Remote backup and recovery service for Android device owners

publicyardMobile - Wireless

Dec 10, 2013 (3 years and 10 months ago)

155 views

Company
:


Deutsche Telekom

Academic advisor
:

Yuval Elovici

Technical advisor

:

Assaf Shabtai

Project Team
:




Limor Segev




Eran Frieman




Carmel Karni


Remote backup and recovery service

for Android device owners

Part of Deutsche Telekom project:



Backup and restore users’ Android terminals



Remote monitoring and offline analysis of Android

application

Motivation.



Remote monitoring and offline analysis of Android

application

Problem Domain

An Android OS could be attacked by hackers:



Open platform



Users will access the Internet intensively



Everyone can develop applications for Android

Problem Domain Cont.

Successful attack on Androids may:



Expose private information



Prevent T
-
Mobile customers from using T
-

Mobile services



Flood T
-
Mobile’s customer service

infrastructure and personnel.



No easy way exists to “fix” mobile devices

and especially Android.

Backup and restore users’ Android terminals:



Develop a platform that will backup Android

terminals and restore “last good snapshot” on

demand.



Backup of customers installed applications.



Backup of applications must always be on a

remote server.



Scope and Purpose.

Current Situation

Backup is possible for:



Documents



Media files



Not for Application files



The Solution

Backup
Application files on remote server

Manage

DB at server + Allow Security operations

Enable

restoration of phone last stable status



System Architecture

Server

Storage

apk

apk

apk

apk

4
. Backed
-
up
application

apk

1
. Downloading
and installing a
new application

Internet

apk

2
. System’s agent send the
new application files (apk)
to the external server

apk

3
. Sending the new application
files (apk) to the storage server
with additional information to
enable restoring users’ systems

Customer’s
Android device

5
. Threat detection system
checks files and alerts the
server about threats

System Architecture

Server

Storage

apk

apk

apk

apk

Internet

Customer’s
Android device

apk

1.
Threat detection system
checks apks with status
“UNCHECKED”

2
. Sending analysis
result:
“malicious
application”

3
. Sending an alert
to the user

apk

9

System Architecture

Storage Server

Internet

NetShield Analysis
Server

apk

apk

apk

apk

apk

System Architecture Cont.

The system includes
4
major components:


Agent


Server (which runs a threat detection system)


Data Base


Remote Desktop Client for reports

Main Functional Requirements

Agent:

Registration

Login

Monitor

Send Application Files

Change Device Backup Status

Displaying Device Backup Status

Server Updates / Warnings

Display List of Applications

Receive Application Files

Display List of Received Files

Restore application

Handle Disconnections

Main Functional Requirements

Server + Agent Management

:

Add/Remove/Update Agent

Handling Registration Requests

Handling Login Requests

Receive and Store Files

Send Updates / warnings /
confirmations

Verify Data Integrity

Receive and Store Data

Send Information and Files.

Enable scanning of files

Main Functional Requirements

Management:

Manager Login

Produce Reports

Deployment and Installation

:

Agent Software Installation

Main Functional Requirements

System View:

Main Menu View

Configuration view

Login view

Registration view

Recovery view

Applications List View

Non
-
Functional Requirements

Speed, Capacity & Throughput



Ninety five percent of all backup transaction will be


completed within
10
seconds.



The agent will use up to
20
% of the CPU.

Reliability


support data recovery, including transmission
-
error detection


and correction.

Portability


client side is dedicated to the Android OS.


Non
-
Functional Requirements

Usability


Extremely user
-
friendly.


Does not require constant maintenance by the user.


Possibility to configure most of the system operations to be done
automatically

Safety & Security

The information sent between the server and the agents will
be encrypted.

Availability

The server will be active at all times, waiting for agents requests or
notifications from the Threats Detection System.

High level use cases view of the system

Use case: Install and Register




Install and Register

Use Case ID

1

Primary Actor

Owner (User)

Brief Description

The user registers to the server

(including a login)

Trigger

The user installs the system application

Preconditions

The server is active

Flow of Events

#

Actor

System

1

The user downloads the
application

2

Auto installs itself on the device

3

Asks the user for registry data:

Name,
password

4

Enters the relevant details
and confirms

5

Agent send the data to the server

6

The server writes the data to the
database

7

The server sends confirmation to the
user and log him in.

Post
-
conditions

-
The new user is registered to the system


i.e


his details were written to the
db.

Alternative flows and
exceptions

6.a

-
The user is already registered and wants to recover his device

-
The system performs login

-
The server sends the appropriate files

6.b

-

The user name that was entered already exists in the database.

-

The server notify the user and asks for new user name

Use case: Install and Register



Use case: Login



Login

Use Case ID

2

Primary Actor

Owner

Brief Description

The owner login to the server

Trigger

The owner asks to login


Preconditions

The application is installed on the device

Flow of Events

#

Actor

System

1

User hit the login
button

2

The agent asks the user for a
username and password

3

Enters the relevant
details and confirms

4

Agent send the data to the server

5

The server confirms username and
password using the DB

6

Server sends confirmation to the
agent

7

Agent informs the user that he is
logged in

Post
-
conditions

-
The user is logged in

Alternative flows
and exceptions

1.a

-

An automatic login occurs


-
All the relevant data is saved by the agent, the user takes
no part in the process

Use case: Login


Use case: Intercept Install Event



Intercept Install Event

Use Case ID

3

Primary Actors

Owner

Brief Description

The Agent detects that a new app. Has been installed, asks the user if
he wants to back it up. if so, sends the appropriate files to the server.

