移动互联网安全威胁研究

doi:10.3969/j.issn.1671-1122.2014.09.007

信息网络安全 ›› 2014, Vol. 14 ›› Issue (9): 30-33.doi: 10.3969/j.issn.1671-1122.2014.09.007

移动互联网安全威胁研究

王学强^{1， 2， 3}，雷灵光^{1， 2}，王跃武^{1， 2}

1.中国科学院信息工程研究所，北京 100093；
2.中国科学院数据与通信保护研究教育中心，北京 100093；
3.中国科学院大学，北京 100049

收稿日期:2014-08-06 出版日期:2014-09-01
作者简介:王学强（1990-），男，山东，硕士研究生，主要研究方向：移动终端安全;雷灵光（1985-），女，福建，博士，主要研究方向：虚拟化技术、移动终端安全;王跃武（1975-），男，河南，副研究员，博士，主要研究方向：移动终端安全。

A Review of Security Threats of Mobile Internet

WANG Xue-qiang^{1, 2, 3}, LEI Ling-guang^{1, 2}, WANG Yue-wu^{1, 2}

1.Institude of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China;
3.University of Chinese Academy of Sciences, Beijing 100049, China

Received:2014-08-06 Online:2014-09-01

摘要/Abstract

摘要： 移动智能终端的广泛应用以及其与互联网技术的融合，推动了移动互联网时代的到来。移动互联网带来新技术、新用户体验和新商业模式的同时，也面临着一系列的安全威胁。移动终端和通信网络等构成了移动互联网的基本架构，攻击可能发生在系统中的每个层面。文章通过广泛调研，在理解移动互联网不同层次的安全机制的基础上，总结并简要分析各个层次所面临的安全威胁。

关键词: 移动互联网, 安全机制, 安全威胁, 攻击

Abstract: The era of Mobile Internet has come with the broad adoption of mobile intelligent terminal and its integration into Internet. However, accompanying the new technology, novel user experience and revolutionized business model that Mobile Internet brings us, there also arise some severe threats to user’s information and property security. Attacks could happen in each layer of mobile terminal and communication network, which make up the main architecture of Mobile Internet. In this paper, a multilayer analysis of security threats about Mobile Internet is proposed based on an extensive research process.

Key words: mobile internet, security mechanism, security threats, attack

王学强，雷灵光，王跃武. 移动互联网安全威胁研究[J]. 信息网络安全, 2014, 14(9): 30-33.

WANG Xue-qiang, LEI Ling-guang, WANG Yue-wu. A Review of Security Threats of Mobile Internet[J]. 信息网络安全, 2014, 14(9): 30-33.

参考文献

[1] Gartner. Gartner Says Worldwide Mobile Payment Transaction Value to Surpass $235 Billion in 2013[EB/OL]. http://www.gartner.com/newsroom/id/2504915,2013-06-04.
[2] McAfee. Security for Military-Grade Google Android Devices[EB/OL]. http://www.mcafee.com/sg/resources/solution-briefs/sb-security-military-grade-Android.pdf, 2013.
[3] Zhou, Y., & Jiang, X. Dissecting android malware: Characterization and evolution[C]In 2012 IEEE Symposium on Security and Privacy. 2012. 95-109.
[4] NVD. Vulnerability Summary for CVE-2011-1149[EB/OL]. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1149, 2011-04-22.
[5] NVD. Vulnerability Summary for CVE-2011-1823[EB/OL]. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1823, 2011-04-25.
[6] NVD. Vulnerability Summary for CVE-2011-3874[EB/OL]. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3874, 2012-02-06.
[7] Duo Security[EB/OL]. http://www.xray.io/,2014-08-06.
[8] Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., & Chin, E.. Permission Re-Delegation: Attacks and Defenses[C] In20th USENIX Security Symposium. 2011.
[9] Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A. R., &Shastry, B. Towards taming privilege-escalation attacks on Android[C] In 19th Annual Symposium on Network and Distributed System Security, 2012.
[10] 雷灵光,张中文,王跃武,等. Android系统代码签名验证机制的实现及安全性分析[J].信息网络安全,2012,（08）：61-63.
[11] Han, J., Yan, Q., Gao, D., Zhou, J., & Deng, R. Comparing Mobile Privacy Protection through Cross-Platform Applications[C]In 20th Annual Symposium on Network and Distributed System Security, 2013.
[12] Wikipedia. Mobile cyber-physical systems [EB/OL]. http://en.wikipedia.org/wiki/Cyber-physical_system#Mobile_cyber-physical_systems, 2011-02-21.
[13] Schlegel, R., Zhang, K., Zhou, X. Y., Intwala, M., Kapadia, A., & Wang, X. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones[C]In 18th Annual Symposium on Network and Distributed System Security, 2011.
[14] R. Templeman, Z. Rahman, D. Crandall, andA. Kapadia. PlaceRaider: Virtual Theft in PhysicalSpaces with Smartphones[C] In 20th Annual Symposium on Network and DistributedSystems Security,2013.
[15] Marquardt, P., Verma, A., Carter, H., &Traynor, P. iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers[C] In 18th ACM conference on Computer and Communications Security, 2011.
[16] Arapinis, M., Mancini, L., Ritter, E., Ryan, M., Golde, N., Redon, K., &Borgaonkar, R. New privacy issues in mobile telephony: fix and verification[C] In 19th ACM Conference on Computer and Communications Security, 2012.
[17] Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., &Freisleben, B. Why Eve and Mallory love Android: An analysis of Android SSL (in) security[C] In 19th ACM Conference on Computer and Communications Security, 2012.

