移動(dòng)互聯(lián)網(wǎng)安全支撐—終端用戶信息保護(hù)系統(tǒng)的設(shè)計(jì)及實(shí)現(xiàn)
發(fā)布時(shí)間:2018-11-21 15:33
【摘要】:隨著移動(dòng)通信技術(shù)的飛速發(fā)展,移動(dòng)互聯(lián)網(wǎng)面臨著許多原本針對(duì)傳統(tǒng)互聯(lián)網(wǎng)的威脅和攻擊。與此同時(shí),運(yùn)營(yíng)商、第三方平臺(tái)等業(yè)務(wù)平臺(tái)提供的移動(dòng)終端業(yè)務(wù)日益繁多,用戶量快速增長(zhǎng),再加上移動(dòng)互聯(lián)網(wǎng)自身網(wǎng)絡(luò)情況復(fù)雜,移動(dòng)互聯(lián)網(wǎng)的安全問(wèn)題越來(lái)越受到人們的重視。作為整個(gè)移動(dòng)互聯(lián)網(wǎng)安全的重要支撐部分,終端用戶的信息安全也面臨著巨大的挑戰(zhàn)。因此,設(shè)計(jì)一個(gè)移動(dòng)終端用戶信息保護(hù)系統(tǒng),不僅對(duì)于移動(dòng)終端用戶信息安全至關(guān)重要,而且能夠?yàn)橐苿?dòng)互聯(lián)網(wǎng)安全提供一定程度的支撐。這個(gè)系統(tǒng)能夠在盡量小的代價(jià)下,有效對(duì)用戶的身份、用戶的操作或發(fā)起服務(wù)請(qǐng)求的移動(dòng)終端應(yīng)用進(jìn)行安全鑒權(quán)。 本文的目的是設(shè)計(jì)一個(gè)在保證移動(dòng)終端用戶體驗(yàn)的情況下,滿足現(xiàn)有安全需求的,針對(duì)移動(dòng)終端用戶信息保護(hù)的安全方案。本文重點(diǎn)介紹了終端用戶在安全平臺(tái)側(cè)的鑒權(quán)邏輯,并在此基礎(chǔ)上實(shí)現(xiàn)了終端用戶信息保護(hù)系統(tǒng)。 本文分析總結(jié)了在目前移動(dòng)互聯(lián)網(wǎng)環(huán)境下,終端用戶在和應(yīng)用平臺(tái)交互過(guò)程中所面臨的安全風(fēng)險(xiǎn),并結(jié)合具體實(shí)例總結(jié)了現(xiàn)有終端用戶保護(hù)機(jī)制的不足。基于這些安全風(fēng)險(xiǎn)和當(dāng)前機(jī)制的不足,本文主體部分介紹了筆者所設(shè)計(jì)的終端用戶信息保護(hù)系統(tǒng)。首先,介紹了本系統(tǒng)所使用的終端用戶身份認(rèn)證機(jī)制,該機(jī)制基于傳統(tǒng)的認(rèn)證框架,并根據(jù)移動(dòng)通信的特點(diǎn)加入了容錯(cuò)機(jī)制,同時(shí)采取了響應(yīng)的安全加固,兼顧了一定的安全性和實(shí)用性。接著,從系統(tǒng)整體框架、系統(tǒng)層次、系統(tǒng)中各部分通信協(xié)議三個(gè)角度描述了整個(gè)系統(tǒng)的架構(gòu)。整個(gè)系統(tǒng)分為終端側(cè)、安全平臺(tái)和業(yè)務(wù)平臺(tái)三個(gè)部分,詳細(xì)介紹了其核心部分安全平臺(tái)的功能,并介紹了實(shí)現(xiàn)這些功能的相關(guān)組件。接著,詳細(xì)介紹了終端用戶與安全平臺(tái)交互過(guò)程中的鑒權(quán)流程,主要分為三個(gè)階段:用戶注冊(cè)、用戶訂購(gòu)、能力調(diào)用,并介紹了相關(guān)的安全參數(shù)的設(shè)計(jì)、相關(guān)的鑒權(quán)技術(shù)及安全算法。同時(shí),本文對(duì)該系統(tǒng)做了相應(yīng)的功能測(cè)試和性能測(cè)試。 最后,本文總結(jié)了本論文完成的主要工作并提出了需要進(jìn)一步研究的問(wèn)題。經(jīng)總結(jié),可以看到本文所設(shè)計(jì)并實(shí)現(xiàn)的終端用戶信息保護(hù)系統(tǒng)能夠滿足當(dāng)前用戶的需求,但隨著終端用戶的持續(xù)增長(zhǎng),該系統(tǒng)進(jìn)一步提升的空間還很大。
[Abstract]:With the rapid development of mobile communication technology, mobile Internet is facing many threats and attacks against traditional Internet. At the same time, operators, third-party platforms and other business platforms are providing more and more mobile terminal services, and the number of users is growing rapidly. In addition, the mobile Internet itself has a complex network situation. People pay more and more attention to the security of mobile Internet. As an important part of the security of mobile Internet, the information security of end users is also facing a huge challenge. Therefore, the design of a mobile terminal user information protection system is not only very important for mobile terminal user information security, but also can provide a certain degree of support for mobile Internet security. The system can effectively authenticate the identity of the user, the operation of the user or the mobile terminal application that initiates the service request at the lowest possible cost. The purpose of this paper is to design a security scheme for the information protection of mobile terminal users under the condition of guaranteeing the mobile terminal user experience and satisfying the existing security requirements. This paper mainly introduces the authentication logic of the end user on the side of the security platform, and realizes the information protection system of the end user on this basis. This paper analyzes and summarizes the security risks faced by end-users in the process of interacting with the application platform under the current mobile Internet environment, and summarizes the shortcomings of the existing end-user protection mechanism combined with concrete examples. Based on these security risks and the shortcomings of the current mechanism, the main part of this paper introduces the end-user information protection system designed by the author. Firstly, this paper introduces the end-user authentication mechanism used in this system, which is based on the traditional authentication framework, and adds fault-tolerant mechanism according to the characteristics of mobile communication, and adopts the security reinforcement of response. It takes into account the safety and practicability. Then, the architecture of the whole system is described from three angles: the whole system framework, the system level, and the communication protocols in each part of the system. The whole system is divided into three parts: terminal side, security platform and business platform. The functions of its core security platform are introduced in detail, and the related components to realize these functions are introduced. Then, the authentication process of the interaction between the end user and the security platform is introduced in detail, which is divided into three stages: user registration, user order, ability call, and the design of related security parameters. Related authentication techniques and security algorithms. At the same time, this paper has done the corresponding function test and the performance test to this system. Finally, this paper summarizes the main work accomplished in this paper and points out the problems that need further study. In conclusion, we can see that the end-user information protection system designed and implemented in this paper can meet the needs of current users, but with the continuous growth of end-users, there is still a lot of room for further improvement of the system.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
