffy, A Concise Guide to Android Rooting, September 23, 2011, from http://www.pcmag.comlarticle2/0.2817.2393273.00.asp. [6] Haroon Q. Raja, How to Root Your Android Phone 1 Device, January 8,2011, from http://www.addictivetips.comlmobile/how-to-root-yourandroid- phone-devicel. [7] John A., What is Rooting on Android? The Advantages and Disadvantages, February IS, 2011, from http://droidlessons.comlwhatis-rooting-on-android-the-advantages-and-disadvantages. [8] Eric Geier, How and Why to Root your Android: 15 Worthwhile Apps, August 25, 2011, from http://www.tomsguide.com/us/Root-YourAndroid-Phone,review-1688.html. [9] Derek Scott, Rooting for Dummies: A Beginner's Guide to Rooting your Android Device, March 22, 2011, from http://www.androidauthority.com/rooting-for-dummies-a. [10] http://univagora.ro/jour/index.php/ijccc/article/viewFile/642/pdf_64. [11] Anirudha A. Kolpyakwar, Sonal Honale, Piyush M. Dhande and Pallavi A. Chaudhari, “A Review on Cloud- Based Intrusion Detection System for Android Smartphones”, International Journal of Advanced Research in Engineering & Technology (IJARET), Volume 4, Issue 6, 2013, pp. 238 - 245, ISSN Print: 0976-6480, ISSN Online: 0976-6499. [12] Kirandeep and Anu Garg, “Implementing Security on Android Application”, International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 2, 2013, pp. 576 - 589, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.

Recomendados

Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
Graphical Password Authentication using Images Sequence
Graphical Password Authentication using Images SequenceGraphical Password Authentication using Images Sequence
Graphical Password Authentication using Images SequenceIRJET Journal
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
Effectiveness of various user authentication techniques
Effectiveness of various user authentication techniquesEffectiveness of various user authentication techniques
Effectiveness of various user authentication techniquesIAEME Publication
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 

Recomendados

Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
Graphical Password Authentication using Images Sequence
Graphical Password Authentication using Images SequenceGraphical Password Authentication using Images Sequence
Graphical Password Authentication using Images SequenceIRJET Journal
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
Effectiveness of various user authentication techniques
Effectiveness of various user authentication techniquesEffectiveness of various user authentication techniques
Effectiveness of various user authentication techniquesIAEME Publication
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET Journal
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET Journal
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLInternational Journal of Technical Research & Application
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
I018145157
I018145157I018145157
I018145157IOSR Journals
 
I1804015458
I1804015458I1804015458
I1804015458IOSR Journals
 
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...IRJET Journal
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes csandit
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
IRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET Journal
 
IRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using BiometricsIRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using BiometricsIRJET Journal
 
Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...IRJET Journal
 
120 i143
120 i143120 i143
120 i143Hai Nguyen
 
Intrusion detection architecture for different network attacks
Intrusion detection architecture for different network attacksIntrusion detection architecture for different network attacks
Intrusion detection architecture for different network attackseSAT Journals
 
IRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking SystemsIRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking SystemsIRJET Journal
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
A017360104
A017360104A017360104
A017360104IOSR Journals
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 

Mais conteúdo relacionado

Mais procurados

IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET Journal
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET Journal
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...IRJET Journal
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes csandit
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
IRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET Journal
 
IRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using BiometricsIRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using BiometricsIRJET Journal
 
Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...IRJET Journal
 
Intrusion detection architecture for different network attacks
Intrusion detection architecture for different network attacksIntrusion detection architecture for different network attacks
Intrusion detection architecture for different network attackseSAT Journals
 
IRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking SystemsIRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking SystemsIRJET Journal
 

Mais procurados (18)

IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking System
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
I018145157
I018145157I018145157
I018145157
 
I1804015458
I1804015458I1804015458
I1804015458
 
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking Security
 
IRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual Cryptography
 
IRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using BiometricsIRJET- End to End Message Encryption using Biometrics
IRJET- End to End Message Encryption using Biometrics
 
Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...Transparent Developmental Biometric Based System Protect User Reauthenticatio...
Transparent Developmental Biometric Based System Protect User Reauthenticatio...
 