移动互联网安全威胁研究

A Review of Security Threats of Mobile Internet

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	董晓丽, 商帅, 陈杰. 分组密码9轮Rijndael-192的不可能差分攻击[J]. 信息网络安全, 2020, 20(4): 40-46.
[2]	宋宇波, 樊明, 杨俊杰, 胡爱群. 一种基于拓扑分析的网络攻击流量分流和阻断方法[J]. 信息网络安全, 2020, 20(3): 9-17.
[3]	李宁, 李柏潮. 移动互联网的通行证式统一威胁管理架构[J]. 信息网络安全, 2020, 20(3): 18-28.
[4]	张兴隆, 李钰汀, 程庆丰, 郭路路. 一种防范TLS协议降级攻击的浏览器安全模型[J]. 信息网络安全, 2020, 20(3): 65-74.
[5]	王腾飞, 蔡满春, 芦天亮, 岳婷. 基于iTrace_v6的IPv6网络攻击溯源研究[J]. 信息网络安全, 2020, 20(3): 83-89.
[6]	李瑞兴, 许力, 方禾. 基于功率控制与中继协作的抗窃听攻击模型[J]. 信息网络安全, 2020, 20(1): 40-45.
[7]	董威, 李永刚. 基于复杂网络的智能电网网络攻击影响分析研究[J]. 信息网络安全, 2020, 20(1): 52-60.
[8]	岳巧丽, 吕万波, 胡卫宏, 张海阔. 基于DNS应答价值评估的DDoS防御研究[J]. 信息网络安全, 2019, 19(9): 56-60.
[9]	马泽文, 刘洋, 徐洪平, 易航. 基于集成学习的DoS攻击流量检测技术[J]. 信息网络安全, 2019, 19(9): 115-119.
[10]	陈良臣, 刘宝旭, 高曙. 网络攻击检测中流量数据抽样技术研究[J]. 信息网络安全, 2019, 19(8): 22-28.
[11]	张可佳, 张帆, 马春光, 张龙. 多方量子保密比较的新型模型设计[J]. 信息网络安全, 2019, 19(8): 29-35.
[12]	陈冠衡, 苏金树. 基于深度神经网络的异常流量检测算法[J]. 信息网络安全, 2019, 19(6): 68-75.
[13]	张可, 汪有杰, 程绍银, 王理冬. DDoS攻击中的IP源地址伪造协同处置方法[J]. 信息网络安全, 2019, 19(5): 22-29.
[14]	喻志彬, 马程, 李思其, 王淼. 基于Web应用层的DDoS攻击模型研究[J]. 信息网络安全, 2019, 19(5): 84-90.
[15]	傅建明, 黎琳, 郑锐, 苏日古嘎. 基于GAN的网络攻击检测研究综述[J]. 信息网络安全, 2019, 19(2): 1-9.