Data privacy of Android applications and name privacy of NDN

Abstract

We get used to the concept that Personal Computers are connected via IP-based Internet to communicate and share content with each other. But nowadays two types of new trends arise in the communication paradigm. The first is that mobile devices such as smartphones have gained more popularity and the Internet usage from them has surpassed the usage from PC. More and more users rely on smartphones to share information with their friends. The second is the need for a new network design given the challenges faced by today's IP-based network with the increasing demands for security, mobility, content distribution, etc. To cope with these challenges, NSF has funded four Future Internet Architectures (FIA) including Named Data Networking (NDN), MobilityFirst, NEBULA and eXpressive Internet Architecture. For both non-traditional devices and future network, users' major concern is whether their privacy can be properly protected since their personal information is exposed to various apps and websites. In this thesis, we study the detection and protection of some privacy issues in these non-traditional devices and future network.

For non-traditional devices, our work focuses on smartphones with the most popular OS, the Android OS. In Android's security model, an Android app needs to ask for permissions to gain access to sensitive data or perform privileged functions. However, a benign but vulnerable app may fail to protect its possessed permissions, enabling an unauthorized app to invoke privileged functions without asking for permissions. This exposure may not be intentional, but it would lead to the leak of user's private data and violate the permission access control policy. This is called the privilege escalation attack. Since app vetting is absent on Google Play and most other Android app repositories, it is essential to provide tools to check whether an Android app contains unprotected interfaces which would lead to unintentional leaks. In this thesis we design two checkers, CoChecker and WeChecker, to perform static taint checking in Android apps to detect leak paths. While the underlying ideas of the two checkers are similar, WeChecker improves in various aspects such as checking efficiency and precision. The evaluation shows that both checkers are efficient and WeChecker has a higher precision than most state-of-the-art checkers. For future network architectures, we focus on the security issues of Named Data Networking (NDN), which is one of the most promising Future Internet Architectures funded by NSF. To be more specific, we study the Internet censorship and anti-censorship issues since this topic addresses both name privacy and content privacy. We first explore the feasibility of existing censorship techniques in NDN and conclude the two most effective censorship methods. After that, the robustness of the NDN design against censorship is checked via simulation. Finally, we propose our censorship resistant schemes which can defend against the most effective censorship techniques in NDN.