Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security o...Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security of the protected software. However, there are some researchers evaluating the security of the proposed protect techniques directly by the traditional complexity metrics, which is not suffident. In order to better reflect security from software complexity, a multi-factor complexity metric based on control flow graph (CFG) is proposed, and the corresponding calculating procedures are presented in detail. Moreover, complexity density models are constructed to indicate the strength of software resisting reverse engineering and code analysis. Instance analysis shows that the proposed method is simple and practical, and can more objectively reflect software security from the perspective of the complexity.展开更多
Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Androi...Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.展开更多
In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA a...In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.展开更多
基金Key Project of the National Eleventh-Five Year Research Program of China(No.2006BAD10A07)
文摘Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security of the protected software. However, there are some researchers evaluating the security of the proposed protect techniques directly by the traditional complexity metrics, which is not suffident. In order to better reflect security from software complexity, a multi-factor complexity metric based on control flow graph (CFG) is proposed, and the corresponding calculating procedures are presented in detail. Moreover, complexity density models are constructed to indicate the strength of software resisting reverse engineering and code analysis. Instance analysis shows that the proposed method is simple and practical, and can more objectively reflect software security from the perspective of the complexity.
基金supported by National Natural Science Foundation of China(61370195)ZTE Industry-Academia-Research Cooperation Funds
文摘Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2007AA01Z435)National Natural Science Foundation of China (60772136)the National Science and Technology Pillar Program (2008BAH22B03, 2007BAH08B01)
文摘In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.
