移动互联网安全支撑—终端用户信息保护系统的设计及实现
发布时间:2018-11-21 15:33
【摘要】:随着移动通信技术的飞速发展,移动互联网面临着许多原本针对传统互联网的威胁和攻击。与此同时,运营商、第三方平台等业务平台提供的移动终端业务日益繁多,用户量快速增长,再加上移动互联网自身网络情况复杂,移动互联网的安全问题越来越受到人们的重视。作为整个移动互联网安全的重要支撑部分,终端用户的信息安全也面临着巨大的挑战。因此,设计一个移动终端用户信息保护系统,不仅对于移动终端用户信息安全至关重要,而且能够为移动互联网安全提供一定程度的支撑。这个系统能够在尽量小的代价下,有效对用户的身份、用户的操作或发起服务请求的移动终端应用进行安全鉴权。 本文的目的是设计一个在保证移动终端用户体验的情况下,满足现有安全需求的,针对移动终端用户信息保护的安全方案。本文重点介绍了终端用户在安全平台侧的鉴权逻辑,并在此基础上实现了终端用户信息保护系统。 本文分析总结了在目前移动互联网环境下,终端用户在和应用平台交互过程中所面临的安全风险,并结合具体实例总结了现有终端用户保护机制的不足。基于这些安全风险和当前机制的不足,本文主体部分介绍了笔者所设计的终端用户信息保护系统。首先,介绍了本系统所使用的终端用户身份认证机制,该机制基于传统的认证框架,并根据移动通信的特点加入了容错机制,同时采取了响应的安全加固,兼顾了一定的安全性和实用性。接着,从系统整体框架、系统层次、系统中各部分通信协议三个角度描述了整个系统的架构。整个系统分为终端侧、安全平台和业务平台三个部分,详细介绍了其核心部分安全平台的功能,并介绍了实现这些功能的相关组件。接着,详细介绍了终端用户与安全平台交互过程中的鉴权流程,主要分为三个阶段:用户注册、用户订购、能力调用,并介绍了相关的安全参数的设计、相关的鉴权技术及安全算法。同时,本文对该系统做了相应的功能测试和性能测试。 最后,本文总结了本论文完成的主要工作并提出了需要进一步研究的问题。经总结,可以看到本文所设计并实现的终端用户信息保护系统能够满足当前用户的需求,但随着终端用户的持续增长,该系统进一步提升的空间还很大。
[Abstract]:With the rapid development of mobile communication technology, mobile Internet is facing many threats and attacks against traditional Internet. At the same time, operators, third-party platforms and other business platforms are providing more and more mobile terminal services, and the number of users is growing rapidly. In addition, the mobile Internet itself has a complex network situation. People pay more and more attention to the security of mobile Internet. As an important part of the security of mobile Internet, the information security of end users is also facing a huge challenge. Therefore, the design of a mobile terminal user information protection system is not only very important for mobile terminal user information security, but also can provide a certain degree of support for mobile Internet security. The system can effectively authenticate the identity of the user, the operation of the user or the mobile terminal application that initiates the service request at the lowest possible cost. The purpose of this paper is to design a security scheme for the information protection of mobile terminal users under the condition of guaranteeing the mobile terminal user experience and satisfying the existing security requirements. This paper mainly introduces the authentication logic of the end user on the side of the security platform, and realizes the information protection system of the end user on this basis. This paper analyzes and summarizes the security risks faced by end-users in the process of interacting with the application platform under the current mobile Internet environment, and summarizes the shortcomings of the existing end-user protection mechanism combined with concrete examples. Based on these security risks and the shortcomings of the current mechanism, the main part of this paper introduces the end-user information protection system designed by the author. Firstly, this paper introduces the end-user authentication mechanism used in this system, which is based on the traditional authentication framework, and adds fault-tolerant mechanism according to the characteristics of mobile communication, and adopts the security reinforcement of response. It takes into account the safety and practicability. Then, the architecture of the whole system is described from three angles: the whole system framework, the system level, and the communication protocols in each part of the system. The whole system is divided into three parts: terminal side, security platform and business platform. The functions of its core security platform are introduced in detail, and the related components to realize these functions are introduced. Then, the authentication process of the interaction between the end user and the security platform is introduced in detail, which is divided into three stages: user registration, user order, ability call, and the design of related security parameters. Related authentication techniques and security algorithms. At the same time, this paper has done the corresponding function test and the performance test to this system. Finally, this paper summarizes the main work accomplished in this paper and points out the problems that need further study. In conclusion, we can see that the end-user information protection system designed and implemented in this paper can meet the needs of current users, but with the continuous growth of end-users, there is still a lot of room for further improvement of the system.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
