簡易檢索 / 詳目顯示

回結果列表
研究生: 王志清
CHIH-CHING WANG
論文名稱: 基於SIM卡行動裝置之隱私保護機制
Privacy Preservation Mechanism for SIM Card-based Mobile Devices
指導教授: 吳宗成
Tzong-Chen Wu
口試委員: 楊維寧
Wei-Ning Yang
查士朝
Shi-Cho Cha
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2011
畢業學年度: 99
語文別: 中文
論文頁數: 64
中文關鍵詞: 隱私保護用戶識別模組Windows MobileTRIVIUM惡意程式
外文關鍵詞: Privacy Preservation, SIM, Windows Mobile, TRIVIUM, Malware
相關次數: 點閱:241下載:10
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著資通訊科技發展,行動裝置可以提供更多元化服務,除基本撥打電話與簡訊服務外,亦可以提供多媒體簡訊服務、錄音、照相及全球定位系統等服務。越來越多駭客或劊客設計行動裝置的惡意程式,用以入侵、竊聽或控制使用者的個人行動裝置,嚴重侵害個人隱私。目前應用於防制行動裝置之惡意程式的方法僅著重於偵測與阻擋,較少針對行動裝置的機敏資訊(如通訊錄)進行保護。機敏資訊在無任何保護的狀況下,存在資料外洩的可能性。本研究提出基於用戶識別模組行動裝置之隱私保護的解決方案,使用TRIVIUM設計以通行碼為基礎的SIM卡加密機制,搭配Scorgie等人所提出的惡意程式偵測方法,以確保機敏資訊的機密性與完整性。我們所提出的機制不需要變動現有SIM卡架構,易於在現有平台中實現,本研究選擇Windows Mobile實作所提出之機制,證明其可行性。

    With the development of information and communication technology, mobile devices can provide more diversified services, such as basic call and short message service (SMS for short), multimedia messaging service (MMS for short), recoding audio, camera and global positioning systems (GPS for short), etc. Therefore, more and more hackers or crackers attempt to develop malicious programs for mobile devices in order to invade, eavesdrop or control users personal mobile devices. It will harm personal privacy. However, most of mobile devices protection mechanisms focus on virus signature detecting and behavior blocking, and few ones provide privacy protection for smart mobile devices (such as contacts). This paper presents a SIM card encryption mechanism for privacy protection of mobile devices with subscriber identity modules. Further, the proposed scheme collocating with Scorgie’s malware detection method can achieve confidentiality and integrity of sensitive information. Furthermore, our proposed scheme meets the existing SIM card structure, and it is easy to implement the proposed scheme in the existing platform (such as android). We adopt the Windows mobile system for demonstrating the proof of concept.

    論文提要內容 I ABSTRACT II 誌謝 III 目錄 V 圖目錄 VII 第一章 緒論 1 1.1 研究背景 1 1.2 研究動機與目的 7 1.3 論文架構 10 第二章 相關研究 11 2.1 攔截API 12 2.2 來電事件監聽處理層級 14 2.3 手機惡意程式植入途徑 15 2.4 自動啟動 16 2.5 密碼學相關技術 20 第三章 惡意程式實作及系統環境 28 3.1 Windows Mobile 29 3.2 .NET Compact Framework 33 3.3 Radio Interface Layer 36 3.4 惡意程式實作 37 第四章 本研究提出之隱私機制 42 4.1 系統架構與實作 44 4.2 金鑰初始與產生階段 48 4.3 加密保護階段 48 4.4 來電即時解密階段 50 4.5 解除保護階段 51 4.6 安全與效能分析 52 第五章 結論與未來展望 55 參考文獻 57 附錄A 重要名詞之英、中文對照表 61

