研究生: |
王志清 CHIH-CHING WANG |
---|---|
論文名稱: |
基於SIM卡行動裝置之隱私保護機制 Privacy Preservation Mechanism for SIM Card-based Mobile Devices |
指導教授: |
吳宗成
Tzong-Chen Wu |
口試委員: |
楊維寧
Wei-Ning Yang 查士朝 Shi-Cho Cha |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2011 |
畢業學年度: | 99 |
語文別: | 中文 |
論文頁數: | 64 |
中文關鍵詞: | 隱私保護 、用戶識別模組 、Windows Mobile 、TRIVIUM 、惡意程式 |
外文關鍵詞: | Privacy Preservation, SIM, Windows Mobile, TRIVIUM, Malware |
相關次數: | 點閱:241 下載:10 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著資通訊科技發展,行動裝置可以提供更多元化服務,除基本撥打電話與簡訊服務外,亦可以提供多媒體簡訊服務、錄音、照相及全球定位系統等服務。越來越多駭客或劊客設計行動裝置的惡意程式,用以入侵、竊聽或控制使用者的個人行動裝置,嚴重侵害個人隱私。目前應用於防制行動裝置之惡意程式的方法僅著重於偵測與阻擋,較少針對行動裝置的機敏資訊(如通訊錄)進行保護。機敏資訊在無任何保護的狀況下,存在資料外洩的可能性。本研究提出基於用戶識別模組行動裝置之隱私保護的解決方案,使用TRIVIUM設計以通行碼為基礎的SIM卡加密機制,搭配Scorgie等人所提出的惡意程式偵測方法,以確保機敏資訊的機密性與完整性。我們所提出的機制不需要變動現有SIM卡架構,易於在現有平台中實現,本研究選擇Windows Mobile實作所提出之機制,證明其可行性。
With the development of information and communication technology, mobile devices can provide more diversified services, such as basic call and short message service (SMS for short), multimedia messaging service (MMS for short), recoding audio, camera and global positioning systems (GPS for short), etc. Therefore, more and more hackers or crackers attempt to develop malicious programs for mobile devices in order to invade, eavesdrop or control users personal mobile devices. It will harm personal privacy. However, most of mobile devices protection mechanisms focus on virus signature detecting and behavior blocking, and few ones provide privacy protection for smart mobile devices (such as contacts). This paper presents a SIM card encryption mechanism for privacy protection of mobile devices with subscriber identity modules. Further, the proposed scheme collocating with Scorgie’s malware detection method can achieve confidentiality and integrity of sensitive information. Furthermore, our proposed scheme meets the existing SIM card structure, and it is easy to implement the proposed scheme in the existing platform (such as android). We adopt the Windows mobile system for demonstrating the proof of concept.
[1] J. Bickford, R. O’Hare, A. Baliga, V. Ganapathy, and L. Iftode, “Rootkits on Smart Phones: Attacks, Implications and Opportunities,” Proceedings of the 7th Workshop on Mobile Computing Systems and Applications (HotMobile 2010), Annapolis, MD, USA, pp.49-54, 2010.
[2] S. Babbage, C. D. Canniere, A. Canteaut, C. Cid, H. Gilbert, T. Johansson, M. Parker, B. Preneel, V. Rijmen, and M. Robshaw, "The eSTREAM Portfolio," 2008.
[3] A. Bose and K. G. Shin, “On Mobile Viruses Exploiting Messaging and Bluetooth Services,” Proceedings of Second International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, 2006.
[4] C. D. Canniere and B. Preneel, “Trivium Specifications,” eSTREAM, ECRYPT Stream Cipher Project, 2006.
[5] J. Cheng, S. H.Y. Wong, H. Yang, and S. Lu, “SmartSiren: Virus Detection and Alert for SmartPhones,” Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys 2007), San Juan, Puerto Rico, 2007.
[6] B. Dixon and S. Mishra, “On Rootkit and Malware Detection in Smartphones,” Proceedings of International Conference on Dependable Systems and Networks Workshops (DSN-W), Chicago, IL, USA, 2010.
[7] FIPS PUB 197, “Advanced Encryption Standard (AES),” National Institute of Standards and Technology, 2001.
