嵌入式3G手机防火墙模型设计与研究
摘要
众所周知,手机的智能化程度早已今非昔比。目前,许多高端手机的功能几乎足以和PDA等传统的手持式智能设备相媲美。带有操作系统的智能手机不仅可以像电脑一样进行Word文字编辑、文件存储、拷贝,甚至可通过蓝牙传送文件、收听广播、听音乐、看电影等功能。当今社会随着网络的迅速发展,3G手机越来越普遍,手机由原始的单一化走向多功能化,多样化,某种程度上扮演着PC机的功能,与PC机类似,3G网络时代也面临安全问题。
普通手机安全性主要体现在:手机通话功能、短信和彩信的收发,而3G手机安全除了以上两种,更重要的是上网业务的扩展,个人业务主要是来电骚扰和垃圾短信的接收。3G手机上网时通过下载资料、浏览网页、蓝牙和红外的接收等现代通信技术感染手机病毒,接收恶意程序,使用户手机的安全受到极大威胁。
目前市场上个别手机有来电防火墙,其技术原理就是基于文本过滤技术,让防火墙在黑白名单中过滤选择,短信防火墙也是如此,这两种防火墙能很好的实现预期效果,但防火墙的重中之中是保证手机上网的安全,以保证用户的资料安全。
手机作用一种PDA,目前还没有真正防火墙,本文在现有一些手机防火墙基础上提出3G手机防火墙模型研究,该防火墙对现有手机防火墙进行一定的改进,把各功能进行有机的结合,实现了对短信、通话、上网功能及手机病毒的综合处理。其中细节功能模块的设计有:界面的设计,文件类型结构、来电过滤功能、短信过滤、网络监控、病毒查杀(病毒库升级)、日志管理等五大模块的设计。该模型的设计遵行模块化原则,提供友好的系统界面,对于3G手机各方面安全予以保障,为将来更多的3G手机多功能防火墙开发提供了很好的理论基础,并指出未来3G手机防火墙的发展方向和一些技术问题。
As we know, the intelligence of mobile phones has been completely transformed. Currently, many smart mobile-phones and PDA features nearly comparable to the traditional handheld smart devices. Smart phones with operating systems not only process as the word as a computer text editor, file storage, copy, and even print via Bluetooth technology to scan documents, listening to the radio, listening music, watching TV and other functions. Today with the rapid development of the network,3G mobile phones become more and more popular, phone from single to multi-functional to diversification, to some extent play a role as PC, like PC, time of 3G mobile phone also facing security problems.
General mobile phone security mainly focused on three aspects:phone communication services, send or receive SMS and MMS, in addition to these two kinds of security, more important is the Internet expansion, in personal business calls harassment and spam messages received. When downloading data from Internet, Web browsing, Bluetooth and infrared receiver, such as, send and receive MMS, mobile phone virus infection of modern network technology, received a malicious program, so that the safety of users are greatly threatened.
Today, big phones on the market have call firewall, the technical principle is based on text filtering technology to enable the firewall options in black and white list filtering, SMS firewall is also based on this, these two Firewall may well achieve the desired effect, but in which the firewall is important to ensure the safety of mobile Internet, can not be fully protected on the mobile phone business.
Mobile as PDA, have no real firewall, this firewall based on some existing 3G mobile phone firewall model proposed, the firewall on the existing mobile phone firewall certain improvements to the functionality of organic Combination, the realization of SMS, Call, Internet access and mobile phone integrated treatment of the virus. Details of This model mainly includes four function models, dealing with the filtration of abnormal calls and messages, making network monitoring and killing the phone virus. Besides, this model also provides the function of log recording. In this paper, the design objective, the interface design, file structure design will also be concerned.
