Android平台的手机隐私保护技术研究

发布时间：2018-06-29 04:41

本文选题：Android + 信息安全　；参考：《江苏科技大学》2014年硕士论文

【摘要】：随着Android智能手机的飞速发展，越来越多的人们已经习惯了在Android智能手机上面存储大量用户信息包括个人隐私信息如：通讯录、通话记录、短信息、地理位置等，以及一些商业信息，以提高学习、工作、生活的效率。但是于此同时Android智能手机也正成为不法份子的目标，他们利用这些移动设备，植入恶意程序，，窃取用户隐私数据，谋取商业利益，严重损害了用户利益，这些隐私数据对用户来说至关重要，用户并不希望这些数据被其他人非法获取和使用，因此研究和提高Android智能手机的安全，阻止恶意程序窃取手机隐私信息显得很有必要。本文首先分析了Android系统的安全体系，着重分析了Android权限控制机制及其存在的安全隐患，并通过开发的一款恶意音乐播放器软件对该隐患进行了验证，指出Android系统安全性的不足，普通Android手机用户如果没有安全软件对系统进行保护，将面临用户重要个人信息泄露的可能。本文从两个方面出发来保护用户个人信息，一方面从权限控制入手，分析了市场上现有的应用程序安装前权限控制和应用程序运行时权限控制两类权限控制软件的不足，然后对两者进行了结合并引入kirin策略提高权限控制的准确度以及降低了用户负担，改善了用户体验；另一方面从数据加密入手，分析了Android系统上数据以明文存储带来的不安全，引出了对数据加密的需要，由于终端的特殊性以及资源的有限性，使得现有的大量数据加密技术并不完全适用于Android智能手机，这就要求对数据进行加密保护时不能忽略终端资源的限制，本文通过设计一个具有决策数据加密方案的系统，找出适合终端当前状态的数据加密方案，从而在保护数据的同时，减少资源的消耗以及提升用户的体验。本文从Android智能手机数据保护的角度，设计了一个安全系统，具有权限控制功能和数据加密功能。权限控制功能包括安装前权限控制和运行时权限控制，可以有效对应用程序申请的权限进行控制，加密功能包括信息收集、信息处理、策略决策、策略执行、策略改进、性能评测，即通过收集终端资源使用情况和文件信息，对收集的信息进行归一化和量化处理，对处理之后的数据进行分类，给出推荐加密方案AES或XTEA，并根据用户反馈对策略进行改进，本文最后对系统进行了简单的测试，表明本文设计的系统能够较好的对应用程序进行权限控制以及对重要隐私数据进行加密。
[Abstract]:With the rapid development of Android smartphones, more and more people have been used to store a large number of user information on Android smartphones, including personal privacy information such as: address book, call record, short message, geographical location, etc. As well as some business information to improve learning, work, life efficiency. But at the same time, Android smartphones are also being targeted by illegal elements, who use these devices to plant malicious programs, steal user privacy data, seek commercial benefits, and seriously harm users' interests. The privacy data is very important to the user. The user does not want the data to be illegally obtained and used by others. So it is necessary to research and improve the security of Android smartphone and prevent malicious program from stealing privacy information. In this paper, the security system of Android system is analyzed at first, and the mechanism of Android privilege control and its security hidden danger are emphatically analyzed. The hidden trouble is verified by a malicious music player software developed, and the deficiency of Android system security is pointed out. If ordinary Android mobile phone users do not have security software to protect the system, they will face the possibility of important personal information leakage. In this paper, the user's personal information is protected from two aspects. On the one hand, starting with the privilege control, this paper analyzes the deficiency of the two kinds of permission control software, which are the pre-installation permission control of the application program and the permission control software of the application program running time. Then we combine the two and introduce kirin strategy to improve the accuracy of privilege control and reduce the user burden, improve the user experience. On the other hand, from the point of data encryption, we analyze the insecurity of data storage in clear text on Android system. Because of the particularity of terminal and the limitation of resource, the existing data encryption technology is not suitable for Android smart phone. In this paper, we design a system with decision data encryption scheme to find out the data encryption scheme suitable for the current state of the terminal, so as to protect the data at the same time. Reduce resource consumption and improve user experience. From the point of view of Android smart phone data protection, this paper designs a security system with privilege control function and data encryption function. The privilege control function includes pre-installation permission control and run-time permission control, which can effectively control the permission applied by the application. Encryption functions include information collection, information processing, policy decision, policy execution, policy improvement, etc. Performance evaluation, that is, through collecting terminal resource usage and document information, normalizing and quantifying the collected information, classifying the processed data, The recommended encryption scheme AES or XTEAA is given, and the policy is improved according to the user feedback. Finally, a simple test of the system is given in this paper. It shows that the system designed in this paper can control the rights of the application program and encrypt the important privacy data.
【学位授予单位】：江苏科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN929.53

【参考文献】