外文翻译计算机科学与技术.docx

外文翻译计算机科学与技术.docx

《外文翻译计算机科学与技术.docx》由会员分享，可在线阅读，更多相关《外文翻译计算机科学与技术.docx（23页珍藏版）》请在冰豆网上搜索。

外文翻译计算机科学与技术

毕业设计（论文）

外文文献翻译

专业

计算机科学与技术

学生姓名

班级

学号

指导教师

信息工程学院

MobileMalwareandSmartDeviceSecurity:

Trends,ChallengesandSolutions

AbdullahiAraboandBernardiPranggono

TheOxfordInternetInstitute（OII）,OxfordUniversity,Oxford,OX13JS,U.K.

SchoolofEngineeringandBuiltEnvironment,GlasgowCaledonianUniversity,Glasgow,G40BA,U.K.

Abstract—Thisworkispartoftheresearchtostudytrendsandchallengesofcybersecuritytosmartdevicesinsmarthomes.Wehaveseenthedevelopmentanddemandforseamlessinterconnectivityofsmartdevicestoprovidevariousfunctionalityandabilitiestousers.Whilethesedevicesprovidemorefeaturesandfunctionality,theyalsointroducenewrisksandthreats.Subsequently,currentcybersecurityissuesrelatedtosmartdevicesarediscussedandanalyzed.Thepaperbeginswithrelatedbackgroundandmotivation.Weidentifiedmobilemalwareasoneofthemainissueinthesmartdevices’security.Inthenearfuture,mobilesmartdeviceuserscanexpecttoseeastrikingincreaseinmalwareandnotableadvancementsinmalware-relatedattacks,particularlyontheAndroidplatformastheuserbasehasgrownexponentially.Wediscussandanalyzedmobilemalwareindetailsandidentifiedchallengesandfuturetrendsinthisarea.Thenweproposeanddiscussanintegratedsecuritysolutionforcybersecurityinsmartdevicestotackletheissue.

Index—Botnet,cybersecurity,mobilemalware,securityframework,smartdevicesecurity

I.INTRODUCTION

TheInternetisoneofthemostremarkabledevelopmentstohavehappenedtomankindinthelast100years.Thedevelopmentofubiquitouscomputingmakesthingsevenmoreinterestingasithasgivenusthepossibilitytoutilisedevicesandtechnologyinunusualways.Wehaveseenthedevelopmentanddemandforseamlessinterconnectivityofsmartdevicestoprovidevariousfunctionalitiesandabilitiestousers.Butwealsoknowthevulnerabilitiesthatexistwithinthisecosystem.However,thesevulnerabilitiesarenormallyconsideredforlargerinfrastructuresandlittleattentionhasbeenpaidtothecybersecuritythreatsfromtheusageandpowerofsmartdevicesasaresultoftheInternetofThings（IoT）technologies.IntheIoTvision,everyphysicalobjecthasavirtualcomponentthatcanproduceandconsumeservices.Smartspacesarebecominginterconnectedwithpowerfulsmartdevices（smartphones,tablets,etc.）.Ontheotherhand,wealsohavethebackbone,thepowergridthatpowersournations.Thesetwophenomenaarecomingatthesametime.Theincreasedusageofsmartmetersinourhomesorbusinessesprovidesanavenueofconnectivityaswellaspowerfulhomeservicesorinterconnectedpowerfulsmartdevices.Theexampleofthesmartgridalsoprovidesthemeansofcontrollingandmonitoringsmartgridinfrastructuresviatheuseofportablesmartdevices.

Thevulnerabilityoftheconnectedhomeanddevelopmentswithintheenergyindustry’snewwirelesssmartgridareexposedtothewrongpeople;itwillinevitablyleadtolightsoutforeveryone.ThiswilleventuallyuncoverthemultitudeofinterconnectedsmartdevicesintheIoTasahotbedforcyber-attacksorrobotnetworks（botnets）andasecuritynightmareforsmartspaceusersandpossiblyfornationalinfrastructuresasawhole.

Thelatestresearchhasreportedthatonaveragepeopleownthreeinternet-connectedsmartdevicessuchassmartphonesandtablets.Therefore,asaresultoftheubiquityofsmartdevices,andtheirevolutionascomputingplatforms,aswellasthepowerfulprocessorsembeddedinsmartdevices,hasmadethemsuitableobjectsforinclusioninabotnet.Botnetsofmobiledevices（alsoknownasmobilebotnets）areagroupofcompromisedsmartdevicesthatareremotelycontrolledbybot-mastersviacommand-and-control（C&C）channels.MobilebotnetshavedifferentcharacteristicsinseveralaspectsascomparedtoPC-basedbotnets,suchastheirC&Cchannelsmedium.

PC-basedbotnetsareseenasthemostcommonplatformsforsecurityattacks,andmobilebotnetsareseenaslessofathreatincomparisontotheircounterparts.Thisissofordifferentreasons,suchaslimitedbatterypower,resourceissues,andInternetaccessconstraints,etc.Therefore,theeffortsdirectedtoboththemanifestationofoperatingmobilebotnetsandcorrespondingresearchanddevelopmentendeavoursarenotaswideasforPC-basedbotnets.However,thisdevelopmentcouldchangewiththerecentsurgeinpopularityanduseofsmartdevices.Smartdevicesarenowwidelyusedbybillionsofusersduetotheirenhancedcomputingability,practicalityandefficientInternetaccess,thankstoadvancementinsolid-statetechnologies.