[Abstract]:With the rapid development of mobile communication technology, mobile Internet is facing many threats and attacks against traditional Internet. At the same time, operators, third-party platforms and other business platforms are providing more and more mobile terminal services, and the number of users is growing rapidly. In addition, the mobile Internet itself has a complex network situation. People pay more and more attention to the security of mobile Internet. As an important part of the security of mobile Internet, the information security of end users is also facing a huge challenge. Therefore, the design of a mobile terminal user information protection system is not only very important for mobile terminal user information security, but also can provide a certain degree of support for mobile Internet security. The system can effectively authenticate the identity of the user, the operation of the user or the mobile terminal application that initiates the service request at the lowest possible cost. The purpose of this paper is to design a security scheme for the information protection of mobile terminal users under the condition of guaranteeing the mobile terminal user experience and satisfying the existing security requirements. This paper mainly introduces the authentication logic of the end user on the side of the security platform, and realizes the information protection system of the end user on this basis. This paper analyzes and summarizes the security risks faced by end-users in the process of interacting with the application platform under the current mobile Internet environment, and summarizes the shortcomings of the existing end-user protection mechanism combined with concrete examples. Based on these security risks and the shortcomings of the current mechanism, the main part of this paper introduces the end-user information protection system designed by the author. Firstly, this paper introduces the end-user authentication mechanism used in this system, which is based on the traditional authentication framework, and adds fault-tolerant mechanism according to the characteristics of mobile communication, and adopts the security reinforcement of response. It takes into account the safety and practicability. Then, the architecture of the whole system is described from three angles: the whole system framework, the system level, and the communication protocols in each part of the system. The whole system is divided into three parts: terminal side, security platform and business platform. The functions of its core security platform are introduced in detail, and the related components to realize these functions are introduced. Then, the authentication process of the interaction between the end user and the security platform is introduced in detail, which is divided into three stages: user registration, user order, ability call, and the design of related security parameters. Related authentication techniques and security algorithms. At the same time, this paper has done the corresponding function test and the performance test to this system. Finally, this paper summarizes the main work accomplished in this paper and points out the problems that need further study. In conclusion, we can see that the end-user information protection system designed and implemented in this paper can meet the needs of current users, but with the continuous growth of end-users, there is still a lot of room for further improvement of the system.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 黄志伟;付航;;解析移动通信安全机制,构建下一代可信网络[J];电信工程技术与标准化;2009年07期
2 唐韶华;Lamport一次性口令认证方案的改进(英文)[J];华南理工大学学报(自然科学版);2001年08期
3 李鲁群,李明禄;面向Java手机Web Service技术应用集成研究[J];计算机工程;2005年03期
4 罗作民;朱燕;程明;;Web服务测试工具SOAPUI及其分析[J];计算机应用与软件;2010年05期
5 袁丁,范平志;一个安全的动态口令鉴别方案(英文)[J];四川大学学报(自然科学版);2002年02期
6 王滨;刘刚;;动态口令认证方案的研究与改进[J];计算机工程与设计;2007年12期
7 熊光彩;慕_晨,
本文编号:2347389
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2347389.html