[Abstract]:With the rapid development of mobile communication technology, mobile Internet is facing many threats and attacks against traditional Internet. At the same time, operators, third-party platforms and other business platforms are providing more and more mobile terminal services, and the number of users is growing rapidly. In addition, the mobile Internet itself has a complex network situation. People pay more and more attention to the security of mobile Internet. As an important part of the security of mobile Internet, the information security of end users is also facing a huge challenge. Therefore, the design of a mobile terminal user information protection system is not only very important for mobile terminal user information security, but also can provide a certain degree of support for mobile Internet security. The system can effectively authenticate the identity of the user, the operation of the user or the mobile terminal application that initiates the service request at the lowest possible cost. The purpose of this paper is to design a security scheme for the information protection of mobile terminal users under the condition of guaranteeing the mobile terminal user experience and satisfying the existing security requirements. This paper mainly introduces the authentication logic of the end user on the side of the security platform, and realizes the information protection system of the end user on this basis. This paper analyzes and summarizes the security risks faced by end-users in the process of interacting with the application platform under the current mobile Internet environment, and summarizes the shortcomings of the existing end-user protection mechanism combined with concrete examples. Based on these security risks and the shortcomings of the current mechanism, the main part of this paper introduces the end-user information protection system designed by the author. Firstly, this paper introduces the end-user authentication mechanism used in this system, which is based on the traditional authentication framework, and adds fault-tolerant mechanism according to the characteristics of mobile communication, and adopts the security reinforcement of response. It takes into account the safety and practicability. Then, the architecture of the whole system is described from three angles: the whole system framework, the system level, and the communication protocols in each part of the system. The whole system is divided into three parts: terminal side, security platform and business platform. The functions of its core security platform are introduced in detail, and the related components to realize these functions are introduced. Then, the authentication process of the interaction between the end user and the security platform is introduced in detail, which is divided into three stages: user registration, user order, ability call, and the design of related security parameters. Related authentication techniques and security algorithms. At the same time, this paper has done the corresponding function test and the performance test to this system. Finally, this paper summarizes the main work accomplished in this paper and points out the problems that need further study. In conclusion, we can see that the end-user information protection system designed and implemented in this paper can meet the needs of current users, but with the continuous growth of end-users, there is still a lot of room for further improvement of the system.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 黃志偉;付航;;解析移動(dòng)通信安全機(jī)制,構(gòu)建下一代可信網(wǎng)絡(luò)[J];電信工程技術(shù)與標(biāo)準(zhǔn)化;2009年07期
2 唐韶華;Lamport一次性口令認(rèn)證方案的改進(jìn)(英文)[J];華南理工大學(xué)學(xué)報(bào)(自然科學(xué)版);2001年08期
3 李魯群,李明祿;面向Java手機(jī)Web Service技術(shù)應(yīng)用集成研究[J];計(jì)算機(jī)工程;2005年03期
4 羅作民;朱燕;程明;;Web服務(wù)測(cè)試工具SOAPUI及其分析[J];計(jì)算機(jī)應(yīng)用與軟件;2010年05期
5 袁丁,范平志;一個(gè)安全的動(dòng)態(tài)口令鑒別方案(英文)[J];四川大學(xué)學(xué)報(bào)(自然科學(xué)版);2002年02期
6 王濱;劉剛;;動(dòng)態(tài)口令認(rèn)證方案的研究與改進(jìn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年12期
7 熊光彩;慕_晨,
本文編號(hào):2347389
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2347389.html
最近更新
教材專著