With a recent explosive increase in use of smart devices such as smart phones, tablet PCs, and the like, there also has been a growing interest in applications (apps) directly/indirectly installed in the smart devices. Such smart devices and applications have a positive aspect in that they can be intuitively manipulated and are easy and convenient to use, but also have a negative aspect in that they can be exposed to external attacks due to security problems and there is highly probability of disclosure of personal information by malicious hackers.
In particular, there have been found many malicious software (malware) programs created to perform malicious activities in smart devices such as destroying a system or disclosing information against intention and interests of a user. The malware programs have been installed in smart devices by repackaging in most cases of about 80% or more, and have also been installed by Smishing, malicious URL, etc. A malicious application can be easily repackaged by a hacker or a malicious attacker, and, thus, various variants can be created.
FIG. 1 is a diagram provided for drawing a comparison between an original application and a malicious application.
By way of example, an original application installed in a smart device performs functions 1, 2, and 3, but a malicious application is installed by repackaging and performs a malicious function instated of the function 3. As depicted in FIG. 1, it can be seen that the original application and the malicious application are different in an application execution screen and a user interface. However, it is very possible that such differences can be skillfully fabricated and thus cannot be found or recognized by general users.
Mobile security solutions against such malicious applications have been continuously developed. Currently, for example, selection of a blacklist, the WHISTL program, and a signature and behavior-based malicious application detection program are present.
In this regard, Korean Patent No. 10-1272026 (entitled “System for hacking prevention and control method thereof, server for supporting hacking prevention comprised in the system and control method thereof”) discloses a hacking prevention system which can prevent a specific terminal from being easily hacked and further enables an external server to easily recognize its hacked state, and its relevant technology.
To be specific, if a terminal sends an attestation function request signal to a server, the server sends attestation function information including determined attestation function list and attestation function execution sequence (for example, instruction to execute attestation function Nos. 3, 37, 11, 21, 85, and 57 in sequence) to the terminal. Further, the terminal executes an attestation function about a program code relevant to a specific application, and the server compares stored attestation function results and calculated attestation function results, and determine whether the specific application is hacked or not.
However, in Korean Patent No. 10-1272026, there is still a problem that if a specific application in the terminal or multiple attestation functions contained in the specific application are under reverse engineering-based hacking attack, a hacker can predict or extract a valid attestation value to be transmitted to the server based on an analyzed attestation function and thus can also invalidate an attestation method.