Conventional mobile communication systems often use one single channel for data transmission, i.e., mobile devices use cellular network to transfer multimedia information. However, if attackers successfully hijack the single transmission channel, they can recover the communicated data. Focused on this issue, we introduce a Multichannel Communication System (MSYM), which aims to improve the data communication security for Android devices. The key idea of our approach is to leverage the diversity of communication mechanisms (e.g., Wi-Fi/cellular network, Bluetooth, and SMS) for transferring sensitive data in a secure way. More specifically, we use the VpnService interface provided by the Android platform to intercept the network data delivered by a sender program. Then, we split the network data into different fragments and improve the security by disordering and encrypting them via multiple transmission channels. When the target Android device receives the data fragments from different channels, it can decrypt and reorder them to reassemble the original data. In the end, we reuse the VpnService interface to inject the network data into the receiver program. Our approach can be deployed in Android devices to secure communication without the need of modifying the communication programs. In the evaluation, as a proof of concept, we implemented our approach on Android system. The experimental results show that our prototype system can secure data transmission with moderate performance cost.

Introduction

Mobile communication plays an increasingly important role in recent years, as more and more people exchange information via mobile devices. For example, over 2 billion people are using the instant messaging apps (e.g., WeChat and WhatsApp) on their mobile phones for exchanging messages, pictures and videos [6]. In addition, 90% of enterprises utilize mobile communication to boost productivity and streamline various business processes. Traditionally, most mobile devices only use one single wireless transmission channel (e.g., cellular network) for mobile communication. However, due to the openness of the wireless channel, it is possible for advanced attackers to eavesdrop the transmission and recover the sensitive data. For instance, adversaries can make use of bogus base stations to conduct man-in-the-middle (MITM) attack on modern Samsung mobile devices and obtain the sensitive information [23]. To prevent the communication data from being eavesdropped and recovered, a conventional solution is to leverage cryptographic protocols to perform data encryption and endpoint authentication. For example, the Wi-Fi Protected Access (WPA) and its subsequent standards (WPA2, WPA3) attempt to secure the wireless networks by applying multiple security protocols [13]. However, they may still suffer from eavesdropping attacks like the KRACK [35] attack. This attack shows that an attacker can exploit the vulnerability of WPA2 to read previously encrypted information. On the other hand, most mobile applications adopt the client-server model, which requires that all the communication data between two or more clients should be firstly forwarded to a central server. Nevertheless, some service providers may not be fully trusted. Taking the messaging server as an example, once it is hacked by adversaries, the recorded information would be leaked.