원문정보
초록
영어
In-app Billing service in Android enables the application developers sell digital content from inside the applications. To enhancing security of these applications, there have been presented security guidelines and various security techniques. However, recent automated attacks on every application in a device make the user of the device to get valuable content without paying for them. In this paper we present a novel approach to secure Android In-app Billing service against such automated attacks by detecting these attacks. Before completing the purchase, our approach performs a test to check whether there is an attempt to bypass a legitimate payment process. It is simple so as to be applied easily, and it effectively detects attacks by testing the signature verification process. With this approach, known automated attacks could be detected successfully.
목차
1. Introduction
2. Android In-app Billing Service
3. Security Guidelines for Developers using In-app Billing Service
4. Analyzing Automated Attacks on In-app Billing Service
5. Detecting the Bypass of Signature Verification for In-app Billing
6. Conclusion
Acknowledgment
References