120 i143
120 i143120 i143
120 i143
 
Intrusion detection architecture for different network attacks
Intrusion detection architecture for different network attacksIntrusion detection architecture for different network attacks
Intrusion detection architecture for different network attacks
 
IRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking SystemsIRJET- Two Way Authentication for Banking Systems
IRJET- Two Way Authentication for Banking Systems
 

Semelhante a Detection and prevention method of rooting attack on the android phones

Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsCognizant
 
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...ADEIJ Journal
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationeSAT Journals
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfGMATechnologies1
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
 
Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfTalha Naqash
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
A Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareA Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareIRJET Journal
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
Camera based attack detection and prevention tech niques on android mobile ph...
Camera based attack detection and prevention tech niques on android mobile ph...Camera based attack detection and prevention tech niques on android mobile ph...
Camera based attack detection and prevention tech niques on android mobile ph...eSAT Journals
 
A Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical PasswordA Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical Passwordijtsrd
 

Semelhante a Detection and prevention method of rooting attack on the android phones (20)

Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
A017360104
A017360104A017360104
A017360104
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
 
V4I5201571
V4I5201571V4I5201571
V4I5201571
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
 
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authentication
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
880 st011
880 st011880 st011
880 st011
 
Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdf
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
A Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareA Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile Malware
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
 
Camera based attack detection and prevention tech niques on android mobile ph...
Camera based attack detection and prevention tech niques on android mobile ph...Camera based attack detection and prevention tech niques on android mobile ph...
Camera based attack detection and prevention tech niques on android mobile ph...
 
A Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical PasswordA Survey on Smart Android Graphical Password
A Survey on Smart Android Graphical Password
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 

Mais de IAEME Publication

IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME Publication
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...IAEME Publication
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSIAEME Publication
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSIAEME Publication
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSIAEME Publication
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSIAEME Publication
 
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOVOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOIAEME Publication
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IAEME Publication
 
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYVISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYIAEME Publication
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...IAEME Publication
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEIAEME Publication
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...IAEME Publication
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...IAEME Publication
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...IAEME Publication
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...IAEME Publication
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...IAEME Publication
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...IAEME Publication
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...IAEME Publication
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...IAEME Publication
 
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTA MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTIAEME Publication
 

Mais de IAEME Publication (20)

IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdf
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
 
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOVOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
 
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYVISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICE
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
 
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTA MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
 

Último

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Detection and prevention method of rooting attack on the android phones

