Research on Security Issues of Wireless Access in Public Environment

doi:10.3969/j.issn.1671-1122.2016.04.011

Abstract

Abstract:

With the rapid development of mobile internet and the rising popularity of WiFi network, people are used to access the Internet through a variety of WiFi hotspots. However, the public WiFi hotpots not only provide conveniences, but also increase the network security risks. The wireless access is faced with serious problems, considering the radiation of the wireless signals, the openness of the space channels and the incredible public wireless hotpots. The paper briefly introduces the WiFi access model and for the incredible issues of the public WiFi hotpots, analyzes the possible security problems from the aspects of content of data, the message header, the domain system and the personal privacy with the experiments that used Wireshark and other software. These problems include the leakage of accounts and passwords when Web contents are pushed in Plaintext, the leakage of behavior trajectories when users use the browsers, the tampering with the Web contents, domain name deception and the leakage of users’ personal privacies. The paper studies these problems in order to enhance the public security awareness of wireless access.

Key words: public WiFi, information leakage, protocol packet, domain hijacking, location privacy

CLC Number:

TP309

Qing LI, A-yong YE, Li XU. Research on Security Issues of Wireless Access in Public Environment[J]. Netinfo Security, 2016, 16(4): 69-75.

Figures/Tables 15

References 16

[1]	陈伟,顾杨,李晨阳,等.无线钓鱼接入点攻击与检测技术研究综述[J].武汉大学学报(理学版),2014,60(1):13-23.
[2]	赵九思,刘剑.浅谈基于WI-FI无线网络安全[J].科技视界,2013(15):44.
[3]	谢希仁. 计算机网络(第5版)[M].北京:电子工业出版社,2008.
[4]	张蕾,郑飞. 无线局域网安全协议的分析和研究[J]. 信息网络安全,2014(9):132-137.
[5]	徐静,常朝稳.SSL协议的安全性分析[J].微计算机信息(管控一体化),2006,22(3-3):19-21.
[6]	任江,袁宏春.对SSL协议及其安全性分析[J].电子科技大学学报,1998,27(4):416-420.
[7]	CHENG Ningning, WANG Xinlei, CHENG Wei, et al.Characterizing Privacy Leakage of Public Wi-Fi Networks for Users on Travel[C]// IEEE.INFOCOM, 2013 Proceedings IEEE, April 14-19, 2013. Turin,Italy. NJ:IEEE,2013:2769-2777.
[8]	陈学敏,沙灜. 基于浏览器测试组件的社交网络数据获取技术研究[J]. 信息网络安全,2015(5):56-61.
[9]	吕高峰,孙志刚,卢锡城.域间IP欺骗防御服务净化机制[J].计算机学报,2009,32(3):552-563.
[10]	HASTINGS N E, MCLEAN P A.TCP/IP Spoofing Fundamentals[C]// IEEE.Computers and Communications, 1996.,Conference Proceedings of the 1996 IEEE Fifteenth Annual International Phoenix Conference on, March 27-29, 1996. Scottsdale, AZ, USA. NJ:IEEE, 1996:218-224.
[11]	WANG Shaoqiang, XU Dongsheng, YAN Shiliang. Analysis and Application of Wireshark in TCP/IP Protocol Teaching[C]// IEEE.E-health Networking, Digital Ecosystems and Technologies (EDT),2010 International Conference on, April 17-18, 2010. Shenzhen,China.NJ:IEEE, 2010(2):269-272.
[12]	黄小花. 谈谈网络中的IP地址与MAC地址[J].数字技术与应用,2015(12):41.
[13]	王垚,胡铭曾,李斌,等.域名系统安全研究综述[J].通信学报,2007,28(9):91-103.
[14]	经信局.《信息安全技术公共及商用服务信息系统个人信息保护指南》已编制完成[EB/OL]. ,2012-07-18.
[15]	张婧. Wi-Fi网络实名认证的方法研究和实现[J].计算机工程与科学,2012(10):22-27.
[16]	黄海,谢冬青,宋一赞. WiFi-WiMAX异构无线网络认证机制研究[J]. 信息网络安全,2015(6):19-25.