博碩士論文 985202086 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:61 、訪客IP:18.117.71.213
姓名 李佩瑄(Pei-Hsun Lee)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 MAC-YURI : My ACcount, YoUr ResponsIbility
(MAC-YURI : My ACcount, YoUr ResponsIbility)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 ( 永不開放)
摘要(中) 個人電腦的便利性、聯通性與普遍性,使得攻擊者可運用其電腦與網路的知識發展出各式各樣入侵電腦的方式,並進而構建出功能強大的殭屍網路,以非法地獲取龐大的金錢利益與私密資料。而隨著愈來愈多的人使用數位行動置與朋友聯繫或上網遊戲,數位行動裝置﹙例如,手機﹚已變成人們生活中不可或缺的一部分。手機等數位行動裝置的功能因此也變的日益強大,結構也愈來愈複雜,就如同手掌大小般的個人電腦。然而手機各式便利的功能,例如:打電話、傳簡訊等基本功能,亦可能被有心人士利用,成為破壞手機擁有者權利的攻擊工具。因此使得行動裝置除了可能遭受個人電腦相同的威脅外,亦面臨新型態的攻擊。
由於近來有愈來愈多網路上的服務開始要求使用者利用他們的手機來進行申請新帳號的認證或強化已有帳號的登入方式,例如:Google、Facebook及一些拍賣網站等,因此手機認證已變成手機的重要功能之一。但我們認為手機認證並不是完全可信,故本研究描述了一種可實作於手機上的攻擊手法及應用–MAC-YURI﹙以盜用他人手機號碼來換取網路帳號申請之認證的方法﹚。MAC-YURI藉由受害者的手機來為攻擊者在網路上新申請的帳號來進行“手機認證”,以達成最終目標–「我的帳號,你的責任」。
這篇論文描述了MAC-YURI的模型、應用及實作,MAC-YURI可以在一般手機用戶不知情的情境下,配合手機可收發簡訊的基本功能來達成攻擊者之目的。經過測試後證實其攻擊手法確實可存在於現今社會人類所使用之手機等數位型動裝置中。論文中亦提出對此類威脅的解決方案。
摘要(英) The convenience, connectivity, and popularity of computers allow a malicious user to utilize various approaches to compromise hosts which can be further organized into Botnets to illegally obtain financial gains or sensitive information. Along with the tread that more and more users use mobile devices to communicate with friends or play on-line games, mobile devices, such as smartphones, have become an indispensible part of many persons’ everyday life. Therefore, the functionality of mobile devices becomes more powerful and the structures of them become more complex, which makes them look like personal computer miniatures. However, attackers may abuse these powerful and diverse functions to impair the owner of a mobile device. Hence mobile devices are under the threats of not only some of the traditional desktop attack types but also new attack types.
Due to the trend that more and more web services, such as Google, Facebook and many auction websites, require users to open their new accounts or to login to their accounts through cell-phone-verification, cell-phone-verification has become an important function of cellular phones. However, research in our work shows that cell-phone-verification is not always reliable. This study proposes a new attack method named MAC-YURI (My ACcount, YoUr ResponsIbility) against cell-phone-verification to show one possible abuse of smartphones to people. Through MAC-YURI, an attacker can utilize a compromised smartphone as a steppingstone to accept and forward account verification code to finish the cell-phone-verification when applying a new account or logging in to an account. This paper describes the attack models of MAC-YURI. MAC-YURI uses the built-in functionality of a smartphone, such as receiving and sending short messages, to launch attacks in a stealthy way. We implemented MAC-YURI on an Android smartphone. Experimental results show that MAC-YURI can successfully assist an attacker in obtaining the verification code of an account without the awareness of a steppingstone smartphone owner. Besides, the power consumption introduced by MAC-YURI is low. Finally, this paper proposes some methods to protect a smart-phone against MAC-YURI.