    [1] J. Bickford, R. O’Hare, A. Baliga, V. Ganapathy, and L. Iftode, “Rootkits on Smart Phones: Attacks, Implications and Opportunities,” Proceedings of the 7th Workshop on Mobile Computing Systems and Applications (HotMobile 2010), Annapolis, MD, USA, pp.49-54, 2010.
    [2] S. Babbage, C. D. Canniere, A. Canteaut, C. Cid, H. Gilbert, T. Johansson, M. Parker, B. Preneel, V. Rijmen, and M. Robshaw, "The eSTREAM Portfolio," 2008.
    [3] A. Bose and K. G. Shin, “On Mobile Viruses Exploiting Messaging and Bluetooth Services,” Proceedings of Second International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, 2006.
    [4] C. D. Canniere and B. Preneel, “Trivium Specifications,” eSTREAM, ECRYPT Stream Cipher Project, 2006.
    [5] J. Cheng, S. H.Y. Wong, H. Yang, and S. Lu, “SmartSiren: Virus Detection and Alert for SmartPhones,” Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys 2007), San Juan, Puerto Rico, 2007.
    [6] B. Dixon and S. Mishra, “On Rootkit and Malware Detection in Smartphones,” Proceedings of International Conference on Dependable Systems and Networks Workshops (DSN-W), Chicago, IL, USA, 2010.
    [7] FIPS PUB 197, “Advanced Encryption Standard (AES),” National Institute of Standards and Technology, 2001.
    [8] European Telecommunications Standards Institute, “GSM Technical Specification, Digital cellular telecommunications System (Phase 2+); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) Interface (GSM 11.11),” 1995.
    [9] FdcSoft, “Task Manager Application,” http://www. dotfred.net/TaskMgr.htm, 2010.
    [10] M. Hypponen, “The State of Cell Phone Malware in 2007,” http://www.usenix.org/ events/sec07/ tech/hypponen.pdf, The 16th USENIX Security '07, 2007.
    [11] McAfee, “Rings Up Windows Mobile Risks,” http://www.mcafee.com/tw/about/news/2007/20070906_183000_q.aspx, 2007.
    [12] Microsoft, “Device Encryption,” http://msdn. microsoft.com/en-us/library/bb964600.aspx, 2010.
    [13] Microsoft, “Hooks,” http://msdn.microsoft.com/ en-us/library/ms632589(v=vs.85).aspx, 2010.
    [14] Microsoft, “Mobile Encryption,” http://msdn. microsoft.com/en-us/library/bb416357.aspx, 2010.
    [15] Microsoft, “RIL Architecture,” http://msdn. microsoft.com/en-us/library/aa919462.aspx, 2010.
    [16] Microsoft, “SHGetAutoRunPath,” http://msdn. microsoft.com/en-us/library/aa453696.aspx.
    [17] C. Mulliner and C. Miller, “Fuzzing the Phone in Your Phone,” Proceedings of Black Hat USA 2009, Las Vegas, NV, USA, 2009.
    [18] FIPS PUB 46-3, “Data Encryption Standard,” National Institute of Standards and Technology, 1977.
    [19] K. Rieck, P. Trinius, C. Willems, and T. Holz, “Automatic Analysis of Malware Behavior using Machine Learning,” Journal of Computer Security, 19(3), 2011.
    [20] B. Scorgie, P. Veeraraghavan, and S. Ghosh, “Early Virus Detection for Windows Mobile,” Proceedings of 2009 IEEE 9th Malaysia International Conference on Communications (MICC), Kuala Lumpur, Malaysia, pp.295-300, 2009.
    [21] J. Shah, “Windows Mobile Trojan Sends Unauthorized Information and Leaves Device Vulnerable,” http://blogs.mcafee.com/mcafee- labs/windows-mobile-trojan-sends-unauthorized-information-and-leaves-device-vulnerable, 2008.
    [22] The eSTREAM Project, “End of Phase 3,” http://www.ecrypt.eu.org/stream/endofphase3.html, 2008.
    [23] The eSTREAM Project, “Trivium Performance Figures,” http://www.ecrypt.eu.org/stream/ phase3perf.html, 2007.
    [24] D. Venugopal, “An Efficient Signature Representation and Matching Method for Mobile Devices,” Proceedings of the 2nd Annual International Workshop on Wireless Internet (WICON’06), Boston, MA, USA, 2006.
    [25] A. Wigley and D. M. Foot, “Microsoft Mobile Development Handbook,” .NET Compact Framework - a Platform on the Move, 2007.
    [26] Wikipedia, “DLL Injection,” http://en.wikipedia. org/wiki/DLL_injection, 2010.
    [27] J. Wu, “eGovernment Slim SIM Mobile PKI / Payment Solution for Secure Cloud Computing,” 2011 Mobile Security & eID International Symposium, Taiwan, 2011.
    [28] G. Yan, L. Cuellar, and S. Eidenbenz, “Bluetooth Worm Propagation: Mobility Pattern Matters,” Proceedings of ACM Symposium on Information, Computer and Communication Security (ASIACCS’07), Singapore, 2007.
    [29] G. Yan and S. Eidenbenz, “Mobile Worms: Models, Dynamics, and Defense Implications,” Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC '06), Miami Beach, FL, USA, 2006.
    [30] G. Yan and S. Eidenbenz, “Modeling Propagation Dynamics of Bluetooth Worms (Extended Version),” IEEE Transactions on Mobile Computing, Vol. 8, No. 3, 2009.
    [31] P. Yao and D. Durant, “Programing .NET Compact Framework 3.5,” Platform Invoke, 2009.
    [32] 北京網秦天下科技有限公司,2010年中國大陸手機安全報告,2010。

    QR CODE