  • 1. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 158 DETECTION AND PREVENTION METHOD OF ROOTING ATTACK ON THE ANDROID PHONES Litty Antony, Asst. Prof. Harlay Maria Mathew, Prof. Jayakumar.P Department of computer science and Engineering, Sree Narayana Gurukulam college of Engineering, kerala, India ABSTRACT As we all know e-banking transactions are increasing day by day with our needs. Developers develop new applications for e-banking transactions. But do not provide any perfect securities in these applications [2]. E-transaction plays a vital role in our day to day life, everyone is emerge from the pc to smart phone devices. Smart phones like Android based OS are experiencing some vulnerabilities when doing transactions. The problems like, getting root access to the android phone when saving the user’s personal information with the authentication certificate provided during e- transactions. In this thesis, analyze the structure of the smart phone, from that establishing methods as detection against it and the preventive measures [3, 4]. Keywords: Android, Rooting Attack, Countermeasure Techniques, Exploit Attack for Smart Work Device Introduction. 1. INTRODUCTION Recently, the emergence of smart phones, and are the essential factors for doing e-transactions. Almost of the banks all over the world provide e-banking in smart phones as iPhone and android phones. In android phones banking applications are available in play store and their own sites. However, Mobile banking is viewed as a critically important strategic channel by almost financial institutions. In order to ensure a secure experience for everyone, the protections must increase alongside the risks. Few consumers have any form of anti-malware software on their mobile devices and, with little consideration for security, many are willing to download apps of completely unknown provenance from app stores. From that user may experience any leakage of the personal information’s and authentication certificate that an attacker targeting the android device. By, the use of e-financial services have to analyze the saving structure of information and vulnerabilities forms in these applications. Also,it is required to find out the countermeasures against these attacks. In this thesis, the smart phone device provide a structure for the information that is saved and have to analyze it.Also, need to analyze the vulnerabilities that could be found in smart phone devices when doing transaction and the saved personal information in the device follows rooting attack. For a safety measure establishing the personal information when doing a transaction must be changed, introducing new countermeasures against rooting attacks. Chapter 2, concerning with the saving structure of personal information in smart phone device .In chapter 3, related on how the personal information such as authentication certificates affected by the rooting attack and the vulnerabilities. Chapter 4 specifies the rooting attack detection mechanism. Chapter 5 including the prevention mechanism against the rooting attack. Chapter 6 concern with the prevention method. Finally in chapter 7, conclusions based on the counter measures and the task made. INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 12, December (2014), pp. 158-166 © IAEME: www.iaeme.com/IJCET.asp Journal Impact Factor (2014): 8.5328 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
  • 2. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 159 2. RELATED WORKS 2.1 Application using for E-financial Transaction Based on the e-financial transactions, people usually download and install the android application without another registration process. If the users are a part of the e-financial process he/she can do with the same procedure. During the e-financial transaction, it is relevant to save the public authentication certificate and other personal information in the smart phone for the security purposes of the procedure. For the use of public authentication certificate saved in the android based smart phone device, it is needed to transmit the public authentication which is saved in a PC to the smart phone. In order for doing that, need to install the application for the e-transaction. Figure 1 shows how the public authentication certificate transmitted from PC to android phone. Firstly, when we open the application, click on the ‘digital certificate and copy certificate’ as a request given to the PC. The user have to enter the accreditation number, resident registration number and password. If the numbers which is entered are correct, then the PC approve the user by generating a public authentication certificate to the user’s smart phone device. Figure 1: Public authentication certificate transmitted from PC to android phone 2.2. A structure of saving the public authentication certificate in the smart-phone Device After generating the public authentication certificate, required to use for each e-transactions via smart phone where it is saved. Figure 2 shows the internal saving structure. All the information’s saved about the e-transaction including the public authentication certificate are saved in the sdcard folder in the android device.
  • 3. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 160 Figure 2: saving structure of public authentication certificate The important information’s are saved in subfolders of the sdcard. The signCert file, is the public authentication certificate using the encoding methods. Another file named signPri.key uses the encoding algorithm SEED and PKCS#8 which the information about encrypted personal keys. The below figure shows public authentication certificate the saved in the PC and the smart phone device. While analyzing it, possible the OS used in those device are different. Figure 3: saving structure comparison between Pc and smart phone device 2.3 Android Rooting Vulnerability For the use of the e-financial transaction in the android OS, need to have an authentication certificate. Most of the android device have to face a security related vulnerabilities, which makes the smart phone for the illegal access of the malicious process named such as rooting attack. Which gives the device authority for the attacker. During rooting, an application named Superuser and a program su are installed. We can use su to open a root- privileged shell. Superuser exchanges information with su and can identify the application, which requested the open a root shell. Superuser also can ask a user whether she allow or deny the request of su. RageAgainstTheCage[4] or GingerBreak[5] are the 2 methods mainly used for the rooting attack of the smart phone, they are made up of C based language. Firstly, what the attacker do is, he/she will create a malignant code which is based on the Java language in the android device in the android application for the e-transaction. The attacker gives the user with the C language which is based on the rooting source code, and cross complied it.When the user download, install and use this application for the android device, this source code is applied to that application for getting the rooting authority of the smart phone. While getting the root access to the attacker, users have an experience of leakage of the personal information’s during e-transaction. The above process running in the android device is a background work without user awareness.
