Remote backup and recovery service Remote backup and recovery service for Android device owners for Android device owners

(1)

Company: Deutsche Telekom Academic advisor: Yuval Elovici Technical advisor : Assaf Shabtai Project Team:

Limor Segev Eran Frieman Carmel Karni

Remote backup and recovery service Remote backup and recovery service

for Android device owners

(2)

Part of Deutsche Telekom project:

• Backup and restore users’ Android terminals

• Remote monitoring and offline analysis of Android application

Motivation Motivation . .

• Remote monitoring and offline analysis of

Android application

(3)

Problem Domain Problem Domain

An Android OS could be attacked by hackers:

• Open platform

• Users will access the Internet intensively

• Everyone can develop applications for Android

(4)

Problem Domain Cont.

Successful attack on Androids may:

• Expose private information

• Prevent T-Mobile customers from using T- Mobile services

• Flood T-Mobile’s customer service infrastructure and personnel.

• No easy way exists to “fix” mobile

devices and especially Android.

(5)

Backup and restore users’ Android terminals:

• Develop a platform that will backup Android terminals and restore “last good snapshot” on demand.

• Backup of customers installed applications.

• Backup of applications must always be on a remote server.

Scope and Purpose

. .

(6)

Current Situation Current Situation

Backup is possible for:

• Documents

• Media files

• Not for Application files

(7)

The Solution The Solution

Backup Application files on remote server Manage DB at server + Allow Security

operations

Enable restoration of phone last stable

status

(8)

System Architecture System Architecture

Server Storage

apk

apk apk

4. Backed-up application

apk

1. Downloading and installing a new application

Internet

apk

2. System’s agent send the new application files (apk) to the external server

apk

3. Sending the new application files (apk) to the storage server with additional information to enable restoring users’ systems

Customer’s Android device

5. Threat detection system

checks files and alerts the

server about threats

(9)

System Architecture System Architecture

Server Storage

apk

apk apk

Internet Customer’s

Android device

apk

1. Threat detection system checks apks with status

“UNCHECKED”

2. Sending analysis result: “malicious application”

3. Sending an alert

to the user

(10)

10

System Architecture System Architecture

Storage Server Internet

NetShield Analysis Server

apk

apk apk apk

(11)

System Architecture Cont System Architecture Cont . .

The system includes 4 major components:

•Agent

•Server (which runs a threat detection system)

•Data Base

•Remote Desktop Client for reports

(12)

Main Functional Requirements Main Functional Requirements

Agent: Registration Login

Monitor

Send Application Files

Change Device Backup Status Displaying Device Backup Status Server Updates / Warnings

Display List of Applications Receive Application Files

Display List of Received Files Restore application

Handle Disconnections

(13)

Main Functional Requirements Main Functional Requirements

Server + Agent Management :

Add/Remove/Update Agent

Handling Registration Requests Handling Login Requests

Receive and Store Files

Send Updates / warnings / confirmations

Verify Data Integrity

Receive and Store Data

Send Information and Files.

Enable scanning of files

(14)

Main Functional Requirements Main Functional Requirements

Management: Manager Login Produce Reports

Deployment and Installation :

Agent Software Installation

(15)

Main Functional Requirements Main Functional Requirements

System View:

Main Menu View Configuration view Login view

Registration view Recovery view

Applications List View

(16)

Non-Functional Requirements Non-Functional Requirements

Speed, Capacity & Throughput

• Ninety five percent of all backup transaction will be completed within 10 seconds.

•The agent will use up to 20% of the CPU.

Reliability

•support data recovery, including transmission-error detection and correction.

Portability

•client side is dedicated to the Android OS.

(17)

Non-Functional Requirements Non-Functional Requirements

Usability

•Extremely user-friendly.

•Does not require constant maintenance by the user.

•Possibility to configure most of the system operations to be done automatically

Safety & Security

The information sent between the server and the agents will be encrypted.

Availability

The server will be active at all times, waiting for agents requests or notifications from the Threats Detection

System.

(18)

High level use cases view of the system

(19)

Use case: Install and Register Use case: Install and Register

Install and Register

Use Case ID 1

Primary Actor Owner (User)

Brief Description The user registers to the server (including a login)

Trigger The user installs the system application

Preconditions The server is active

Flow of Events # Actor System

1 The user downloads the application

2 Auto installs itself on the device

3 Asks the user for registry data: Name,

password 4 Enters the relevant details

and confirms

5 Agent send the data to the server

6 The server writes the data to the

database

7 The server sends confirmation to the

user and log him in.

Post-conditions ^-The new user is registered to the system – i.e – his details were written to the db.

Alternative flows and

exceptions 6.a -The user is already registered and wants to recover his device -The system performs login

-The server sends the appropriate files

6.b - The user name that was entered already exists in the database.

