摘要
基于信任链传递机制设计了一个Android应用安全管理系统上的APK重签名算法。算法利用官方私钥对通过安全检测的APK中开发者签名文件进行重签名以证明其通过官方安全认证,保证了被签名的APK文件信息的安全性、完整性和不可否认性。测试结果表明,对比重签名整个APK文件算法,算法能够高效加速文件的签名与验签进度,提升了用户应用安装体验;同时具备良好的灵活性和可扩展性,具有较高的应用价值和推广价值。
Based on the transfer of trust chain,an effective APK repeating signature algorithm is proposed on the application security management platform in this paper. The proposed algorithm signs the security detection APK file repeated by utilizing the official private key on the basis of the traditional APK signature algorithm, after signature APK file can be through the official safety certification. Thus it can be guaranteed security, integrity and nonrepudiation of the signature APK files. Results of the tests show that the proposed algorithm can speed up the rate of signature and verifier signature efficiently compared with the method of signing the whole APK file, and promote Android users' satisfaction when the APK application program is installed. Moreover, it has good flexibility, extensibility, higher application value and popularization value.
出处
《电视技术》
北大核心
2014年第21期47-51,共5页
Video Engineering
基金
国家自然科学基金青年基金项目(61302087)
教育部博士点基金项目(20120005110017)
国家科技支撑计划项目(2012ZX03002012
2012BAH06B02)
北京邮电大学青年基金项目(20120005110017)
关键词
信任链传递
APK重签名
应用安全管理系统
SHA1算法
RSA算法
transfer of trust chain
APK repeating signature
application security management system
SHA1 algorithm
RSAalgorithm