期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于可传递签名机制的APK授权方案研究 被引量:1

An APK Authorization Scheme Based on Transitive Signature Mechanism
下载PDF
导出
摘要 Android应用开发完成之后,应用市场或其他开发人员等第三方有可能需要向该应用中增加某些功能.而Android系统要求所有的APK(Android Package,Android应用安装包)必须经过签名之后才能发布,由数字签名机制的性质可知经过第三方修改后的Android应用其签名肯定会发生改变,加之Android应用又极易获得,这就会导致未经授权的第三方擅自修改已发布的Android应用,以及难以验证二次发布的Android应用原设计者签名的有效性等问题.针对未授权修改和验证APK原设计者签名有效性困难等问题,本文提出一种基于可传递签名机制的APK授权方案,方案对Android安全机制中的应用签名机制进行了改进,并利用可传递签名机制适用于二元传递关系签名的特性来实现APK授权和验证原设计者的版权.通过第三方二次开发后发布的APK,任何验证者都很容易计算出合成签名即授权信息,根据声称者(应用开发者)提供的参数和计算出的合成签名验证者能够验证声称者声明的合法性,以此实现保护APK设计者版权和Android应用安全的目的.分析表明该方案能够满足Android应用签名的安全性要求. After completion of Android applications, third-party developers including application stores, or other android Application developers may need to add some features to the applications. However, the Android operating system requires that the APK(Android Package, Android application installation package) must be signed before its publication. By the property of digital signature mechanism, we can see that if the Android application is modified by a third-party developer, then its signature must be changed, and it is easy for everyone to get some Android applications, which causes a third party developer modifies the published Android applications without authorization, and it is also difficult to verify the validity of the original designer's signature of the Android application. To address these issues, a APK Authorization Scheme is proposed based on transitive signature. In this scheme, the application programs signature mechanism of Android security is improved, and by using the feature that transitive signature scheme applies to binary transfer relationship signature, it is possible to achieve APK authorization and to verify the APK original designer's copyright. Through the APK published by a third-party developer after recomposed, any verifier can easily get the combined signature, i.e., the authorization information. According to the claimer(Android application developers) parameters and combined signatures, verifier can verify the legitimacy of statement provided by the claimer. By this means, it can achieve copyright protection and security purposes of Android application programs. Analysis shows that the scheme can meet the security requirements of Android application programs signature.
作者 赵搏文 张小萍 李道丰 苏杰波 何佩聪
机构地区 广西大学计算机与电子信息学院
出处 《密码学报》 CSCD 2016年第1期22-32,共11页 Journal of Cryptologic Research
基金 国家自然科学基金项目(61362010) 广西自然科学基金项目(2011GXNSFA018152) 广西教育厅科研基金项目(YB2014008 YB2013007) 广西研究生教育创新计划资助项目(YCSZ2015035) 广西大学自然科学基金项目(XBZ110905)
关键词 APK签名 可传递签名 版权保护 APK授权 APK signature transitive signature copyright protection APK authorization
分类号 TN918.4 [电子电信—通信与信息系统]
  • 相关文献

参考文献18

  • 1Shidi Xu,Yi Mu,Willy Susilo.??Authenticated AODV Routing Protocol Using One-Time Signature and Transitive Signature Schemes(J)Journal of Networks . 2006 (1)
  • 2R. L. Rivest,A. Shamir,L. Adleman.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of the ACM.1978(2)
  • 3Bellare, M.,Namprempre, C.,Pointcheval, D.,Semanko, M.The one-more-RSA-inversion problems and the security of chaum’s blind signature scheme. Journal of Cryptology . 2003
  • 4Goldwasser S,Micali S.Probabilistic encryption & how to play mental poker keeping secret all partial information. Proceedings of the Fourteenth Annual ACM symposium on Theory of Computing (STOC’82) . 1982
  • 5M. Bellare,G. Neven.Transitive signatures: new schemes and proofs. IEEE Transactions on Information Theory . 2005
  • 6Hardy G H,Wright E M.An Introduction to the Theory of Numbers. . 1979
  • 7Shafi Goldwasser,Silvio Micali,Ronald L Rivest.A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing . 1988
  • 8FUCHSBAUER G,HANSER C,SLAMANIG D.EUF-CMA-secure structure-preserving signatures on equivalence classes. IACR Cryptology e Print Archive . 2014
  • 9ZHU H,BAO F,DENG R H.Computing of trust in wireless networks. 2004 IEEE 60th Vehicular Technology Conference 2004 . 2004
  • 10GARTNER.Worldwide Smartphone Sales to End Users by Operating System in 1Q15. http://www.gartner.com/newsroom/id/3061917 . 2015

二级参考文献83

  • 1马春光,杨义先,胡正名.一种加入有效期的离线电子现金方案[J].计算机工程与设计,2004,25(4):484-485. 被引量:4
  • 2马春光,杨义先.可转移离线电子现金[J].计算机学报,2005,28(3):301-308. 被引量:14
  • 3黄振杰,郝艳华,王育民,陈克非.一个高效的有向传递签名方案[J].电子学报,2005,33(8):1497-1501. 被引量:7
  • 4马春光,杨义先,胡正名,武朋.可直接花费余额的电子支票系统[J].电子学报,2005,33(9):1562-1566. 被引量:8
  • 5van Antwerpen H.. Electronic cash [M.S. dissertation]. CWI, Amsterdam, 1990.
  • 6Chaum D., Pedersen T.P.. Transferred cash grown in size. In: Rueppel R.A. ed. Advanced in Cryptology-EUROCRYPT'92, LNCS658, Berlin: Springer-Verlag, 1993, 390~407.
  • 7D'Amiano S., Crescenzo G.Di. . Methodology for digital money based on general cryptographic Tools. In: Santis De. ed. Advanced in Cryptology-EUROCRYPT'94, LNCS950, Berlin: Springer-Verlag, 1995, 156~170.
  • 8Sander T., Ta-Shma A.. Auditable, anonymous electronic cash. In: Advanced in Cryptology-CRYPTO'99, LNCS1666, Berlin: Springer-Verlag, 1999, 555~572.
  • 9Sander T., Ta-Shma A.. A new approach for anonymous control in electronic cash. In: Franklin, Matthew ed. Proceedings of the 3rd International Conference on Financial Cryptography-FC'99, LNCS1648, Berlin: Springer-Verlag, 1999, 46~61.
  • 10Okamoto T., Ohta K.. Disposable zero-knowledge authentication and their application to untraceable electronic cash. In: Brassard G. ed. Advanced in Cryptology-CRYPTO'89 LNCS435, Berlin: Springer-Verlag, 1990, 481~496.

共引文献38

同被引文献4

引证文献1

密码学报
2016年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部