普通手机安全性主要体现在:手机通话功能、短信和彩信的收发,而3G手机安全除了以上两种,更重要的是上网业务的扩展,个人业务主要是来电骚扰和垃圾短信的接收。3G手机上网时通过下载资料、浏览网页、蓝牙和红外的接收等现代通信技术感染手机病毒,接收恶意程序,使用户手机的安全受到极大威胁。
目前市场上个别手机有来电防火墙,其技术原理就是基于文本过滤技术,让防火墙在黑白名单中过滤选择,短信防火墙也是如此,这两种防火墙能很好的实现预期效果,但防火墙的重中之中是保证手机上网的安全,以保证用户的资料安全。
手机作用一种PDA,目前还没有真正防火墙,本文在现有一些手机防火墙基础上提出3G手机防火墙模型研究,该防火墙对现有手机防火墙进行一定的改进,把各功能进行有机的结合,实现了对短信、通话、上网功能及手机病毒的综合处理。其中细节功能模块的设计有:界面的设计,文件类型结构、来电过滤功能、短信过滤、网络监控、病毒查杀(病毒库升级)、日志管理等五大模块的设计。该模型的设计遵行模块化原则,提供友好的系统界面,对于3G手机各方面安全予以保障,为将来更多的3G手机多功能防火墙开发提供了很好的理论基础,并指出未来3G手机防火墙的发展方向和一些技术问题。
As we know, the intelligence of mobile phones has been completely transformed. Currently, many smart mobile-phones and PDA features nearly comparable to the traditional handheld smart devices. Smart phones with operating systems not only process as the word as a computer text editor, file storage, copy, and even print via Bluetooth technology to scan documents, listening to the radio, listening music, watching TV and other functions. Today with the rapid development of the network,3G mobile phones become more and more popular, phone from single to multi-functional to diversification, to some extent play a role as PC, like PC, time of 3G mobile phone also facing security problems.
General mobile phone security mainly focused on three aspects:phone communication services, send or receive SMS and MMS, in addition to these two kinds of security, more important is the Internet expansion, in personal business calls harassment and spam messages received. When downloading data from Internet, Web browsing, Bluetooth and infrared receiver, such as, send and receive MMS, mobile phone virus infection of modern network technology, received a malicious program, so that the safety of users are greatly threatened.
Today, big phones on the market have call firewall, the technical principle is based on text filtering technology to enable the firewall options in black and white list filtering, SMS firewall is also based on this, these two Firewall may well achieve the desired effect, but in which the firewall is important to ensure the safety of mobile Internet, can not be fully protected on the mobile phone business.
Mobile as PDA, have no real firewall, this firewall based on some existing 3G mobile phone firewall model proposed, the firewall on the existing mobile phone firewall certain improvements to the functionality of organic Combination, the realization of SMS, Call, Internet access and mobile phone integrated treatment of the virus. Details of This model mainly includes four function models, dealing with the filtration of abnormal calls and messages, making network monitoring and killing the phone virus. Besides, this model also provides the function of log recording. In this paper, the design objective, the interface design, file structure design will also be concerned.
引文
[1]手机病毒分析及智能手机杀毒软件设计郭前进-《河北工业大学硕士论文》2007-02-01
[2]基于Symbian的智能手机防火墙研究与设计左强;郝玉洁;刘乃琦; -《微计算机信息》-2008-03-25
[3]刘东苏,韦宝典,王新梅,马文平.第三代移动通信系统的安全体系结构.西安电子科技大学学报.2002,Vol.29:351-354
[4]李世鸿,李方伟.3G移动通信中的安全改进.重庆邮电学院学报.2002,Vol.14:24-27
[5]3GPPTS 33.120:3Generation Partnership Project(3GPP), Technical Specification Group(TSG)SA,3G Security, Security Principles and Objectives
[6]陈广辉,李方伟.移动通信系统的安全机制分析.移动通信.2004(9):78-81
[7]手机病毒的分析及研究王海坤;-《科技资讯》-2009-03-13
[8]陈淑亚3G时代智能手机显现新特点,http://www.3 gen. org,2006
[9]手机媒体的应用前景及管理研究.朱姝哲-《浙江大学硕士论文》-2008-05-31
[10]李相鹤,张焕国.移动通信信息安全技术方案研究.计算机应用.2004,Vol.24:184-186
[11]张燕,傅建明.垃圾短信的识别与追踪研究[J].计算机应用研究,2006(3):251-253
[12]Symbian操作系统下手机病毒免疫技术研究刘磊;刘克胜; -《网络安全技术与应用》-2006-11-01
[13]OthmarKyas著,王霞等译.风险分析、策略与防火墙.北京:中国水利水电电出版社,1998
[14]楚狂等.《网络安全与防火墙技术》.北京:人民邮电出版社,2000:20-23
[15]从主流机型看3G终端设计五大趋势李鹏-《中国消费者报》-2009-07-29
[16]黄鑫等.网络安全技术教程—攻击与防范.北京:中国电力出版社,2002
[17]杨辉,吴昊.防火墙一网络安全解决方案[M].北京:国防工业出版社,2001
[18]北京启明星辰信息技术有限公司编著.《防火墙原理与实用技术》.北京:电子工业出版社,2002:100-102
[19]冯建和,王卫东.第三代移动网络与移动业务.北京:人民邮电出版社,2005
[20]邹勇,白跃彬,赵银亮.增强型包过滤防火墙规则的形式化及推理机的设计与实现.计算机研究与发展,2000(12):1471-1476
[21]Aeharya.S.JiaWang,ZihuiGe,Znati,T.Greenberg, A.Simulationstu of firewall stoaidim ProvedPerformanee. SimulationSymPosium[M].2006.39tliAnnual.2-6APril2006.
