基於虛擬網路運算之Android App版權保護系統

隨著各種行動裝置搭載Android平台的比例提高以及Android app開發數量快速地成長，Android app的安全議題備受關注。其中，許多專家學者指出，Android app盜版是非常棘手的問題，常見的app盜版，如：非法存取付費app與任意散佈重製的偽造app。近來，針對app盜版的問題，許多研究普遍提出的解決方法是以app存取控制為主軸，來實現版權保護之目的。然而，透過許多Android反轉譯的技巧，app的設計架構與原始碼得以被揭露並重新修改，使得原有被大量下載的付費app仍有可能被剽竊與分享。故本研究系統嘗試兼顧兩項需求，包括：認證合法使用者與限制APK檔案資源的存取。前項的解決方案是要求買家註冊訂單資訊，並在每次執行app前驗證被授權的認證子；後者則採取虛擬網路運算的技術實作遠端控制在伺服端虛擬機器上所運行的核心app。同時，此研究加強系統相關的安全防護，如：有效管理伺服端的APK檔案存取權限、安全的網路連結、資料機密性與提高app反組譯難度。因此，本研究可解決上述的app盜版問題，並為Android app提供一套健全的版權保護系統。

關鍵字

虛擬網路運算；遠端控制；版權保護； Android App ； App盜版

並列摘要

As Android OS increases their market share in all mobile devices and the numbers of apps are growing, the issue of app security becomes more important than ever. And many researchers point out that app piracy is a troublesome problem. The two common examples include illegal access to paid-apps and disseminating the plagiarized paid-apps. Recently, many studies have proposed their approaches, which focus on app access control, for copyright protection on Android apps. However, with Android reverse engineer, a great number of popular paid-apps have uncovered their design architecture and even source code. So they are likely to be repackaged and shared easily. Thus, our system tries to consider both requirements, including authentication on legal users and restriction on APK files. The former asks purchasers to register their order information, and then validates distributed tokens before execution each time. The latter is based on Virtual Network Computing (VNC) to allow mobile clients to remote control core apps, which is running on server. Besides, our implementation also enforces system security, like APK management, secure network connection, data confidentiality and anti-reverse engineering. Therefore, this research can solve the foregoing problem and provide a sound system to fulfill the goal of copyright protection for Android apps.

並列關鍵字

Virtual Nework Computing ； Remote Control ； Copyright Protection ； Android App ； app piracy

參考文獻

[1] Ed Burnette. Hello, Android: introducing Google's mobile development platform. Pragmatic Bookshelf, 3rd edition, aug 2010.

[2] T. Richardson, Q. Stafford-Fraser, K.R.Wood, and A. Hopper. Virtual network computing. Internet Computing, IEEE, 2(1):33–38, 1998.

[5] Sanghoon Choi, Joonhyouk Jang, and Eunkyeung Jae. Android application's copyright protection technology based on forensic mark. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS'12, pages 338–339, New York, NY, USA, 2012. ACM.

[6] Youn-Sik Jeong, Yeong-Ung Park, Jae-Chan Moon, Seong-Je Cho, Dongjin Kim, and Minkyu Park. An anti-piracy mechanism based on class separation and dynamic loading for android applications. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS ’12, pages 328–332, New York, NY, USA, 2012. ACM.

[12] Rahul Potharaju, Andrew Newell, Cristina Nita-Rotaru, and Xiangyu Zhang. Plagiarizing smartphone applications: attack strategies and defense techniques. In Proceedings of the 4th international conference on Engineering Secure Software

被引用紀錄

劉秋（2008）。醫事人員個人價值、道德哲理與健保道德信念關聯性之研究〔碩士論文，淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2008.01185

國際替代計量

基於虛擬網路運算之Android App版權保護系統

全文下載

主題瀏覽