- The server notify the user and asks for new user name

(20)

Use case: Install and Register

(21)

Use case: Login Use case: Login

Login

Use Case ID 2

Primary Actor Owner

Brief Description The owner login to the server

Trigger The owner asks to login

Preconditions The application is installed on the device

1 User hit the login button

2 The agent asks the user for a

username and password 3 Enters the relevant

details and confirms

4 Agent send the data to the server

5 The server confirms username and

password using the DB

6 Server sends confirmation to the

agent

7 Agent informs the user that he is

logged in

Post-conditions ^-The user is logged in

Alternative flows

and exceptions 1.a - An automatic login occurs

-All the relevant data is saved by the agent, the user takes no part in the process

(22)

Use case: Login

(23)

Use case: Intercept Install Event Use case: Intercept Install Event

Intercept Install Event

Use Case ID 3

Primary Actors Owner

Brief Description The Agent detects that a new app. Has been installed, asks the user if he wants to back it up. if so, sends the appropriate files to the server.

Trigger The user installed a new application.

Preconditions The Agent is enabled.

1 Install an application.

2 Agent identify the installation

3 Agent asks the owner whether to

backup the application 4 Confirms the

backup.

5 Agent collects relevant data and files

6 Agent sends apk signature to the server

along with implicit login Post-conditions The application has been installed and was backed up on the server.

exceptions 4.a The user decide not to backup the app, the app is not backed up.

(24)

Use case: Intercept Install Event

(25)

Use case: Backup Application Use case: Backup Application

Backup Application

Use Case ID 4

Primary Actors Server

Brief Description The server receives an application signature from the agent, checks if the files already exist in his data base, If not, the server gets the apk data saves them. The server then add the appropriate records to its data base.

Trigger Agent sends apk signature to the server (including implicit login) Preconditions The Agent is enabled, the server is active

1 Server searches for the apk signature in

the database

2 Server doesn't find the app in the

database.

3 Agent send apk file and data to the

server Agent send apk file and data to the server

4 Server stores application data in the db,

and updates the application data to be

"UNCHECKED"

5 Server sends confirmation to the agent

6 Agent informs the user of a successful

backup.

Agent informs the user of a successful backup.

Post-conditions The application has been backed up on the server.

3.a The app exists in the database. The server just updates the user backup information without receiving files from the agent.

(26)

Use case: Backup Application

(27)

Use case: Hand-set Recovery Use case: Hand-set Recovery

Handset recovery

Use Case ID 5

Primary Actors User

Brief

Description The user decides to recover a specific app. The agent receives the appropriate files from the server and then performs a recovery.

Trigger The user asked to perform a recovery.

Preconditions The applications designed to be recovered has a backup on the server.

1 Asks to do a recovery.

2 The agent performs login, and asks for applications

list

3 device is reverted to the factory settings.

4 A list of applications that have backups is presented

to the user.

5 Chooses specific apps to be

recovered

6 Agent asks for specific apps from the server.

7 Server sends relevant applications and data

8 Agent sends confirmation to the server

9 Agent performs recovery of the desired apps.

10 Agent informs the user of a successful recovery.

Post-conditions The applications have been recovered.

Alternative flows and exceptions

5.a The agent receives a corrupted file from the server (e.g. due to connection problems).

The agent request for resending of the information from the server.

(28)

Use case: Hand-set Recovery

(29)

Use case: Handle Android malware Use case: Handle Android malware

detection

^Handle Android Malware Detection

Use Case ID 6

Primary Actor Threats detection application, owner

Brief Description The Threats detection system detects an infection in a specific application stored on it.

Trigger The threats detection system runs threats detection software, which detected an infection in an application and notified the agent about it.

Preconditions The Threats detection system is active, server is active and the database contains applications.

Flow of Events # Actors System

1 Sends a notification about an infected application

2 Server finds the infected application id inside the

database (according to it's status – "INFECTED")

3 Locates all device owners ids which installed this

application

4 The server adds the application details to the

malicious applications table

5 Sends notification to all of the relevant device

owners, instructing them to recover their device to previous state.

6 The server asks the device owners if they want the

malicious application to be on their recovery list for future recoveries

Post-conditions -All of the relevant device owners received a notification about the threat that was detected

-The device owners choose whether or not to keep the malicious application in their recovery lists.

-The infected application was documented and handled by the server

(30)

Use case: Handle Android malware Use case: Handle Android malware

detection

(31)

Use case: Manager Login Use case: Manager Login

Manager Login

Use Case ID 7

Primary Actor System Manager

Brief Description The manager login to the server in order to get information stored

Trigger The manager asks to login

Preconditions The server is active, the GUI application is on.

1 Manager hit the login button

2 The server asks the manager for a

username and password 3 Enters the relevant

details and confirms

4 The server confirms username and

password using the DB

5 Server sends confirmation to the

GUI

Post-conditions ^-The manager is logged in

exceptions 4.a - the server finds that the login data hasn’t matched the data stored inside the database

- the server notifies the user and goes back to step 2.

(32)

Use case: Manager Login

(33)

Use case: Produce Reports Use case: Produce Reports



Produce Reports

Use Case ID

8

Primary Actor

System Manager

Brief Description

The system manager asks the server to produce reports based on the data stored in the database.