[22]祝侃.手机上网将无线数据带给大众.数据通信,2000(3):33-40
[23]郑德山.第四代移动通信系统及其关键技术.微电子技术,2003(6)
[24]Mikkel Christiansen, Emmanuel Fleury. An MTIDD Based Firewall Using Decision Diagrams for Packet Filtering[J]. Telecommunication Systems,2004(27):2-4
[25]高泽胜,陶宏才.基于NDIS-HOOK与SPI的个人防火墙研究与设计[J].计算机应用研究,2004,21(21).基于winCE的移动终端防火墙系统的设计与实现.
[26]付长春,王军.试论Windows网络数据包NDIsHook拦截技术[J].计算机与数字工程,2006,34(12).
[27]加利奈波特.WindowsNT. NativeApIReferenee[M].北京:机械工业出版社,2001.
[28]胡培元.WindowsCE的开发和测试过程[J].计算机世界.2005,第3期.
[29]齐晓静.WindowsCEOAL层结构与开发单片机与嵌入式系统应用.2005,第2期.
[30]廖晓摈,赵熙.第三代移动通信网络系统技术与应用基础教程.北京:电子工业出版社,2007:94-96
[31]李东芝.3G手机上网技术研究.数据通信,2008(3):45-78
[32]胡虚怀,郑若忠.基于WindowsCE的通信技术[J].计算机应用,2000,第n期.
[33]李荣陆,胡运发,基于密谋的KNN文本分类器训练样本载剪方法仁J.计算机研究与发展,2004,41(4):539-545.
[34]Lance Spitzner. How Stateful is Stateful Inspection[M].2000:21-40
[35]梁之舜,邓集贤,杨维权,司徒荣,邓永录.概率论及数统计.高等教育出版社,1994
[36]Zhang K. Xu M.W, Zhang H, Liu F.Y.An intrusion detection method(RHDID) based on relative hamming distance. Chinese Journal of Computer,2003,26 (1):65-70 (in Chinese)(张琨,许满武,张宏,刘凤玉.基于一种相对Hamming巨离的入侵检测方法—ⅠHDID.计算机学报,2003,26(1):65-70)
[37]Hagan M.T. Demuth H.B. Deale M.H, Beale M.Neural Network Design. PWS Publishing Company.1996
[38]单松巍,冯是聪,李晓明,几种典型特征选取方法在中文网页分类上的效果比较,计算机工程与应用,2003,22,116-148.
[39]李雪型,刘宝旭.字符串匹配技术研究计算机工程-2004年22期
[40]李凌.WinsoekZ网络编程实用教程[M].北京:清华大学出版社,2003.