Moreover,smartdevicestypicallycontainalargeamountofsensitivepersonalandcorporatedataandareoftenusedinonlinepaymentsandothersensitivetransactions.Thewidespreaduseofopen-sourcesmartdeviceplatformssuchasAndroidandthird-partyapplicationsmadeavailabletothepublicalsoprovidesmoreopportunitiesandattractionsformalwarecreators.Therefore,fornowandthenearfuturesmartdeviceswillbecomeoneofthemostlucrativetargetsforcybercriminals.

Themainfocusofthispaperisthreefold:

firstlytohighlightthepossiblethreatsandvulnerabilityofsmartdevices,secondlytoanalysethechallengesinvolvedindetectingmobilemalwareinsmartdevicesandfinallytoproposeageneralsecuritysolutionthatwillfacilitatesolvingoraddressingsuchthreats.Therestofthepaperisorganizedasfollows.InsectionIIweprovideadetailedanalysisofthesecuritythreatsonsmartdevicesandtheirlinkswithcybersecurity.WehaveidentifiedmobilemalwareasoneofthemainissuesandwediscussitinmoredetailinSectionIII.SectionIVprovidesourproposedsecuritysolutionthatwillbeabletodetertheproblemsofmobilemalware.ThepaperisconcludedinsectionV.

II.SECURITYTHREATSONSMARTDEVICES

TheweakestlinkinanyITsecuritychainistheuser.Thehumanfactoristhemostchallengingaspectofmobiledevicesecurity.Homeusersgenerallyassumethateverythingwillworkjustasitshould,relyingonadevice’sdefaultsettingswithoutreferringtocomplextechnicalmanuals.Thereforeservicecontentprovidersandhardwarevendorsneedtobeawareoftheirresponsibilitiesinmaintainingnetworksecurityandcontentmanagementonthedevicestheyprovide.Serviceprovidersmightalsohavetheopportunitytoprovideadd-onsecurityservicestocomplementtheweaknessesofthedevices.

Theissueofcybersecurityismuchclosertothehomeenvironmentthanhasbeenusuallyunderstood;hence,theproblemofcybersecurityextendsbeyondcomputersitisalsoathreattoportabledevices.Manyelectronicdevicesusedathomearepracticallyaspowerfulasacomputer-frommobilephones,videoconsoles,gameconsolesandcarnavigationsystems.Whilethesedevicesareportable,providemorefeaturesandfunctionality,theyalsointroducenewrisks.

Thesedevicespreviouslyconsideredassecurecanbeaneasytargetforassailants.Theinformationstoredandmanagedwithinsuchdevicesandhomenetworksformspartofanindividual’sCriticalInformationInfrastructure（CII）[2]asidentifiedbythePOSTnoteoncybersecurityintheUK.Forexample,anattackermaybeabletocompromiseasmartdevicewithavirus,toaccessthedataonthedevice.Notonlydotheseactivitieshaveimplicationsforpersonalinformation,buttheycouldalsohaveseriousconsequencesifcorporateinformationwerealsostoredonthesmartdevice.

Theuseofmobiledevicesinhealthcareisalsomorecommonthesedays,suchasinmobile-health.Atypicalexampleishavingahealthdeviceconnectedtothehomenetwork,whichiscapableoftransmittingdatawirelesslytohospitalsandotherrelevantparties.Mostofthemanufacturersofthesedevicesdonotputmucheffortintryingtomakesurethatthedevicesaresecure.Ifthesedevicesarecompromisednotonlywilltheinformationandprivacyoftheuserofthedevicebecompromised,buttheattackercanevenchangethesettingsofthedevices,whichcouldleadtoharmfulconsequences.Ithasbeenshownthatitispossibletohackintoapacemakerandreadthedetailsofdatastoredinthedevicesuchasnamesandmedicaldatawithouthavingdirectaccesstothedevicessimplybystandingnearby[3].

Therefore,itisalsopossibletoreconfiguretheparametersofthedevice.Thisisnotonlyapplicabletomedicaldevices,butalsotoanydevicesthatareusedwithinthehomenetworkforanypurpose.

AccordingtotheJuniperNetworksreport[4],76percentofmobileusersdependontheirmobiledevicestoaccesstheirmostsensitivepersonalinformation,suchasonlinebankingorpersonalmedicalinformation.Thistrendisevenmorenoticeablewiththosewhoalsousetheirpersonalmobiledevicesforbusinesspurposes.Nearlynineinten（89percent）businessusersreportthattheyusetheirmobiledevicetoaccesssensitivework-relatedinformation.

Anothermoreworryingimpactiswhencybercriminalsusethevastresourcesofthenetworktoturnitintoabotnetandlaunchacyber-attackonnationalcriticalinfrastructures.TherearesomeAndroidapplicationsthatwhendownloadedfromathirdpartymarket（nottheAndroidmarket）arecapableofaccessingtherootfunctionalityofdevices（“rooted”）andturningthemintobotnetsoldierswithouttheuser’sexplicitconsent.

Peoplecouldeasilyandunwittinglydownloadmalwaretotheirsmartdevicesorfallpreyto“man-in-the-middle”attackswherecyber-criminalsposeasalegitimatebody,interceptandharvestsensitiveinformationformalicioususe.In2011,therewasamixofAndroidapplicationsremovedfromtheAndroid