Roberto Puggioni

UniCa About Professors and Researchers Roberto Puggioni Research Research outcomes (IRIS)

Roberto Puggioni

A Longitudinal Study of Cryptographic API: A Decade of Android Malware

Janovsky, A^First;Maiorca, D^Second;Macko, D;Matyas, V^Penultimate;Giacinto, G^Last

2022-01-01

Abstract

Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users' privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603 937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.

Short Card

Tab complete

Full Sheet(DC)

         Anno 
       
        2022 
       
         Lingua/e 
       
        Inglese 
       
         Titolo del Volume 
       
        Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT 
       
         Codice ISBN 
       
        978-989-758-590-6 
       
         Nome Editore 
       
        SCITEPRESS 
       
         Città Editore 
       
        Setubal 
       
         Nazionalità Editore 
       
        PORTOGALLO 
       
         Da pagina 
       
        121 
       
         A pagina 
       
        133 
       
         Numero di pagine 
       
        13 
       
         Codice DOI 
       
        https://dx.doi.org/10.5220/0011265300003283 
       
         Codice UT ISI 
       
        WOS:000853004900010 
       
         Codice Scopus 
       
        2-s2.0-85173816179 
       
         Titolo del convegno 
       
        International Conference on Security and Cryptography - SECRYPT 
       
         Referee 
       
        Comitato scientifico 
       
         Periodo del Convegno 
       
        11-13 Luglio 2022 
       
         Luogo del Convegno 
       
        Lisbona (Portogallo) 
       
         Rilevanza del Convegno 
       
        internazionale 
       
         Caratterizzazione prevalente 
       
        scientifica 
       
         Parole chiave 
       
        Cryptographic API; Malware; Android; Malware Detection 
       
         Presenza di coautori internazionali 
       
        sì 
       
         Tipologia 
       
        4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno 
       
         Tutti gli autori 
       
        Janovsky, A; Maiorca, D; Macko, D; Matyas, V; Giacinto, G
         
         Tipologia sito docente 
       
        273 
       
         Numero autori 
       
        5 
       
         Tipologia 
       
        4.1 Contributo in Atti di convegno 
       
         Fulltext 
       
        open 
       
         Tipologia 
       
        info:eu-repo/semantics/conferencePaper 
       
         Type: 
       
        4.1 Contributo in Atti di convegno

Files in This Item:

File	Size	Format
janovsky-secrypt22.pdf open access Type: versione editoriale Size 442.81 kB Format Adobe PDF View/Open	442.81 kB	Adobe PDF	View/Open

University of Cagliari

University of Cagliari