Analysis of Data Hijacking in Instant Communication Network

doi:10.3969/j.issn.1671-1122.2018.11.010

Abstract

Abstract:

Data hijacking is an important means to intercept and analyze packets in instant messaging network, which seriously threatens the security of instant messaging network. Aiming at the security theory and data protection mechanism in instant messaging network, this paper analyzes the encryption and decryption operation of communication data and its protection mechanism by combining static disassembly with dynamic debugging. The analysis results show that the protection mechanism of IM network is defective and easy to be hijacked by internal users. Internal users can analyze communication data, guess packet composition, communication mechanism and encryption mechanism, obtain key parameters, restore system key, intercept software to decrypt key code, write communication data decryption program, obtain secret information transmitted by other users in the communication network, then tamper with communication information, and destroy the confidentiality, availability and controllability of the communication network.

Key words: instant messaging network, data hijacking, internal adversary

CLC Number:

TP309

Qingjun YUAN, Siqi LU, Zhongxing WEI, Jie GOU. Analysis of Data Hijacking in Instant Communication Network[J]. Netinfo Security, 2018, 18(11): 73-80.

Figures/Tables 11

References 13

[1]	LI Qiang, LIU Baoxu, JIANG Zhengwei, et al.Analysis of Model of QQ Forensic in Android System[J]. Netinfo Security, 2016,16(1):40-44.
	李强, 刘宝旭, 姜政伟, 等. 一种Android系统下的QQ取证模型分析[J]. 信息网络安全, 2016,16(1):40-44.
[2]	PEDIY.Research on Communication Encryption of FeiQ[EB/OL]. , 2016-10-8.
[3]	SCHNEIER B.Description of a New Variable-length Key, 64-bit Block Cipher (Blowfish)[EB/OL]. ,2018-2-15.
[4]	PATEL P, PATEL R, PATEL N.Integrated ECC and Blowfish for Smartphone Security[J].Procedia Computer Science, 2016, 78(3): 210-216.
[5]	RUBAB S, JAVED Y.Efficient Image Steganogrphic Algorithms Utilizing Transforms: Wavelet and Contourlet with Blowfish Encryption[J]. International Journal of Computer Network & Information Security, 2015, 7(2): 15-24.
[6]	PATIL P, NARAYANKAR P, NARAYAN D G, et al. A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish[EB/OL]. ,2018-2-15.
[7]	GAO Junfeng, ZHANG Yuefeng, LUO Senlin, et al.Research on Reverse Analysis Method of Network Coding Protocol Taint Backtracking[J]. Netinfo Security, 2017,17(1):68-76.
	高君丰, 张岳峰, 罗森林,等.网络编码协议污点回溯逆向分析方法研究[J]. 信息网络安全, 2017,17(1):68-76.
[8]	LIU Yu, WANG Minghua, SU Purui, et al.Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis[J]. Electronic Journal,2012,40(4):661-668.
	刘豫, 王明华, 苏璞睿,等. 基于动态污点分析的恶意代码通信协议逆向分析方法[J]. 电子学报, 2012, 40(4): 661-668.
[9]	ZHENG Lifen, XIN Yang.Analysis and Implementation of QQ Software Protocol Based on DPI Technology[J]. Netinfo Security,2016,16(1):51-58.
	郑丽芬,辛阳. 基于DPI的即时通信软件协议分析与实现[J]. 信息网络安全, 2016,16(1):51-58.
[10]	BANERJEE U, VASHISHTHA A, SAXENA M.Evaluation of the Capabilities of WireShark as a Tool for Intrusion Detection[J]. International Journal of Computer Applications, 2010, 6(7): 1-5.
[11]	PADARYAN V A, LEDOVSKIKH I N.On the Representation of Results of Binary Code Reverse Engineering[J]. Programming & Computer Software, 2018, 44(3):200-206.
[12]	CHEN Jiaying. Reverse Engineering for Binary Protocol Based on Network Traces[EB/OL]. ,2018-2-15.
[13]	WANG Jiagang, GU Guochang,MA Chunguang,et al.Efficient and Configurable Transmission Protocol Based on UDP in Grid Computing[J].Frontiers of Electrical and Electronic Engineering, 2009, 4(1): 35-42.

1_lbt4_0#128#	固定的首部格式,分别为本机飞秋的版本号、等级数
543530A62104	发送方的MAC地址,类似通常意义的登录口令
#0#0#80	密文数据长度,即接收的密文长度为80个Byte
1459525332	此数据包的编号,按系统时间而递增,例如下一个数据包编号应为“1459525333”
Administrator	发送方可自定义的用户名
FN3ERS737YOW0IG	发送方的固定主机名
4194339	发送消息的命令字,表示报文的消息类型
……9X…E…B…	经过特定数据填充后进行加密的密文内容,每次输出的密文长度都为8的整数倍

[1]	Zhiyan ZHAO, Xiaomo JI. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[2]	Min LIU, Shuhui CHEN. Research on VoLTE Traffic Based on Association Fusion [J]. Netinfo Security, 2020, 20(4): 81-86.
[3]	Lingyu BIAN, Linlin ZHANG, Kai ZHAO, Fei SHI. Ethereum Malicious Account Detection Method Based on LightGBM [J]. Netinfo Security, 2020, 20(4): 73-80.
[4]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[5]	Zhizhou FU, Liming WANG, Ding TANG, Shuguang ZHANG. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption [J]. Netinfo Security, 2020, 20(4): 55-64.
[6]	Rong WANG, Chunguang MA, Peng WU. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network [J]. Netinfo Security, 2020, 20(4): 47-54.
[7]	Xiaoli DONG, Shuai SHANG, Jie CHEN. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192 [J]. Netinfo Security, 2020, 20(4): 40-46.
[8]	Chun GUO, Changqing CHEN, Guowei SHEN, Chaohui JIANG. A Ransomware Classification Method Based on Visualization [J]. Netinfo Security, 2020, 20(4): 31-39.
[9]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[10]	Jinfang JIANG, Guangjie HAN. Survey of Trust Management Mechanism in Wireless Sensor Network [J]. Netinfo Security, 2020, 20(4): 12-20.
[11]	Jianwei LIU, Yiran HAN, Bin LIU, Beiyuan YU. Research on 5G Network Slicing Security Model [J]. Netinfo Security, 2020, 20(4): 1-11.
[12]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[13]	Yubo SONG, Ming FAN, Junjie YANG, Aiqun HU. Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis [J]. Netinfo Security, 2020, 20(3): 9-17.
[14]	Tengfei WANG, Manchun CAI, Tianliang LU, Ting YUE. IPv6 Network Attack Source Tracing Method Based on iTrace_v6 [J]. Netinfo Security, 2020, 20(3): 83-89.
[15]	Yi ZHANG, Hongyan LIU, Hequn XIAN, Chengliang TIAN. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records [J]. Netinfo Security, 2020, 20(3): 75-82.