2014年，Tsai等人提出基於動態載入之Android App 防複製機制，行動裝置於執行App前需向伺服器下載完整的分離程式檔(即核心數位內容)。2015年，Wu等人提出應用於App洩密者追蹤之動態金鑰管理機制，藉由金鑰管理模組，分配給App授權使用者個人金鑰，若遭受共謀攻擊，伺服器根據追蹤紀錄文件經過數回合比對出洩密者與非授權使用者。本論文改進Wu等人提出的金鑰管理機制及洩密者追蹤機制，減少伺服器洩密者追蹤的時間成本，藉由潛隱通道來傳送洩密者的追蹤紀錄文件，存放分離程式檔於可信賴的環境，有效追蹤非授權使用者，本機制可達到有效性、機密性、完整性、連結性、可追蹤性、共謀攻擊、抵抗中間人攻擊及抵抗重送攻擊等安全需求。

In 2014, Tsai et al. presented an android copy protection mechanism based on dynamic loading. App developer separates app to apk and separation segments which both will be uploaded to App market. App user will get encrypted separation segments after pass authentication. However this scheme has high risk of suffer collusion attack. Authorized users can share personal keys to build a pirate decoder. In 2015, Wu et al. presented a dynamic key management mechanism for app traitor tracing which is based on Tsai’s scheme can find the sources of collusion attack (traitors) and repeal them. However this scheme needs many round to find traitors and attackers can intercept the file of tracing traitor record.
In this paper, we propose an anti-replicated mechanism with traitor tracing for mobile apps based on dynamic loading and traitor tracing scheme with subliminal channel. Our mechanism improves dynamic key management, then only needs two rounds to find traitor. In addition to, our mechanism mixed the file of tracing traitor record into authenticated information with subliminal channel which can prevent attackers intercept the file of tracing traitor record. In conclusion, we can satisfy these requirements: effectiveness, confidentiality, robustness, binding, traceability, collusion attack resistance, man-in-middle-attack resistance and replay-attack resistance.

中文部分

[1]吳曼甄，「應用於 App 洩密者追蹤之動態金鑰管理機制」，台灣科技大學資訊管理學系碩士論文，2015 。
[2]李敏勤，「動態洩密者追蹤之金鑰管理機制」，台灣科技大學資訊管理學系碩士論文，2004。
[3]陳俊佑，「使用列表解碼法之洩密者追蹤與廢止協定」，交通大學資訊管理學系碩士論文，2003。
[4]曾蕙如，「具時限性之安全廣播機制」，台灣科技大學資訊管理學系碩士論文，2004。

英文部分

[5]A. Fiat and M. Naor, “Broadcast encryption,” Proceedings of Advances in Cryptology - CRYPTO’93, Springer-Verlag, Vol. 773, pp. 480-491, 1993.
[6]App Annie, App Annie insights report: “App annie releases inaugural mobile app forecast,” February 2016.
<https://www.appannie.com/insights/market-data/app-annie-releases-inaugural-mobile-app-forecast/>, accessed on February 2016.
[7]Arxan Inc., Arxan Technology Research Report: “State of application security,” Vol.4, June 2015.
<https://www.arxan.com/wp-content/uploads/2015/06/State-of-Application-Security-Report-Vol-4-2015.pdf>, accessed on June 2015.
[8]B. Chor, A. Fiat, and M. Naor, “Tracing traitors,” Proceedings of Advances in Cryptology - CRYPTO’94, Vol. 839, pp. 257-270, Springer -Verlag, 1994.
[9]D. R. Lin, C. Wang, Z. K. Zhang and D.J. Guan, “A digital signature with multiple subliminal channels and its applications,” Computers & Mathematics with Applications, vol. 60, no. 2, (2010), pp. 276-284.
[10]G. J. Simmons, “The prisoner’s problem and the subliminal channel,” Proceedings of CRYPTO’83, Plenum Press, 1984, pp.51-67.
[11]G.J. Simmons, “Subliminal communication is easy using the dsa,” in: Proc. Eurocrypt'93, in: LNCS, vol. 765, 1994, pp. 218-232.
[12]H. Ji and W. Kim, “Design of a mobile inspector for detecting illegal android applications using fingerprinting,” Proceedings of the 2013 Research in Adaptive and Convergent Systems, ACM, 2013.
[13]H. Kim, “Protection framework for android applications by encrypting dex files,” Diss. MS Thesis, Department of Electronics and Computer Engineering, Hanyang University, 2011.
[14]K. Y. Tsai, Y. H. Chiu and T. C. Wu, “Android app copy protection mechanism based on dynamic loading,” The 18th IEEE International Symposium on Consumer Electronics (ISCE 2014), pp. 1-3, June 2014.
[15]M. Naor and B. Pinkas, “Threshold traitor tracing,” Proceedings of Advances in Cryptology – Crypto’98, Springer-Verlag, pp. 502-517, 1998.
[16]M. Naor, D. Naor, and J. Lotspiech, “Revocation and tracing schemes for stateless receivers,” Proceedings of Advances in Cryptology -CRYPTO’99, Springer -Verlag, pp. 41-62, 2001.
[17]R. Safavi-Naini and Y. Wang, “Sequential traitor tracing”, IEEE Transactions on Information Theory, Vol. 49, No. 5, pp. 1319-1326, 2003.
[18]S. Bhatt, R. Sion, and B. Carbunar, “A personal mobile drm manager for smart phones,” Computers and Security, Vol. 28, No. 6, pp. 327-340, 2009.
[19]S. Choi, J. Jang and E. Jae, “Android application's copyright protection technology based on forensic mark,” ACM Research in Applied Computation Symposium, pp. 338-339, 2012.
[20]TrendMicro, Trend labs security intelligence:“Repackaged apps and its role in the mobile threat landscape,”July 2014.
<http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-repackaged-apps-and-its-role-in-the-mobile-threat-landscape/>, accessed on July 2014.
[21]W. G. Tzeng and Z. J. Tzeng, “A public-key traitor tracing scheme with revocation using dynamic shares,” Public Key Cryptography — PKC 2001, Vol. 1992, pp. 207-224, Springer-Verlag, 2001.
[22]Y. C. Moon, J. H. Noh, A. R. Kim and S. R. Kim, “Design of copy protection system for android platform,” International Conference on Information Technology IJARCSSE, System and Management, Dubai, 2012.
[23]Y. S. Jeong, J. C. Moon, D. Kim, Y. U. Park, S. J. Cho, and M. Park, “An anti-piracy mechanism based on class separation and dynamic loading for android applications,” ACM Research in Applied Computation Symposium, pp. 328-332, 2012.