移动终端中的通信安全技术研究
|
摘要
随着移动终端向智能化、开放化的方向发展,移动终端的安全缺陷也日益显露。用户经常将银行账号与密码、重要通知和个人照片等重要隐私信息通过短信、彩信发送,但目前公众移动通信系统尚未提供用户数据的端到端加密传输服务,不能保证用户数据的传输安全。此外,伴随着移动互联网时代的到来,移动网络银行应用也应运而生,它的安全性要求更高,需要不可否认性和隐私保护。因此,本文将从移动通信端到端加密和移动网络银行安全两个方面,对移动终端中的通信安全技术进行研究。
首先,本文提出了一种移动通信系统端到端加密方案。该方案利用智能卡进行加解密运算和密钥的安全存储,可以抵御移动终端恶意程序的攻击;采用多级密钥管理机制,定期更新密钥,确保密钥不被破解;实现了终端与密钥管理中心的双向认证以及应用程序对用户的认证。该方案可以保证消息在传输过程中和终端存储时的机密性和完整性
其次,本文完成了移动通信系统端到端加密的终端程序设计。编码实现了Windows Mobile和Symbian平台上短信和彩信端到端加密程序。主要业务流程采用C++开发,这部分代码可以在各移动平台上实现复用。该加密程序能够确保短信和彩信在传输过程和终端存储时的安全。
最后,本文提出了一种基于智能银行卡的移动网络银行的安全解决方案。智能银行卡是在银行卡中内置类似USB Key的安全模块,还有显示屏和按钮,与移动终端采用NFC的方式通信。用户在银行卡上输入密码后启动该卡,然后与服务器端进行认证。交易信息将发送到银行卡,卡上的显示屏显示交易信息,用户确认后对交易信息进行加密和签名,最后将加密信息发送到服务器。该方案具有很高的安全性,可以达到机密性、完整性、可用性和不可否认性等要求。
As the mobile terminal is becoming more and more intelligent and open, many of its security flaws have appeared. Many users often send bank account numbers and passwords, important notice, and personal photos, and other personal secret information via SMS and MMS. But the public mobile communication systems do not transmit user data with end-to-end encryption, so they cannot guarantee the security of user data. With the coming of mobile internet, applications of mobile online bank have appeared, and their security requirements are much higher. Therefore, this paper will focus on the secure communication technology on mobile terminals, including the end-to-end encryption for public mobile communication systems and the security of mobile online bank.
Firstly, this paper proposes an end-to-end encryption scheme for public mobile communication systems. This scheme uses a smart card to complete encryption and decryption operations and to store keys safely, and so it can resist attacks from the mobile terminal; it adopts multi-level key management mechanism, updating keys regularly to ensure that the keys won't be cracked; it achieves mutual-authentication between terminals and KMC, and also the authentication from application to users. The scheme can guarantee the confidentiality and integrity of messages during transmission and storage on the terminal.
Secondly, this paper completes the terminal program design of the end-to-end encryption for public communication systems. We complete the coding of SMS and MMS end-to-end encryption on Windows Mobile and Symbian. The main process is programmed by C++language, and this part of the codes can be used on other mobile platforms. The encryption program can ensure security of SMS and MMS during the transmission and storage processes.
Finally, this paper proposes a mobile online bank's security solution based on smart bank card. The smart bank card has a built-in security module which is similar to the USB Key; it also has a display and buttons. It communipates with the mobile terminal by NFC. The user enters a password on the bank card to start it, and then the card will authenticate with the bank server. The transaction information would be sent to the bank card, and then be displayed on the card. After the transaction information is confirmed by the user, it will be signed and encrypted, and then be sent to the bank server. This scheme has a high level of security, it can meet the requirements of confidentiality, integrity, availability and non-repudiation.
