Collaborative network security for heterogeneous mobile networks.
详细信息
文摘
Security is a critical component of every computing system and mobile networking is no exception. As mobile devices grow in functionalities, they become more likely to be misused. Hackers and malicious users targeting mobile networking are frequently appearing in the news. Recently, CNN reported the mobile phone of a famous hotel heiress' was hacked and private information was leaked to the public. The mobile threats are also surfacing in devices that are previously considered closed systems, such as GPS units and MP3 players. If left unchecked, mobile threats can cause serious damage and result in financial losses and privacy breach.;Managing the security of mobile network and devices is challenging. Mobile threats poese some unique challenges that differ from desktop computers. Designing a security solution to combat mobile threats needs to address the following two challenges:;1. Heterogeneity---Mobile devices differ greatly in terms of both hardware and software. For hardware, mobile devices can have computation capabilities ranging from a laptop computer (GHz) to the smaller PDA and smartphone (MHz). Storage capacity can vary from tens of Gigabytes to tens of Megabytes. The number of wireless interfaces also makes each device unique as WiFi, Bluetooth and GSM/CDMA connectivity can all be optional. For software, each mobile device can run different operating systems such as Windows XP, Linux, Mac, Windows Mobile, and Symbian. With each operating system, different software and configuration can further be installed. Designing a practical security solution that can encompass these for heterogeneity is non-trivial.;2. Privacy Issues---Security and privacy often go hand in hand. A good privacy design can help both the mobile network and the users to achieve better security. However, privacy protection can also be misused if it can be exploited to hide misconduct. Information sharing can help identify and respond to mobile threats. However, the balance between privacy protection and security strength is challenging.;In this thesis, we propose to achieve security for mobile devices through collaboration. Our design will utilize a proxy-based framework to achieve the following two goals: (1) collaborative information sharing, and (2) joint security response. Sharing of information will enable mobile devices and mobile network operators to identify potential security threats. Once the problem is identified, the security response will be performed jointly, so that the security threat can be contained. Our proposed proxy-based framework addresses the heterogeneity challenge by leveraging the multiple wireless interfaces of the mobile devices, and offloads the majority of the computational burden to the more powerful proxy. To mitigate privacy concerns, the proxy employs cryptographic techniques and privacy-preserving protocols to achieve accountable anonymization for effective information sharing.;We demonstrate how security can be achieved through collaboration, in two different problem contexts: (1) prevent attack against mobile devices through device-level collaboration and (2) prevent attack against mobile networks through network-level collaboration.;In the first problem context, we will focus on a cross-device smartphone virus detection and alert system, SmartSiren. SmartSiren is a proxy-based framework that enables cross-device collaboration. It enables collaboration between smartphones through the proxy, in order to early identify smartphone virus activities and deliver alerts to quarantine the damage. We demonstrate the feasibility and effectiveness of Smart-Siren through prototype implementation on a Windows Mobile based smartphone as well as traced-driven simulations.;In the second problem context, we will showcase cross-network collaboration in Cross Domain Cooperative Firewall (CDCF). Traditionally, when mobile users visit a foreign network, they can utilize encrypted tunneling such as VPN to bypass foreign network firewall's inspection. Such operations potentially increase the security risks for the foreign network. Our proposed CDCF enables the home network and the foreign network to jointly enforce their firewall security policies on mobile users' tunneled traffic. A salient feature of our design is that, while the user traffic is filtered, its traffic privacy is preserved from the foreign network. We have implemented CDCF and integrated it with the OpenVPN software package. Our experimentation result shows that CDCF offers a viable solution with small overhead.