Hail to the Thief: Protecting data from mobile ransomware with ransomsafedroid
| Title | Hail to the Thief: Protecting data from mobile ransomware with ransomsafedroid |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Yalew, S. Demesie, Maguire, G. Q., Haridi, S., Correia, M. |
| Conference Name | 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) |
| Date Published | Nov. 2017 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-1465-5 |
| Keywords | Android (operating system), android encryption, Android ransomware dissemination, Androids, ARM TrustZone extension, back-up procedures, backup tools, cryptography, data encryption, data protection, data recovery, device filesystem, Hardware, Human Behavior, human factors, Humanoid robots, i.MX53 development board, incremental backups, invasive software, Malware, Metrics, Mobile communication, mobile computing, mobile devices, Mobile handsets, mobile ransomware, performance evaluation, pubcrawl, RANSOMSAFEDROID prototype, ransomware, resilience, Resiliency, Scalability, secure local persistent partition, sensitive data, software performance evaluation, storage management, Trusted Computing, TrustZone based backup service |
| Abstract | The growing popularity of Android and the increasing amount of sensitive data stored in mobile devices have lead to the dissemination of Android ransomware. Ransomware is a class of malware that makes data inaccessible by blocking access to the device or, more frequently, by encrypting the data; to recover the data, the user has to pay a ransom to the attacker. A solution for this problem is to backup the data. Although backup tools are available for Android, these tools may be compromised or blocked by the ransomware itself. This paper presents the design and implementation of RANSOMSAFEDROID, a TrustZone based backup service for mobile devices. RANSOMSAFEDROID is protected from malware by leveraging the ARM TrustZone extension and running in the secure world. It does backup of files periodically to a secure local persistent partition and pushes these backups to external storage to protect them from ransomware. Initially, RANSOMSAFEDROID does a full backup of the device filesystem, then it does incremental backups that save the changes since the last backup. As a proof-of-concept, we implemented a RANSOMSAFEDROID prototype and provide a performance evaluation using an i.MX53 development board. |
| URL | http://ieeexplore.ieee.org/document/8171377/ |
| DOI | 10.1109/NCA.2017.8171377 |
| Citation Key | yalew_hail_2017 |
- Ransomware
- Metrics
- Mobile communication
- mobile computing
- mobile devices
- Mobile handsets
- mobile ransomware
- performance evaluation
- pubcrawl
- RANSOMSAFEDROID prototype
- malware
- resilience
- Resiliency
- Scalability
- secure local persistent partition
- sensitive data
- software performance evaluation
- storage management
- Trusted Computing
- TrustZone based backup service
- data recovery
- android encryption
- Android ransomware dissemination
- Androids
- ARM TrustZone extension
- back-up procedures
- backup tools
- Cryptography
- data encryption
- Data protection
- Android (operating system)
- device filesystem
- Hardware
- Human behavior
- Human Factors
- Humanoid robots
- i.MX53 development board
- incremental backups
- invasive software