首先,本文提出了一种移动通信系统端到端加密方案。该方案利用智能卡进行加解密运算和密钥的安全存储,可以抵御移动终端恶意程序的攻击;采用多级密钥管理机制,定期更新密钥,确保密钥不被破解;实现了终端与密钥管理中心的双向认证以及应用程序对用户的认证。该方案可以保证消息在传输过程中和终端存储时的机密性和完整性
其次,本文完成了移动通信系统端到端加密的终端程序设计。编码实现了Windows Mobile和Symbian平台上短信和彩信端到端加密程序。主要业务流程采用C++开发,这部分代码可以在各移动平台上实现复用。该加密程序能够确保短信和彩信在传输过程和终端存储时的安全。
最后,本文提出了一种基于智能银行卡的移动网络银行的安全解决方案。智能银行卡是在银行卡中内置类似USB Key的安全模块,还有显示屏和按钮,与移动终端采用NFC的方式通信。用户在银行卡上输入密码后启动该卡,然后与服务器端进行认证。交易信息将发送到银行卡,卡上的显示屏显示交易信息,用户确认后对交易信息进行加密和签名,最后将加密信息发送到服务器。该方案具有很高的安全性,可以达到机密性、完整性、可用性和不可否认性等要求。
As the mobile terminal is becoming more and more intelligent and open, many of its security flaws have appeared. Many users often send bank account numbers and passwords, important notice, and personal photos, and other personal secret information via SMS and MMS. But the public mobile communication systems do not transmit user data with end-to-end encryption, so they cannot guarantee the security of user data. With the coming of mobile internet, applications of mobile online bank have appeared, and their security requirements are much higher. Therefore, this paper will focus on the secure communication technology on mobile terminals, including the end-to-end encryption for public mobile communication systems and the security of mobile online bank.
Firstly, this paper proposes an end-to-end encryption scheme for public mobile communication systems. This scheme uses a smart card to complete encryption and decryption operations and to store keys safely, and so it can resist attacks from the mobile terminal; it adopts multi-level key management mechanism, updating keys regularly to ensure that the keys won't be cracked; it achieves mutual-authentication between terminals and KMC, and also the authentication from application to users. The scheme can guarantee the confidentiality and integrity of messages during transmission and storage on the terminal.
Secondly, this paper completes the terminal program design of the end-to-end encryption for public communication systems. We complete the coding of SMS and MMS end-to-end encryption on Windows Mobile and Symbian. The main process is programmed by C++language, and this part of the codes can be used on other mobile platforms. The encryption program can ensure security of SMS and MMS during the transmission and storage processes.
Finally, this paper proposes a mobile online bank's security solution based on smart bank card. The smart bank card has a built-in security module which is similar to the USB Key; it also has a display and buttons. It communipates with the mobile terminal by NFC. The user enters a password on the bank card to start it, and then the card will authenticate with the bank server. The transaction information would be sent to the bank card, and then be displayed on the card. After the transaction information is confirmed by the user, it will be signed and encrypted, and then be sent to the bank server. This scheme has a high level of security, it can meet the requirements of confidentiality, integrity, availability and non-repudiation.
引文
[1]王健,姜楠.移动终端的安全设计分析[J].数字通信世界,2008,02:44-47.
[2]Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. A Survey on Security for Mobile Devices [J]. Communications Surveys & Tutorials,2012,09: 1-26.
[3]金波.Symbian操作系统安全机制及病毒生存环境分析[J].信息网络安全,2010,08:80-82.
[4]·钮雪莲,凌力.Symbian系统平台安全性设计分析与改进[J].计算机工程,2006,11:194-196.
[5]符易阳,周丹平.Android安全机制分析[J].信息网络安全,2011,09:23-25.
[6]Miller, C. Mobile Attacks and Defense [J]. IEEE Security & Privacy,2011, 9:68-70.
[7]黄晓庆,王梓.移动互联网之智能终端安全揭秘[M].北京,电子工业出版社,2012:216-242.
[8]M.D. Street. Interoperability and international operation:an introduction to end to end mobile security[C]. IEE Seminar on Secure GSM and Beyond:End to End Security for Mobile Communications, London.2003:11-17.
[9]Mohsen Toorani Ali, Asghar Beheshti Shirazi. Solutions to the GSM Security Weaknesses[C]. The Second International Conference on Next Generation Mobile Applications, Services, and Technologies, Cardiff.2008:576-581.
[10]Saad Islam, Fatima Ajmal, Salman Ali, et al. Secure End-to-End Communication over GSM and PSTN Networks[C].2009 IEEE International Conference on Electro/Information Technology, Windsor.2009:323-326.
[11]M. Rashidi, A. Sayadiyan. A New Approach for Digital Data Transmission over GSM Voice Channel. WSEAS'08, CISST, Acapulco.2008:193-196.
[12]M. Rashidi, A. Sayadiyan, and P. Mowlaee. A Harmonic Approach to Data Transmission over GSM Voice Channel[C]. ICTTA 2008, Damascus.2008:1-4.
[13]范絮妍.移动网络端到端业务通信认证机制的研究[学位论文].北京交通大学,2006.
[14]杨典兵.端到端保密通信中的类语音调制解调研究[学位论文].解放军信息工程大学,2009.
[15]杨于村.基于公众移动通信网的端到端加密语音传输技术研究[学位论文].华南理工大学,2009.