  • 4. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 161 As shown in figure 4, the method called RageAgainstTheCage is used for the rooting purpose. The android OS which have LINUX-based shell, so in that method it executes self-reproducing process and a fork () procedure continuously. When multiple execution is done will cause the internal memory crashed due to process termination and a new authority is requested to the kernel, then it acquires the rooting authority[6,7,8]. The fork () procedure being executed about 400 times in the Linux shell. Figure 4: RageAgainstTheCage-based Rooting method Next, another rooting method called GingerBreak shown in the figure.5.It will manipulate and interrupt the message sent to the kernel by the Linux shells, for asking the rooting privilege from the manager. It copies a falsified su file in the system folder su /system/bin into /system/bin folder. When a process executes su, Superuser asks the user whether to give the Privilege to the process. This method can be divided into 2,one is temporarily getting the rooting authority using hooking method and another is permanently getting rooting authority in the android device. Figure 5: GingerBreak-based rooting method 3. EXPLOIT ATTACK FOR THE PUBLIC AUTHENTICATION CERTIFICATE FOR E-FINANCIAL TRANSACTION 3.1 Android-based E-financial service attack The malignant application[6,7,8,9] is executed served by the attacker gets the root access, and by that the financial information which is in the android device can be used by the attacker. Figure 6, how an attacker gets the root access while executing it. After getting the authentication certificate he/she can do whatever wants.
  • 5. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 162 When the user download and install and run the malignant application created by the attacker, which gets the rooting authority after some procedures. After that the rooting attack is initiated, and the information’s regarding financial transactions saved in the phone are compressed. Then this file is send to the attacker’s server. Figure 6: Exposure attack for the public authentication certificate based on the rooting attack 3.2 Exposure Attack for the Public Authentication Certificate 3.2.1. Execution of the rooting attack for the android based device The rooting attack for the android-based device is a kind of preliminary attack to acquire financial information as shown in Fig. 7. The rooting attack makes it possible to acquire the manager's authority and get access to every system file. The financial information is compressed by using the tar command in the rooting state, as there is a folder with a Korean title in thefolde r of the public authentication certificate. The rooting attack can be classified into the temporary rooting attack and the permanent rooting attack. Through the temporary rooting attack, it is possible to avoid the detection of the vaccine application. Figure 7: Requesting root access to the user 3.2.1 Acquisition of the public authentication certificate following the rooting attack Figure 8. showing how an attacker access the credentials while getting the root access. Firstly, the credentials of e-transactions are saved in sdcard folder. Subfolder named NPKI which is having the all the personal informations. The attacker first compress the files creates as xxx.tar file, finally it will send to the attackers specific location (in figure 8 ‘package4’ is the folder created by the malicious app).
  • 6. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 163 Figure 8: acquisition of the public authentication certificate within the device 3.2.3. Exposure of the public authentication certificate in the device In figure 9. tells the details about exposure of the public authentication certificate in android device. After compression and creation of the files, they are send to a specific folder in a specific location. From there the xxx.tar file (i.e, compressed file) is send to the attacker’s server. For getting rid from trace of this, attacker delete the file. Therefore, in order to positively respond to such vulnerability, it is necessary to prevent the android-based device subject to the rooting attack from executing a fmancial application. It is necessary to allow the device which is not subject to the rooting attack to execute a fmancial application. For such a purpose, it is necessary to provide the necessary detecting and responding techniques for the rooting attack. Throughout this study, the following four methods were specifically suggested, compared and analyzed. Figure 9: Exposure of Financial Information 4. ROOTING ATTACK DETECTION MECHANISM 4.1 IPC Monitoring-based Rooting Detecting Technique IPC (Inter Process Communication) is a communicating method among different processes. In case of the rooting attack module, the hooking process is executed while acquiring the rooting authority. Also, by using the Pipe method, the hooking process is executed for messages. The OpenBinder-based android IPC provides communication
