基于密码学的移动目标防御系统

Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things Pub Date : 2023-05-26 DOI:10.1145/3603781.3603875

Yuehua Lv, Ting Tian, Huanyao Hu, Wei Kui, Dongchuan Lu, Zhengda Zhou

{"title":"基于密码学的移动目标防御系统","authors":"Yuehua Lv, Ting Tian, Huanyao Hu, Wei Kui, Dongchuan Lu, Zhengda Zhou","doi":"10.1145/3603781.3603875","DOIUrl":null,"url":null,"abstract":"Mobile applications are vulnerable to attacks and information leakage due to various unknown vulnerabilities in mobile channels, terminals, and programs. Moving target defense (MTD) has emerged as a proactive defense technology against unknown attacks. Previous work mainly focused on server-side protection, while ignoring information leakage due to mobile terminal vulnerabilities. In this paper, we construct an MTD system that applies to both servers and terminals. The proposed system uses cryptography to dynamically mask various resources of the system. Interactive supports are provided between those masked resources and the server or the users, thus allowing resources to remain masked during the whole trip. The status and information of the system can be effectively shielded, preventing the mobile application from being sniffed and information leakage. Evaluation is conducted on a DingTalk-based mobile office automation (OA) application. Application results show that the proposed system can thwarts attacks from both the server and the terminal. The response time of the protected system increases by less than 5.8%, compared with the original system, which is applicable for mobile applications.","PeriodicalId":391180,"journal":{"name":"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things","volume":"222 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CryptMTD: Cryptography Based Moving Target Defense System for Mobile Application\",\"authors\":\"Yuehua Lv, Ting Tian, Huanyao Hu, Wei Kui, Dongchuan Lu, Zhengda Zhou\",\"doi\":\"10.1145/3603781.3603875\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile applications are vulnerable to attacks and information leakage due to various unknown vulnerabilities in mobile channels, terminals, and programs. Moving target defense (MTD) has emerged as a proactive defense technology against unknown attacks. Previous work mainly focused on server-side protection, while ignoring information leakage due to mobile terminal vulnerabilities. In this paper, we construct an MTD system that applies to both servers and terminals. The proposed system uses cryptography to dynamically mask various resources of the system. Interactive supports are provided between those masked resources and the server or the users, thus allowing resources to remain masked during the whole trip. The status and information of the system can be effectively shielded, preventing the mobile application from being sniffed and information leakage. Evaluation is conducted on a DingTalk-based mobile office automation (OA) application. Application results show that the proposed system can thwarts attacks from both the server and the terminal. The response time of the protected system increases by less than 5.8%, compared with the original system, which is applicable for mobile applications.\",\"PeriodicalId\":391180,\"journal\":{\"name\":\"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things\",\"volume\":\"222 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3603781.3603875\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3603781.3603875","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

由于移动渠道、终端和程序存在各种未知漏洞，移动应用容易受到攻击和信息泄露。移动目标防御(MTD)是一种针对未知攻击的主动防御技术。以往的工作主要集中在服务器端防护，忽略了移动端漏洞导致的信息泄露。在本文中，我们构建了一个同时适用于服务器和终端的MTD系统。该系统采用加密技术对系统中的各种资源进行动态掩码。在这些被屏蔽的资源与服务器或用户之间提供交互支持，从而允许资源在整个传输过程中保持被屏蔽。可以有效屏蔽系统的状态和信息，防止移动应用程序被嗅探和信息泄露。对基于钉钉聊天的移动办公自动化(OA)应用程序进行了评估。应用结果表明，该系统能够有效地抵御来自服务器端和终端端的攻击。与原系统相比，受保护系统的响应时间提高不超过5.8%，适用于移动应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CryptMTD: Cryptography Based Moving Target Defense System for Mobile Application

Mobile applications are vulnerable to attacks and information leakage due to various unknown vulnerabilities in mobile channels, terminals, and programs. Moving target defense (MTD) has emerged as a proactive defense technology against unknown attacks. Previous work mainly focused on server-side protection, while ignoring information leakage due to mobile terminal vulnerabilities. In this paper, we construct an MTD system that applies to both servers and terminals. The proposed system uses cryptography to dynamically mask various resources of the system. Interactive supports are provided between those masked resources and the server or the users, thus allowing resources to remain masked during the whole trip. The status and information of the system can be effectively shielded, preventing the mobile application from being sniffed and information leakage. Evaluation is conducted on a DingTalk-based mobile office automation (OA) application. Application results show that the proposed system can thwarts attacks from both the server and the terminal. The response time of the protected system increases by less than 5.8%, compared with the original system, which is applicable for mobile applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things

自引率

0.00%

发文量