[16]梁鸿斌,曾勇.GSM系统中话音加密技术的研究[J].通信技术,2003,09:101-103
[17]杨于村,冯穗力,季新生等.加密语音在GSM话音业务信道传输的一种实现方法[J].重庆邮电大学学报(自然科学版),2009,05:578-583.
[18]李翔.短信端到端加密系统的关键技术研究与实现[学位论文].北京邮电大学,2009.
[19]李冰.彩信安全关键技术的研究与实现[学位论文].北京邮电大学,2011.
[20]刘衍斐.基于移动通信网的端到端加密终端研究与实现[学位论文].北京邮电大学,2008.
[21]封莎.移动通信系统端到端安全模块的研究与实现[学位论文].北京邮电大学,2009.
[22]ETSI, GSM 03.20 v9.0.0. Security related network functions[S].2001.
[23]ETSI, GSM 03.03 v7.7.0. Numbering, addressing and identification[S].2002.
[24]李方伟.移动通信系统认证协议与密码技术[M].人民邮电出版社,北京,2007:77-85.
[25]3GPP, TS33.102, v6.0.0.3G security; Security architecture[S].2003.
[26]3GPP,TS 35.201, v6.0.0.3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 1:f8 and f9 specification[J].2005.
[27]3GPP, TS 35.202, v6,0.0.3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 2:Kasumi specification[S].2005.
[28]3GPP, TS 35.216, v8.0.0. Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2:SNOW 3G specification[J].2008.
[29]3GPP, TS 33.200, v6.0.0.3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security[S].2004.
[30]3GPP, TS 33.210, v6.0.0.3G security; Network Domain Security (NDS); IP network layer security[S].2002.
[31]王莉.3G移动通信安全性研究与改进[学位论文].北京邮电大学,2012.
[32]3GPP, TS 33.401, v12.5.0.3GPP System Architecture Evolution (SAE); Security architecture[S].2012.
[33]张沛,陈婉莹,王鑫.TD-SCDMA与TD-LTE安全机制的分析和比较[J].移动通信,2012,07:28-33.
[34]3GPP, TS 35.222, vl 1.0.0. Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 2:ZUC specification[J].2012.
[35]李晖,牛少彰.无线通信安全理论与技术[M].北京,北京邮电大学出版社, 2011:171-178.
[36]W Rankl,W Effing著,王卓人,王锋译.智能卡大全:智能卡的结构功能应用(第三版)[M].电子工业出版社,2002:1-25.
[37]王天石.面向成品油零售系统的智能型IC卡发卡系统的研究与实现[学位论文].首都师范大学,2008.
[38]Himanshu Dwivedi, Chris Clark, David Thiel著.李祥军,罗熊译.移动应用安全[M].北京,电子工业出版社,2012:211-216.
[39]刘杰,王春萌,范春晓.移动电子商务及WPKI技术[J].北京邮电大学学报,2002,25(2):1-7.
[40]邓方民.移动支付系统安全机制研究[学位论文].西安电子科技大学,2006.
[41]B. Gassend, D. Clarke, M. van Dijk, and S. Devadas. Silicon physical random functions [C]. CCS '02 Proceedings of the 9th ACM conference on Computer and communications security, Washington, DC,2002:148-160.
[42]Jae W. Lee, D. Lim, B. Gassend, et al. A technique to build a secret key in integrated circuits with identification and authentication applications [C]. In Proceedings of the IEEE VLSI Circuits Symposium, Honolulu,2004:176-179.
[2]Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. A Survey on Security for Mobile Devices [J]. Communications Surveys & Tutorials,2012,09: 1-26.
[3]金波.Symbian操作系统安全机制及病毒生存环境分析[J].信息网络安全,2010,08:80-82.
[4]·钮雪莲,凌力.Symbian系统平台安全性设计分析与改进[J].计算机工程,2006,11:194-196.
[5]符易阳,周丹平.Android安全机制分析[J].信息网络安全,2011,09:23-25.
[6]Miller, C. Mobile Attacks and Defense [J]. IEEE Security & Privacy,2011, 9:68-70.
[7]黄晓庆,王梓.移动互联网之智能终端安全揭秘[M].北京,电子工业出版社,2012:216-242.
[8]M.D. Street. Interoperability and international operation:an introduction to end to end mobile security[C]. IEE Seminar on Secure GSM and Beyond:End to End Security for Mobile Communications, London.2003:11-17.
[9]Mohsen Toorani Ali, Asghar Beheshti Shirazi. Solutions to the GSM Security Weaknesses[C]. The Second International Conference on Next Generation Mobile Applications, Services, and Technologies, Cardiff.2008:576-581.
