敏感信息在移动终端的隔离防护技术研究

发布时间：2018-03-31 15:43

本文选题：移动终端　切入点：敏感信息　出处：《西安电子科技大学》2014年硕士论文

【摘要】：随着信息化技术的高速发展,拥有全国乃至海外分支机构的大型企事业单位,其内部交互的重要、敏感信息越来越多,而且出差在外的员工利用公开网络与单位内网之间进行业务传递的情况也越来越频繁,因此,研究在公开网络环境中敏感信息在移动终端的隔离防护技术具有较高的理论意义和实际应用价值。本文首先详细分析了隔离防护技术的研究现状,包括国内外现有信息安全保障体系、可信计算技术以及隔离交换技术和美国GIG网中高保障IP加密机技术,然后对敏感信息在移动终端可能面临的主要攻击形式进行了分析,为后续方案的安全性设计提供重要参考；接着重点研究了移动终端与企事业内网之间传输敏感信息的应用场景,根据应用场景提出了敏感信息在移动终端隔离防护的安全模型,并对安全模型中各模块的功能进行了详细的设计；随后在把握设计原则的基础上,提出了敏感信息在移动终端的隔离防护方案。利用可信计算技术提供底层安全,设计自定义协议对内部传输通道进行隔离,通过拆分和重组数据并采用不同传输通道以降低可能出现的漏洞攻击。最后,对方案中的关键技术进行了编程实现,包括身份认证与密钥协商过程以及数据的拆分与重组。并且从软硬件两个层面分别就方案的抗攻击机制和安全防护机制的安全性进行了分析,表明方案具有较高的安全性。
[Abstract]:With the rapid development of information technology, large enterprises and institutions with branches throughout the country and even overseas have more and more important and sensitive information in their internal interactions. Moreover, the use of the open network and the internal network for business transfer is also becoming more and more frequent, so, It has high theoretical significance and practical application value to study the isolation and protection technology of sensitive information in mobile terminal in the open network environment. It includes the existing information security system at home and abroad, trusted computing technology, isolation and exchange technology and high security IP encryption machine technology in American GIG network. Then the main attack forms that sensitive information may face in mobile terminal are analyzed. It provides an important reference for the security design of the subsequent scheme, and then focuses on the application scenario of transmitting sensitive information between the mobile terminal and the enterprise Intranet, and puts forward a security model for the isolation and protection of the sensitive information in the mobile terminal according to the application scenario. The function of each module in the security model is designed in detail, and then, on the basis of grasping the design principle, the isolation and protection scheme of sensitive information in mobile terminal is put forward, and the underlying security is provided by using trusted computing technology. A custom protocol is designed to isolate the internal transmission channels and to reduce the possible vulnerability attacks by splitting and reorganizing the data and adopting different transmission channels. Finally, the key technologies in the scheme are programmed and implemented. It includes the process of identity authentication and key agreement as well as the split and recombination of data, and analyzes the security of the anti-attack mechanism and the security protection mechanism from the two aspects of software and hardware, which shows that the scheme has high security.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【参考文献】