论文信息 - Smart-Phone Attacks and Defenses

Smart-Phone Attacks and Defenses

Internet has been permeating into every corner of the world and every aspect of our lives, empowering us with anywhere, anytime remote access and control over information, personal communications (e.g., through smart-phones), and our environment (e.g., through the use of sensors, actuators, and RFIDs). While enabling interoperation with the Internet brings tremendous opportunities in service creation and information access, the security threat of the Internet also dauntingly extends its reach. In this paper, we wish to alarm the community that the long-realized risk of interoperation with the Internet is becoming a reality: Smart-phones, interoperable between the telecom networks and the Internet, are dangerous conduits for Internet security threats to reach the telecom infrastructure. The damage caused by subverted smart-phones could range from privacy violation and identity theft to emergency call center DDoS attacks and national crises. We also describe defense solution space including smart-phone hardening approaches, Internet-side defense, telecom-side defense, and coordination mechanisms that may be needed between the Internet and telecom networks. Much of this space is yet to be explored.

Helen J. Wang | Wenwu Zhu | Chuanxiong Guo

[1] M. Rahnema,et al. Overview of the GSM system and protocol architecture , 1993, IEEE Communications Magazine.

[2] David J. Goodman,et al. General packet radio service in GSM , 1997, IEEE Commun. Mag..

[3] Vern Paxson,et al. Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[4] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[5] Guillaume Peersman,et al. The Global System for Mobile Communications Short Message Service , 2000, IEEE Personal Communications.

[6] L. Bos,et al. Toward an all-IP-based UMTS system architecture , 2001, IEEE Netw..

[7] Harri Honkasalo,et al. WCDMA and WLAN for 3G and beyond , 2002, IEEE Wirel. Commun..

[8] S.J. Vaughan-Nichols,et al. OSs Battle in the Smart-Phone Market , 2003, Computer.

[9] Guofei Gu,et al. HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[10] Helen J. Wang,et al. Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM 2004.

[11] J. Crowcroft,et al. Honeycomb: creating intrusion detection signatures using honeypots , 2004, Comput. Commun. Rev..

[12] Butler W. Lampson,et al. 31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[13] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.