[10]Saad Islam, Fatima Ajmal, Salman Ali, et al. Secure End-to-End Communication over GSM and PSTN Networks[C].2009 IEEE International Conference on Electro/Information Technology, Windsor.2009:323-326.
[11]M. Rashidi, A. Sayadiyan. A New Approach for Digital Data Transmission over GSM Voice Channel. WSEAS'08, CISST, Acapulco.2008:193-196.
[12]M. Rashidi, A. Sayadiyan, and P. Mowlaee. A Harmonic Approach to Data Transmission over GSM Voice Channel[C]. ICTTA 2008, Damascus.2008:1-4.
[13]范絮妍.移动网络端到端业务通信认证机制的研究[学位论文].北京交通大学,2006.
[14]杨典兵.端到端保密通信中的类语音调制解调研究[学位论文].解放军信息工程大学,2009.
[15]杨于村.基于公众移动通信网的端到端加密语音传输技术研究[学位论文].华南理工大学,2009.
[16]梁鸿斌,曾勇.GSM系统中话音加密技术的研究[J].通信技术,2003,09:101-103
[17]杨于村,冯穗力,季新生等.加密语音在GSM话音业务信道传输的一种实现方法[J].重庆邮电大学学报(自然科学版),2009,05:578-583.
[18]李翔.短信端到端加密系统的关键技术研究与实现[学位论文].北京邮电大学,2009.
[19]李冰.彩信安全关键技术的研究与实现[学位论文].北京邮电大学,2011.
[20]刘衍斐.基于移动通信网的端到端加密终端研究与实现[学位论文].北京邮电大学,2008.
[21]封莎.移动通信系统端到端安全模块的研究与实现[学位论文].北京邮电大学,2009.
[22]ETSI, GSM 03.20 v9.0.0. Security related network functions[S].2001.
[23]ETSI, GSM 03.03 v7.7.0. Numbering, addressing and identification[S].2002.
[24]李方伟.移动通信系统认证协议与密码技术[M].人民邮电出版社,北京,2007:77-85.
[25]3GPP, TS33.102, v6.0.0.3G security; Security architecture[S].2003.
[26]3GPP,TS 35.201, v6.0.0.3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 1:f8 and f9 specification[J].2005.
[27]3GPP, TS 35.202, v6,0.0.3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 2:Kasumi specification[S].2005.
[28]3GPP, TS 35.216, v8.0.0. Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2:SNOW 3G specification[J].2008.
[29]3GPP, TS 33.200, v6.0.0.3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security[S].2004.
[30]3GPP, TS 33.210, v6.0.0.3G security; Network Domain Security (NDS); IP network layer security[S].2002.
[31]王莉.3G移动通信安全性研究与改进[学位论文].北京邮电大学,2012.
[32]3GPP, TS 33.401, v12.5.0.3GPP System Architecture Evolution (SAE); Security architecture[S].2012.
[33]张沛,陈婉莹,王鑫.TD-SCDMA与TD-LTE安全机制的分析和比较[J].移动通信,2012,07:28-33.
[34]3GPP, TS 35.222, vl 1.0.0. Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 2:ZUC specification[J].2012.
[35]李晖,牛少彰.无线通信安全理论与技术[M].北京,北京邮电大学出版社, 2011:171-178.
[36]W Rankl,W Effing著,王卓人,王锋译.智能卡大全:智能卡的结构功能应用(第三版)[M].电子工业出版社,2002:1-25.
[37]王天石.面向成品油零售系统的智能型IC卡发卡系统的研究与实现[学位论文].首都师范大学,2008.
[38]Himanshu Dwivedi, Chris Clark, David Thiel著.李祥军,罗熊译.移动应用安全[M].北京,电子工业出版社,2012:211-216.
[39]刘杰,王春萌,范春晓.移动电子商务及WPKI技术[J].北京邮电大学学报,2002,25(2):1-7.
[40]邓方民.移动支付系统安全机制研究[学位论文].西安电子科技大学,2006.
[41]B. Gassend, D. Clarke, M. van Dijk, and S. Devadas. Silicon physical random functions [C]. CCS '02 Proceedings of the 9th ACM conference on Computer and communications security, Washington, DC,2002:148-160.
[42]Jae W. Lee, D. Lim, B. Gassend, et al. A technique to build a secret key in integrated circuits with identification and authentication applications [C]. In Proceedings of the IEEE VLSI Circuits Symposium, Honolulu,2004:176-179.