Company: Deutsche Telekom Academic advisor: Yuval Elovici Technical advisor : Assaf Shabtai Project Team:
Limor Segev Eran Frieman Carmel Karni
Remote backup and recovery service Remote backup and recovery service
for Android device owners
for Android device owners
Part of Deutsche Telekom project:
• Backup and restore users’ Android terminals
• Remote monitoring and offline analysis of Android application
Motivation Motivation . .
• Remote monitoring and offline analysis of
Android application
Problem Domain Problem Domain
An Android OS could be attacked by hackers:
• Open platform
• Users will access the Internet intensively
• Everyone can develop applications for Android
Problem Domain Cont.
Problem Domain Cont.
Successful attack on Androids may:
• Expose private information
• Prevent T-Mobile customers from using T- Mobile services
• Flood T-Mobile’s customer service infrastructure and personnel.
• No easy way exists to “fix” mobile
devices and especially Android.
Backup and restore users’ Android terminals:
• Develop a platform that will backup Android terminals and restore “last good snapshot” on demand.
• Backup of customers installed applications.
• Backup of applications must always be on a remote server.
Scope and Purpose
Scope and Purpose
. .
Current Situation Current Situation
Backup is possible for:
• Documents
• Media files
• Not for Application files
The Solution The Solution
Backup Application files on remote server Manage DB at server + Allow Security
operations
Enable restoration of phone last stable
status
System Architecture System Architecture
Server Storage
apk
apk apk
4. Backed-up application
apk
1. Downloading and installing a new application
Internet
apk
2. System’s agent send the new application files (apk) to the external server
apk
3. Sending the new application files (apk) to the storage server with additional information to enable restoring users’ systems
Customer’s Android device
5. Threat detection system
checks files and alerts the
server about threats
System Architecture System Architecture
Server Storage
apk
apk apk
Internet Customer’s
Android device
apk
1. Threat detection system checks apks with status
“UNCHECKED”
2. Sending analysis result: “malicious application”
3. Sending an alert
to the user
10
System Architecture System Architecture
Storage Server Internet
NetShield Analysis Server
apk
apk
apk apk apk
System Architecture Cont System Architecture Cont . .
The system includes 4 major components:
•Agent
•Server (which runs a threat detection system)
•Data Base
•Remote Desktop Client for reports
Main Functional Requirements Main Functional Requirements
Agent: Registration Login
Monitor
Send Application Files
Change Device Backup Status Displaying Device Backup Status Server Updates / Warnings
Display List of Applications Receive Application Files
Display List of Received Files Restore application
Handle Disconnections
Main Functional Requirements Main Functional Requirements
Server + Agent Management :
Add/Remove/Update Agent
Handling Registration Requests Handling Login Requests
Receive and Store Files
Send Updates / warnings / confirmations
Verify Data Integrity
Receive and Store Data
Send Information and Files.
Enable scanning of files
Main Functional Requirements Main Functional Requirements
Management: Manager Login Produce Reports
Deployment and Installation :
Agent Software Installation
Main Functional Requirements Main Functional Requirements
System View:
Main Menu View Configuration view Login view
Registration view Recovery view
Applications List View
Non-Functional Requirements Non-Functional Requirements
Speed, Capacity & Throughput
• Ninety five percent of all backup transaction will be completed within 10 seconds.
•The agent will use up to 20% of the CPU.
Reliability
•support data recovery, including transmission-error detection and correction.
Portability
•client side is dedicated to the Android OS.
Non-Functional Requirements Non-Functional Requirements
Usability
•Extremely user-friendly.
•Does not require constant maintenance by the user.
•Possibility to configure most of the system operations to be done automatically
Safety & Security
The information sent between the server and the agents will be encrypted.
Availability
The server will be active at all times, waiting for agents requests or notifications from the Threats Detection
System.
High level use cases view of the system
High level use cases view of the system
Use case: Install and Register Use case: Install and Register
Install and Register
Use Case ID 1
Primary Actor Owner (User)
Brief Description The user registers to the server (including a login)
Trigger The user installs the system application
Preconditions The server is active
Flow of Events # Actor System
1 The user downloads the application
2 Auto installs itself on the device
3 Asks the user for registry data: Name,
password 4 Enters the relevant details
and confirms
5 Agent send the data to the server
6 The server writes the data to the
database
7 The server sends confirmation to the
user and log him in.
Post-conditions -The new user is registered to the system – i.e – his details were written to the db.
Alternative flows and
exceptions 6.a -The user is already registered and wants to recover his device -The system performs login
-The server sends the appropriate files
6.b - The user name that was entered already exists in the database.
- The server notify the user and asks for new user name
Use case: Install and Register
Use case: Install and Register
Use case: Login Use case: Login
Login
Use Case ID 2
Primary Actor Owner
Brief Description The owner login to the server
Trigger The owner asks to login
Preconditions The application is installed on the device
Flow of Events # Actor System
1 User hit the login button
2 The agent asks the user for a
username and password 3 Enters the relevant
details and confirms
4 Agent send the data to the server
5 The server confirms username and
password using the DB
6 Server sends confirmation to the
agent
7 Agent informs the user that he is
logged in
Post-conditions -The user is logged in
Alternative flows
and exceptions 1.a - An automatic login occurs
-All the relevant data is saved by the agent, the user takes no part in the process
Use case: Login
Use case: Login
Use case: Intercept Install Event Use case: Intercept Install Event
Intercept Install Event
Use Case ID 3
Primary Actors Owner
Brief Description The Agent detects that a new app. Has been installed, asks the user if he wants to back it up. if so, sends the appropriate files to the server.