Trigger

The user installed a new application.

Preconditions

The Agent is enabled.

Flow of Events

#

Actor

System

1

Install an
application.

2

Agent identify the installation

3


Agent asks the owner whether to
backup the application

4

Confirms the
backup.

5

Agent collects relevant data and files

6

Agent sends apk signature to the server
along with implicit login

Post
-
conditions

The application has been installed and was backed up on the server.

Alternative flows and
exceptions

4.a


The user decide not to backup the app, the app is not
backed up.

Use case: Intercept Install Event

Use case: Backup Application


Backup Application

Use Case ID

4

Primary Actors

Server

Brief Description

The server receives an application signature from the agent, checks if the
files already exist in his data base, If not, the server gets the apk data saves
them. The server then add the appropriate records to its data base.

Trigger

Agent sends apk signature to the server (including implicit login)

Preconditions

The Agent is enabled, the server is active

Flow of Events

#

Actor

System

1

Server searches for the apk signature in
the database

2

Server doesn't find the app in the
database.

3

Agent send apk file
and data to the server

Agent send apk file and data to the server

4

Server stores application data in the db,
and updates the application data to be
"UNCHECKED"

5

Server sends confirmation to the agent

6

Agent informs the
user of a successful
backup.

Agent informs the user of a successful
backup.

Post
-
conditions

The application has been backed up on the server.

3
.a

The app exists in the database. The server just updates the user
backup information without receiving files from the agent.

Use case: Backup Application

Use case: Hand
-
set Recovery




Handset recovery

Use Case ID

5

Primary Actors

User

Brief
Description

The user decides to recover a specific app. The agent receives the appropriate files from the server and then performs a
recovery.

Trigger

The user asked to perform a recovery.

Preconditions

The applications designed to be recovered has a backup on the server.

Flow of Events

#

Actor

System

1

Asks to do a recovery.

2

The agent performs login, and asks for applications
list

3

device is reverted to the factory settings.

4

A list of applications that have backups is presented
to the user.

5

Chooses specific apps to be
recovered



6

Agent asks for specific apps from the server.

7

Server sends relevant applications and data

8

Agent sends confirmation to the server

9

Agent performs recovery of the desired apps.

10

Agent informs the user of a successful recovery.

Post
-
conditions

The applications have been recovered.

Alternative
flows and
exceptions

5.a


The agent receives a corrupted file from the server (e.g. due to connection problems).

The agent request for resending of the information from the server.

Use case: Hand
-
set Recovery



Use case: Handle Android malware detection



Handle Android Malware Detection

Use Case ID

6

Primary Actor

Threats detection application, owner

Brief Description

The Threats detection system detects

an infection in a specific application stored on it.

Trigger

The threats detection system runs threats detection software, which detected an infection in an
application and notified the agent about it.

Preconditions

The Threats detection system is active, server is active and the database contains applications.

Flow of Events

#

Actors

System

1

Sends a notification

about an
infected application

2

Server finds the infected application id inside the
database (according to it's status


"INFECTED")

3

Locates all device owners ids which installed this
application

4

The server adds the application details to the
malicious applications table

5

Sends notification to all of the relevant device
owners, instructing them to recover their device to
previous state.

6

The server asks the device owners if they want the
malicious application to be on their recovery list for
future recoveries

Post
-
conditions

-
All of the relevant device owners received a notification about the threat that was detected

-
The device owners choose whether or not to keep the malicious application in their recovery lists.

-
The infected application was documented and handled by the server

Use case: Handle Android malware detection


Use case: Manager Login



Manager Login

Use Case ID

7

Primary Actor

System Manager

Brief Description

The manager login to the server in order to get information stored

Trigger

The manager asks to login


Preconditions

The server is active, the GUI application is on.

Flow of Events

#

Actor

System

1

Manager hit the login
button

2

The server asks the manager for a
username and password

3

Enters the relevant
details and confirms

4

The server confirms username and
password using the DB

5

Server sends confirmation to the
GUI

Post
-
conditions

-
The manager is logged in

Alternative flows and
exceptions

4.a

-

the server finds that the login data hasn

t matched the data
stored inside the database

-

the server notifies the user and goes back to step 2.

Use case: Manager Login


Use case: Produce Reports



Produce Reports

Use Case ID

8

Primary Actor

System Manager

Brief Description

The system manager asks the server to produce reports based on the
data stored in the database.

The reports could include: owners data, application data, roll
-
back data.

Trigger

The system manager asks for a report

Preconditions

The system manager started the server GUI application.

Flow of Events

#

Actors

System

1

Sends a request to
produce report with query
data

2

Server uses the query data and gets
the desired information

3

Server displays the requested report

Post
-
conditions

-
The desired report is presented

Use case: Produce Reports


System Constraints

Platform constraints



Eclipse IDE



SE project constraints



If a device will be unavailable we will

have

to work on an emulator.



If there will be no threat detection

program we will build a simulation of one.

Risks

The system that we are developing require root
permissions of the Android OS, which are not
granted naturally.


The solution: There are known methods that
will allow us to get Root Privileges.


The End