  • 7. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 164 services among different applications at the JAVA code level. Therefore, as shown inFig. 10, the IPC message-based rooting attack detecting technique detects the rooting attack by analyzing the number of occurrence for the Pipe messages executed in the application. As a result, in case of the GingerBreak method, it is possible to distinguish the process, which is suspicious of being the rooting attack, by analyzing the number of occurrence for the IPC Pipe messages related with the attempt to carry out the rooting attack. Figure 10: IPC monitoring based responding technique However, since the general process also generates the Pipe messages, it is likely to be impossible to provide an accurate detecting process. 4.2 Signature based rooting detection technique When users generally download android apk files from internet. But they are not concerned about the digital signatures given to them.so the verification of the signature of the downloaded e-financial app, this method is useful. Figure 11 shows by using the technique, downloaded application let for decompilation and find out whether it contains and any cross compiled file. If it is carrying, then the ELF characteristic of the file is extracted. From the ELF character string, it will determine whether it is contains any signature or not and detects the rooting module. Figure 10: Cross-Compile-Based Responding Technique 4.3 Activity based rooting attack detecting technique This method what does is shown in figure 12, it regularly monitors the data’s send from our phone to other phones or attackers database. When the attacker sends the packets from the phone, the CPU consuming rate of android device is very high. This technique can be used in 2 rooting methods. In RageAgainstTheCage rooting method, when
  • 8. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 165 fork () executed with infinite number of times and therefore increase the number of process in the device. In activity based method, it detect by excessive use of memory. In GingerBreak method, it executes message hooking method in the program. By the use of activity based method, it can easily detect the problem. Figure 12: Activity based rooting attack detection 5. ANDROID BASED STEGANOGRAPHY APPLICATION Cryptography and steganography are two techniques used to ensure information confidentiality, integrity and authenticity. Cryptography uses encryption to scramble the secret information in such a way that only the sender and the intended receiver are able to reveal it. Steganography hides the secret information in different carriers in such a way that it becomes difficult to detect. It is to transmit secret files through Internet and Mobile Networks using a smart phone that run Android operating system. The method says that, select BMP Bitmap format for the cover images because it is a lossless format and allows embedding large quantity of information. The image view tool does not access directly the original image file. It makes a copy of the original image file and transforms it in an (.png) image type no matter the type of the original image. This technique reduces very much the dimension of the cover image and this is not proper for LSB because it reduces the quantity of secret information which is to be hidden. It is able to manipulate carrier images of MB dimensions usually transferred through Internet and Mobile Networks. To process the method, follow these steps: • In the e-financial application, by integrating the steganography application for the hidden purposes. • After all the verification, personal information have to send from PC to our device and follow some verifications, also it contain this technique asking the name of the image file to hide and a secret key. So Cover image, secret file, and the secret key are loaded into application. • It verifies the dimension of the two files (cover image and secret file) to see if they are suitable. • The secret file, its dimension and its execution are encrypted by means of a stream cipher algorithm using the secret key. The encrypted bits are stored in a temporary array. • LSB algorithm starts to embed secret bits inside the cover image file using the pseudo random function completed with modulo 3 operations. The purpose of this random algorithm is to spread the secret message over the cover in a rather random manner. • The cover image with the secret file embedded is saved in a specified phone location. Figure 13: Cover image: original and with secret message embedded
  • 9. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 166 If a person is doing an e-transaction have some verifications like to reveal the public authentication certificate. So when we click to the image which is hiding the folder needs a secret key verification. If it is success, then it can be used for the financial purposes. Here the folder extracted from the image is not saved only can view. 5. CONCLUSION The study about the technique rooting attack detection and prevention technique is used to find out the possibility of the attacker get inside to the device. The e-financial service used by the user in android phone can be compromised with the financial information’s saved in the android phone. From the financial app itself the malicious code can be injected by the attacker and get the root access while executing it. By using the detection method somehow can find out the attack by the attacker, and prevention method like steganography we can save the file. REFERENCES [1] Android.com. (2009b, December 16). What is android? Retrieved December 21, 2009, from http://developer.android.comlguide/basics/what-is-android.html. [2] Wikipedia, Rooting (Android OS), November 20, 2011, from http://en.wikipedia.orgiwiki/Rooting_(Android_OS). [3] Thesnkchrmr, RageAgainstTheCage, March 24, 2011, from http://thesnkchrmr. wordpress.com/20 11/03124/rageagainstthecagel. [4] Egzthunderl, Root your Gingerbread Device with Gingerbreak, April 21, 20 II, from http://www.xda·developers.com/android/root·your·gingerbread·device·with·gingerbreak!. [5] Jill Duffy, A Concise Guide to Android Rooting, September 23, 2011, from http://www.pcmag.comlarticle2/0.2817.2393273.00.asp. [6] Haroon Q. Raja, How to Root Your Android Phone 1 Device, January 8,2011, from http://www.addictivetips.comlmobile/how-to-root-yourandroid- phone-devicel. [7] John A., What is Rooting on Android? The Advantages and Disadvantages, February IS, 2011, from http://droidlessons.comlwhatis-rooting-on-android-the-advantages-and-disadvantages. [8] Eric Geier, How and Why to Root your Android: 15 Worthwhile Apps, August 25, 2011, from http://www.tomsguide.com/us/Root-YourAndroid-Phone,review-1688.html. [9] Derek Scott, Rooting for Dummies: A Beginner's Guide to Rooting your Android Device, March 22, 2011, from http://www.androidauthority.com/rooting-for-dummies-a. [10] http://univagora.ro/jour/index.php/ijccc/article/viewFile/642/pdf_64. [11] Anirudha A. Kolpyakwar, Sonal Honale, Piyush M. Dhande and Pallavi A. Chaudhari, “A Review on Cloud- Based Intrusion Detection System for Android Smartphones”, International Journal of Advanced Research in Engineering & Technology (IJARET), Volume 4, Issue 6, 2013, pp. 238 - 245, ISSN Print: 0976-6480, ISSN Online: 0976-6499. [12] Kirandeep and Anu Garg, “Implementing Security on Android Application”, International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 2, 2013, pp. 576 - 589, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.