關鍵字(中) ★ 手機
★ 簡訊
★ 殭屍網路
★ 認證碼
關鍵字(英) ★ cellphone
★ smartphone
★ authentication
★ verification code
★ SMS
★ botnet
論文目次 摘要 i
Abstract ii
Table of Contents iii
List of figures v
List of tables vii
List of equations viii
CHAPTER 1. INTRODUCTION 1
1.1 Potential Crisis 1
1.2 Motivation 1
1.3 Contribution 2
1.4 Thesis Organization 2
CHAPTER 2. BACKGROUND 3
2.1 Services Using Cell-Phone-Authentication 3
2.1.1 Google Account 3
2.1.2 Facebook 4
2.1.3 Auction Website 5
2.2 Why Android 6
2.3 Android Architecture 6
2.3.1 A Brief View of Android Architecture 6
2.3.2 Components of an Android Application 7
2.3.3 Permissions of Android 8
2.3.4 File System of Android 9
2.4 Android Development 9
CHAPTER 3. RELATED WORK 11
3.1 Cyber Threats 11
3.2 BOTNET 11
3.3 Malwares in Smart-phones 12
CHAPTER 4. MAC-YURI ATTACK 15
4.1 Single-Hop Attack 16
4.2 Multiple-Hop Attack 17
4.3 MAC-YURI Command Format 18
CHAPTER 5. MAC-YURI ARCHITECTURE 21
5.1 Developing Environment 21
5.2 MAC-YURI Components 21
5.2.1 MAC-YURI SMS Broadcast Receiver 22
5.2.2 MAC-YURI Controller 22
5.2.3 MAC-YURI SMS Content Observer 26
5.2.4 MAC-YURI File Handler 26
5.2.5 MAC-YURI Ringtone Controller 26
5.2.6 MAC-YURI SMS Forwarder 27
5.2.7 MAC-YURI FTP Uploader 27
5.3 MAC-YURI Flowchart and Workflow 29
CHAPTER 6. EVALUATION 32
6.1 Effectiveness 32
6.1.1 PChome & eBay JV 32
6.1.2 Gmail 35
6.1.3 Facebook 37
6.2 Permissions 39
6.3 Bot Uptime and Power Consumption 40
6.3.1 Test Approach 40
6.3.2 Experimental Results of Bot Uptime 42
6.3.3 Comparison of Power Consumption 45
6.4 Influence 48
6.5 Detection 48
6.6 Limitation 48
CHAPTER 7. FUTURE WORK 50
CHAPTER 8. CONCLUSION 51
References 52
參考文獻 [1] Android Developers Website. http://developer.android.com/index.html
[2] Android Market, https://market.android.com/
[3] Cyber threats report from Georgia Tech Information Security Center. http://www.gtiscsecuritysummit.com/pdf/CyberThreatsReport2009.pdf
[4] “Cyber Threats to Mobile Devices,” in US-CERT, April 15, 2010. http://www.us-cert.gov/reading_room/TIP10-105-01.pdf
[5] Dalvik Virtual Machine. http://en.wikipedia.org/wiki/Dalvik_(software)
[6] DroidSecurity, http://www.droidsecurity.com/
[7] Eclipse, a development tool,. http://www.eclipse.org/
[8] Enterprise Mobility – eWeek. http://www.eweek.com/c/a/Mobile-and-Wireless/New-Android-Trojans-Go-After-SMS-Messages-268345/
[9] Facebook Help Center, http://www.facebook.com/help/?page=819
[10] Facebook Statistics, http://www.facebook.com/press/info.php?statistics
[11] File Transfer Protocol, http://www.networksorcery.com/enp/protocol/ftp.htm
[12] Getting started with 2-step verification, http://www.google.com/support/accounts/bin/topic.py?hl=en&topic=28786
[13] ID Generator. http://people.debian.org/~paulliu/ROCid.html
[14] Java Virtual Machine. http://en.wikipedia.org/wiki/Java_Virtual_Machine
[15] NumberOf.net, http://www.numberof.net/
[16] NPD research. http://www.npd.com/
[17] PChome & eBay JV. http://www.ruten.com.tw/
[18] “Taxonomy of Botnets Threats,” Trend Micro, November 2006 http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary/botnettaxonomywhitepapernovember2006.pdf
[19] Joan Calvet, Carlton R. Davis, Jose M. Fernandez, Jean-Yves Marion, Pier-Luc St-Onge, Wadie Guizani, “The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet,” in ACSAC, 2010. http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=221&type=2
[20] Roman Schlegel, Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang, “Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones,” in NDSS, 2011. https://www.cs.indiana.edu/~kapadia/papers/soundminer-ndss11.pdf
[21] Georgia Weidman, “Transparent Botnet Command and Control for Smartphones over SMS,” in Shmoocon, 2011. http://www.grmn00bs.com/Shmoocon2011_SmartphoneBotnets_GeorgiaW.pdf
[22] Cui Xiang, Fang Binxing, Yin Lihua, Liu Xiaoyi, Zang Tianning, “Andbot: Towards Advanced Mobile Botnets,” in Workshop of USENIX, 2011. http://www.usenix.org/events/leet11/tech/full_papers/Xiang.pdf
[23] Yuanyuan Zeng, Xin Hu, Kang G. Shin, “Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets,” Department of Electrical Science and Engineering in University of Michigan, March, 2010. http://www.eecs.umich.edu/techreports/cse/2010/CSE-TR-562-10.pdf
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2011-7-16
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明