Android系统中的SSL中间人攻击的研究与防范

发布时间：2018-04-14 17:06

本文选题：Android + 安全套接层　；参考：《北京邮电大学》2014年硕士论文

【摘要】：Android已经成为世界上最常用的智能机操作系统,它使用SSL协议来保护数据通信,但是如果不充分或不正确使用SSL,就会导致Android应用程序容易受到中间人攻击。本文从移动设备出发,对Android系统中的SSLStrip中间人攻击进行了研究,并在此基础上提出了一种防范的方案,能够在移动网络环境下防止Android手机用户受到SSLStrip中间人攻击的目的。本文首先分析了Android SSLStrip在移动网络环境下的攻击原理和攻击过程,研究了如何利用ARP欺骗对SSL进行攻击。然后针对ARP欺骗设计了一种SSLStrip中间人攻击的防范方案,分别对该方案的服务器端和客户端进行了详细的分析和设计,对其有效性进行了验证,并实现了客户端的基本功能。该方案需要确保路由器IP地址和MAC地址的可靠性,因此论文中扩展了DHCP服务器的功能,通过DHCPACK消息将路由器的IP地址和MAC地址发送给DHCP客户端。DHCP客户端开发了一个基于Tcpdu imp的Android应用,该应用能够抓取发送给它的报文,并将抓取到的报文保存到手机SD卡的一个pcap文件中,除此之外,还能利用JPCAP解析pcap文件,从中取出由DHCP服务器发过来的路由器IP地址和MAC地址,并将它们静态绑定到手机的ARP缓存表中,以防止其他恶意主机对其进行修改,从而实现在移动网络环境下防止受到SSLStrip中间人攻击的目的。
[Abstract]:Android has become the world's most commonly used smartphone operating system, it uses SSL protocol to protect data communication, but if it is not fully or incorrectly used, it will lead to Android application vulnerable to man-in-the-middle attack.Based on the research of SSLStrip man-in-the-middle attack in Android system, this paper presents a scheme to prevent the Android mobile phone users from being attacked by the SSLStrip middleman in the mobile network environment.In this paper, firstly, the principle and process of Android SSLStrip attack in mobile network environment are analyzed, and how to use ARP spoofing to attack SSL is studied.Then a SSLStrip man-in-the-middle attack prevention scheme is designed for ARP spoofing. The server and client side of the scheme are analyzed and designed in detail. The validity of the scheme is verified and the basic functions of the client are realized.This scheme needs to ensure the reliability of IP address and MAC address of router, so the function of DHCP server is extended in this paper.The IP address and MAC address of the router are sent to the DHCP client by DHCPACK message. A Android application based on Tcpdu imp is developed, which can capture the message sent to it.In addition to storing the captured message in an pcap file of the SD card of the mobile phone, it can also parse the pcap file by using JPCAP, from which the IP address and MAC address of the router sent by the DHCP server can be extracted.They are statically bound to the mobile phone's ARP cache table in order to prevent other malicious hosts from modifying them so as to protect them from SSLStrip man-in-the-middle attack in the mobile network environment.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP316

【参考文献】