Trigger The user installed a new application.
Preconditions The Agent is enabled.
Flow of Events # Actor System
1 Install an application.
2 Agent identify the installation
3 Agent asks the owner whether to
backup the application 4 Confirms the
backup.
5 Agent collects relevant data and files
6 Agent sends apk signature to the server
along with implicit login Post-conditions The application has been installed and was backed up on the server.
Alternative flows and
exceptions 4.a The user decide not to backup the app, the app is not backed up.
Use case: Intercept Install Event
Use case: Intercept Install Event
Use case: Backup Application Use case: Backup Application
Backup Application
Use Case ID 4
Primary Actors Server
Brief Description The server receives an application signature from the agent, checks if the files already exist in his data base, If not, the server gets the apk data saves them. The server then add the appropriate records to its data base.
Trigger Agent sends apk signature to the server (including implicit login) Preconditions The Agent is enabled, the server is active
Flow of Events # Actor System
1 Server searches for the apk signature in
the database
2 Server doesn't find the app in the
database.
3 Agent send apk file and data to the
server Agent send apk file and data to the server
4 Server stores application data in the db,
and updates the application data to be
"UNCHECKED"
5 Server sends confirmation to the agent
6 Agent informs the user of a successful
backup.
Agent informs the user of a successful backup.
Post-conditions The application has been backed up on the server.
3.a The app exists in the database. The server just updates the user backup information without receiving files from the agent.
Use case: Backup Application
Use case: Backup Application
Use case: Hand-set Recovery Use case: Hand-set Recovery
Handset recovery
Use Case ID 5
Primary Actors User
Brief
Description The user decides to recover a specific app. The agent receives the appropriate files from the server and then performs a recovery.
Trigger The user asked to perform a recovery.
Preconditions The applications designed to be recovered has a backup on the server.
Flow of Events # Actor System
1 Asks to do a recovery.
2 The agent performs login, and asks for applications
list
3 device is reverted to the factory settings.
4 A list of applications that have backups is presented
to the user.
5 Chooses specific apps to be
recovered
6 Agent asks for specific apps from the server.
7 Server sends relevant applications and data
8 Agent sends confirmation to the server
9 Agent performs recovery of the desired apps.
10 Agent informs the user of a successful recovery.
Post-conditions The applications have been recovered.
Alternative flows and exceptions
5.a The agent receives a corrupted file from the server (e.g. due to connection problems).
The agent request for resending of the information from the server.
Use case: Hand-set Recovery
Use case: Hand-set Recovery
Use case: Handle Android malware Use case: Handle Android malware
detection
detection
Handle Android Malware DetectionUse Case ID 6
Primary Actor Threats detection application, owner
Brief Description The Threats detection system detects an infection in a specific application stored on it.
Trigger The threats detection system runs threats detection software, which detected an infection in an application and notified the agent about it.
Preconditions The Threats detection system is active, server is active and the database contains applications.
Flow of Events # Actors System
1 Sends a notification about an infected application
2 Server finds the infected application id inside the
database (according to it's status – "INFECTED")
3 Locates all device owners ids which installed this
application
4 The server adds the application details to the
malicious applications table
5 Sends notification to all of the relevant device
owners, instructing them to recover their device to previous state.
6 The server asks the device owners if they want the
malicious application to be on their recovery list for future recoveries
Post-conditions -All of the relevant device owners received a notification about the threat that was detected
-The device owners choose whether or not to keep the malicious application in their recovery lists.
-The infected application was documented and handled by the server
Use case: Handle Android malware Use case: Handle Android malware
detection
detection
Use case: Manager Login Use case: Manager Login
Manager Login
Use Case ID 7
Primary Actor System Manager
Brief Description The manager login to the server in order to get information stored
Trigger The manager asks to login
Preconditions The server is active, the GUI application is on.
Flow of Events # Actor System
1 Manager hit the login button
2 The server asks the manager for a
username and password 3 Enters the relevant
details and confirms
4 The server confirms username and
password using the DB
5 Server sends confirmation to the
GUI
Post-conditions -The manager is logged in
Alternative flows and
exceptions 4.a - the server finds that the login data hasn’t matched the data stored inside the database
- the server notifies the user and goes back to step 2.
Use case: Manager Login
Use case: Manager Login
Use case: Produce Reports Use case: Produce Reports
Produce Reports
Use Case ID
8Primary Actor
System ManagerBrief Description
The system manager asks the server to produce reports based on the data stored in the database.
The reports could include: owners data, application data, roll-back data.
Trigger
The system manager asks for a reportPreconditions
The system manager started the server GUI application.Flow of Events # Actors System
1
Sends a request toproduce report with query data
2
Server uses the query data and getsthe desired information