請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16859
標題: | 行動裝置上的螢幕鏡像串流之研究:針對 AirPlay Mirroring 的中間人攻擊 Display Security for Mobile Mirroring: Keyboard Logging Attack by Visual Feedback |
作者: | Meng-Han Lee 李孟翰 |
指導教授: | 陳彥仰 |
關鍵字: | 行動裝置,鏡像,串流,中間人攻擊, mobile,security,mirroring,airplay,man in the middle attack, |
出版年 : | 2014 |
學位: | 碩士 |
摘要: | 螢幕共享 (Screen Sharing) 在 PC 上已經發展很久的技術,在 PC 上 有許多螢幕共享的軟體,例如:VNC 、Windows Remote Desktop 等。在 行動裝置上,也有越來越多的設備支援螢幕鏡像輸出 (Screen Mirroring) ,例如:iOS 及 Apple TV 支援 AirPlay Mirroring 、Android 手機上支援 Miracast ,以及 Chromecast 也即將支援和 Android 的螢幕鏡像輸出。我 們發現在手機的鏡像輸出串流中,因為行動裝置的視覺回饋,可能 會導致新的攻擊手法,例如:按下螢幕上的虛擬鍵盤,所按的鍵會 放大,以增進使用者體驗,但是若此時攻擊者能攔截到鏡像串流的 畫面資料,那麼使用者的輸入資料將會完全外洩,即使是在輸入密 碼時也一樣。我們針對 AirPlay Mirroring ,實作了一套的中間人攻擊 (Man-in-the-middle Attack) 程式,能自動化的截取出 iOS 設備鏡像串流 中所輸入的密碼,證明確實存在此安全問題。最後,針對此攻擊,我 們也提出了幾個包括系統層面,或是安全協定層面的解決方法。 The idea of sharing contents throughout different screens had been widely applied on personal computers for many years, such as the VNC, Remote Desktop and other related applications. While on mobile devices, the sim- ilar technique (a.k.a Screen Mirroring) had become more and more popular through these years. For instance, Apple had developed AirPlay Mirroring technique to stream contents from iOS devices to Apple TVs; Google also de- veloped corresponding technique to share screen contents between Android devices and Chromecasts. Based on the observation of how users interact with such technique on real devices, we discovered a new attacking approach base on the fact that the visual feedbacks (e.g. the selected key will be highlighted when typing with virtual keyboard) on mobile devices are not well protected during the streaming process. To prove our concept, we implemented a sys- tem using man-in-the-middle attack approach to steal the secret codes when users enter them on their own devices while streaming contents to the remote screen. Finally, we provided some possible solutions to prevent the proposed attacking approach. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16859 |
全文授權: | 未授權 |
顯示於系所單位: | 資訊工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-103-1.pdf 目前未授權公開取用 | 8.19 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。