[41]焦李成.神经网络系统理论.西安电子科技大学出版社.1996
[42]吴伟陵.下一代移动通信探讨.中兴通讯技术,2002(6)
[43]傅华.电话网与Internet网络的安全性对比:[学位论文].北京邮电大学,200
[2]基于Symbian的智能手机防火墙研究与设计左强;郝玉洁;刘乃琦; -《微计算机信息》-2008-03-25
[3]刘东苏,韦宝典,王新梅,马文平.第三代移动通信系统的安全体系结构.西安电子科技大学学报.2002,Vol.29:351-354
[4]李世鸿,李方伟.3G移动通信中的安全改进.重庆邮电学院学报.2002,Vol.14:24-27
[5]3GPPTS 33.120:3Generation Partnership Project(3GPP), Technical Specification Group(TSG)SA,3G Security, Security Principles and Objectives
[6]陈广辉,李方伟.移动通信系统的安全机制分析.移动通信.2004(9):78-81
[7]手机病毒的分析及研究王海坤;-《科技资讯》-2009-03-13
[8]陈淑亚3G时代智能手机显现新特点,http://www.3 gen. org,2006
[9]手机媒体的应用前景及管理研究.朱姝哲-《浙江大学硕士论文》-2008-05-31
[10]李相鹤,张焕国.移动通信信息安全技术方案研究.计算机应用.2004,Vol.24:184-186
[11]张燕,傅建明.垃圾短信的识别与追踪研究[J].计算机应用研究,2006(3):251-253
[12]Symbian操作系统下手机病毒免疫技术研究刘磊;刘克胜; -《网络安全技术与应用》-2006-11-01
[13]OthmarKyas著,王霞等译.风险分析、策略与防火墙.北京:中国水利水电电出版社,1998
[14]楚狂等.《网络安全与防火墙技术》.北京:人民邮电出版社,2000:20-23
[15]从主流机型看3G终端设计五大趋势李鹏-《中国消费者报》-2009-07-29
[16]黄鑫等.网络安全技术教程—攻击与防范.北京:中国电力出版社,2002
[17]杨辉,吴昊.防火墙一网络安全解决方案[M].北京:国防工业出版社,2001
[18]北京启明星辰信息技术有限公司编著.《防火墙原理与实用技术》.北京:电子工业出版社,2002:100-102
[19]冯建和,王卫东.第三代移动网络与移动业务.北京:人民邮电出版社,2005
[20]邹勇,白跃彬,赵银亮.增强型包过滤防火墙规则的形式化及推理机的设计与实现.计算机研究与发展,2000(12):1471-1476
[21]Aeharya.S.JiaWang,ZihuiGe,Znati,T.Greenberg, A.Simulationstu of firewall stoaidim ProvedPerformanee. SimulationSymPosium[M].2006.39tliAnnual.2-6APril2006.
[22]祝侃.手机上网将无线数据带给大众.数据通信,2000(3):33-40
[23]郑德山.第四代移动通信系统及其关键技术.微电子技术,2003(6)
[24]Mikkel Christiansen, Emmanuel Fleury. An MTIDD Based Firewall Using Decision Diagrams for Packet Filtering[J]. Telecommunication Systems,2004(27):2-4
[25]高泽胜,陶宏才.基于NDIS-HOOK与SPI的个人防火墙研究与设计[J].计算机应用研究,2004,21(21).基于winCE的移动终端防火墙系统的设计与实现.
[26]付长春,王军.试论Windows网络数据包NDIsHook拦截技术[J].计算机与数字工程,2006,34(12).
[27]加利奈波特.WindowsNT. NativeApIReferenee[M].北京:机械工业出版社,2001.
[28]胡培元.WindowsCE的开发和测试过程[J].计算机世界.2005,第3期.
[29]齐晓静.WindowsCEOAL层结构与开发单片机与嵌入式系统应用.2005,第2期.
[30]廖晓摈,赵熙.第三代移动通信网络系统技术与应用基础教程.北京:电子工业出版社,2007:94-96
[31]李东芝.3G手机上网技术研究.数据通信,2008(3):45-78
[32]胡虚怀,郑若忠.基于WindowsCE的通信技术[J].计算机应用,2000,第n期.
[33]李荣陆,胡运发,基于密谋的KNN文本分类器训练样本载剪方法仁J.计算机研究与发展,2004,41(4):539-545.
[34]Lance Spitzner. How Stateful is Stateful Inspection[M].2000:21-40
[35]梁之舜,邓集贤,杨维权,司徒荣,邓永录.概率论及数统计.高等教育出版社,1994
[36]Zhang K. Xu M.W, Zhang H, Liu F.Y.An intrusion detection method(RHDID) based on relative hamming distance. Chinese Journal of Computer,2003,26 (1):65-70 (in Chinese)(张琨,许满武,张宏,刘凤玉.基于一种相对Hamming巨离的入侵检测方法—ⅠHDID.计算机学报,2003,26(1):65-70)
[37]Hagan M.T. Demuth H.B. Deale M.H, Beale M.Neural Network Design. PWS Publishing Company.1996
[38]单松巍,冯是聪,李晓明,几种典型特征选取方法在中文网页分类上的效果比较,计算机工程与应用,2003,22,116-148.
[39]李雪型,刘宝旭.字符串匹配技术研究计算机工程-2004年22期
[40]李凌.WinsoekZ网络编程实用教程[M].北京:清华大学出版社,2003.
[41]焦李成.神经网络系统理论.西安电子科技大学出版社.1996
[42]吴伟陵.下一代移动通信探讨.中兴通讯技术,2002(6)
[43]傅华.电话网与Internet网络的安全性对比:[学位论文].北京邮电大学,200