[8] European Telecommunications Standards Institute, “GSM Technical Specification, Digital cellular telecommunications System (Phase 2+); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) Interface (GSM 11.11),” 1995.
[9] FdcSoft, “Task Manager Application,” http://www. dotfred.net/TaskMgr.htm, 2010.
[10] M. Hypponen, “The State of Cell Phone Malware in 2007,” http://www.usenix.org/ events/sec07/ tech/hypponen.pdf, The 16th USENIX Security '07, 2007.
[11] McAfee, “Rings Up Windows Mobile Risks,” http://www.mcafee.com/tw/about/news/2007/20070906_183000_q.aspx, 2007.
[12] Microsoft, “Device Encryption,” http://msdn. microsoft.com/en-us/library/bb964600.aspx, 2010.
[13] Microsoft, “Hooks,” http://msdn.microsoft.com/ en-us/library/ms632589(v=vs.85).aspx, 2010.
[14] Microsoft, “Mobile Encryption,” http://msdn. microsoft.com/en-us/library/bb416357.aspx, 2010.
[15] Microsoft, “RIL Architecture,” http://msdn. microsoft.com/en-us/library/aa919462.aspx, 2010.
[16] Microsoft, “SHGetAutoRunPath,” http://msdn. microsoft.com/en-us/library/aa453696.aspx.
[17] C. Mulliner and C. Miller, “Fuzzing the Phone in Your Phone,” Proceedings of Black Hat USA 2009, Las Vegas, NV, USA, 2009.
[18] FIPS PUB 46-3, “Data Encryption Standard,” National Institute of Standards and Technology, 1977.
[19] K. Rieck, P. Trinius, C. Willems, and T. Holz, “Automatic Analysis of Malware Behavior using Machine Learning,” Journal of Computer Security, 19(3), 2011.
[20] B. Scorgie, P. Veeraraghavan, and S. Ghosh, “Early Virus Detection for Windows Mobile,” Proceedings of 2009 IEEE 9th Malaysia International Conference on Communications (MICC), Kuala Lumpur, Malaysia, pp.295-300, 2009.
[21] J. Shah, “Windows Mobile Trojan Sends Unauthorized Information and Leaves Device Vulnerable,” http://blogs.mcafee.com/mcafee- labs/windows-mobile-trojan-sends-unauthorized-information-and-leaves-device-vulnerable, 2008.
[22] The eSTREAM Project, “End of Phase 3,” http://www.ecrypt.eu.org/stream/endofphase3.html, 2008.
[23] The eSTREAM Project, “Trivium Performance Figures,” http://www.ecrypt.eu.org/stream/ phase3perf.html, 2007.
[24] D. Venugopal, “An Efficient Signature Representation and Matching Method for Mobile Devices,” Proceedings of the 2nd Annual International Workshop on Wireless Internet (WICON’06), Boston, MA, USA, 2006.
[25] A. Wigley and D. M. Foot, “Microsoft Mobile Development Handbook,” .NET Compact Framework - a Platform on the Move, 2007.
[26] Wikipedia, “DLL Injection,” http://en.wikipedia. org/wiki/DLL_injection, 2010.
[27] J. Wu, “eGovernment Slim SIM Mobile PKI / Payment Solution for Secure Cloud Computing,” 2011 Mobile Security & eID International Symposium, Taiwan, 2011.
[28] G. Yan, L. Cuellar, and S. Eidenbenz, “Bluetooth Worm Propagation: Mobility Pattern Matters,” Proceedings of ACM Symposium on Information, Computer and Communication Security (ASIACCS’07), Singapore, 2007.
[29] G. Yan and S. Eidenbenz, “Mobile Worms: Models, Dynamics, and Defense Implications,” Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC '06), Miami Beach, FL, USA, 2006.
[30] G. Yan and S. Eidenbenz, “Modeling Propagation Dynamics of Bluetooth Worms (Extended Version),” IEEE Transactions on Mobile Computing, Vol. 8, No. 3, 2009.
[31] P. Yao and D. Durant, “Programing .NET Compact Framework 3.5,” Platform Invoke, 2009.
[32] 北京網秦天下科技有限公司,2010年中國大陸手機安全報告,2010。