信息网络安全 ›› 2018, Vol. 18 ›› Issue (11): 73-80.doi: 10.3969/j.issn.1671-1122.2018.11.010

• • 上一篇    下一篇

即时通信网络数据劫持分析研究

袁庆军1, 陆思奇1,2(), 韦忠兴1, 苟杰3   

  1. 1.解放军信息工程大学,河南郑州 450000
    2. 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
    3. 31011部队,北京 100093
  • 收稿日期:2018-04-15 出版日期:2018-11-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:袁庆军(1993—),男,河北,硕士,主要研究方向为侧信道分析、网络空间安全等;陆思奇(1990—),男,山东,讲师,硕士,主要研究方向为协议分析、区块链等;韦忠兴(1993—),男,广西,实习研究员,主要研究方向为漏洞挖掘;苟杰(1991—),男,陕西,硕士,主要研究方向为信息系统安全。

  • 基金资助:
    国家自然科学基金[61872381]

Analysis of Data Hijacking in Instant Communication Network

Qingjun YUAN1, Siqi LU1,2(), Zhongxing WEI1, Jie GOU3   

  1. 1. PLA University of Information Engineering, Zhengzhou Henan 450000, China
    2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    3. 31011 PLA Troops, Beijing 100093, China
  • Received:2018-04-15 Online:2018-11-10 Published:2020-05-11

摘要:

数据劫持是对即时通信网络中数据包进行截获分析的重要手段,严重威胁即时通讯网络安全。针对即时通信网络中安全理论和数据保护机制的研究,文章利用静态反汇编与动态调试结合的方法,解析通信数据的加解密操作,分析其通信数据保护机制。分析结果表明,即时通讯网络的保护机制存在一定缺陷,易被内部用户劫持。内部用户可通过分析通信数据,猜测数据包构成、通信机制和加密机制,获取关键参数、恢复系统密钥,截取软件解密关键代码,编写通信数据解密程序,获取通信网络中其他用户传递的秘密信息。进而篡改通信信息,破坏即时通信网络的机密性、可用性和可控性。

关键词: 即时通讯网络, 数据劫持, 内部敌手

Abstract:

Data hijacking is an important means to intercept and analyze packets in instant messaging network, which seriously threatens the security of instant messaging network. Aiming at the security theory and data protection mechanism in instant messaging network, this paper analyzes the encryption and decryption operation of communication data and its protection mechanism by combining static disassembly with dynamic debugging. The analysis results show that the protection mechanism of IM network is defective and easy to be hijacked by internal users. Internal users can analyze communication data, guess packet composition, communication mechanism and encryption mechanism, obtain key parameters, restore system key, intercept software to decrypt key code, write communication data decryption program, obtain secret information transmitted by other users in the communication network, then tamper with communication information, and destroy the confidentiality, availability and controllability of the communication network.

Key words: instant messaging network, data hijacking, internal adversary

中图分类号: