行動裝置上的螢幕鏡像串流之研究:針對 AirPlay Mirroring 的中間人攻擊

Meng-Han Lee; 李孟翰

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16859

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳彥仰
dc.contributor.author	Meng-Han Lee	en
dc.contributor.author	李孟翰	zh_TW
dc.date.accessioned	2021-06-07T23:48:08Z	-
dc.date.copyright	2014-03-21
dc.date.issued	2014
dc.date.submitted	2014-03-12
dc.identifier.citation	[1] AirParrot. http://www.airsquirrels.com/airparrot/. [2] AirServer. http://www.airserver.com. [3] Android Market Share. http://en.wikipedia.org/wiki/Android_(operating_ system)#Market_share. [4] Android Permission. http://developer.android.com/reference/android/ Manifest.permission.html#CAPTURE_VIDEO_OUTPUT. [5] Google 2-Step Verification. http://www.google.com/landing/2step/. [6] iPhone Market Share. http://en.wikipedia.org/wiki/IPhone#Sales_and_ profits. [7] Microsoft Terminal Services vulnerable to MITM-attacks. http://www. securityfocus.com/archive/1/317244. [8] Reflector. http://www.airsquirrels.com/reflector/. [9] Unofficial AirPlay Protocol Specification. http://nto.github.io/AirPlay.html. [10] F. Aloul, S. Zahidi, and W. El-Hajj. Two factor authentication using mobile phones. In Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS Interna- tional Conference on, pages 641–644, May 2009. [11] M. Alzomai, B. Alfayyadh, and A. Josang. Display security for online transactions: Sms-based authentication scheme. In Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, pages 1–7, Nov 2010. 19 [12] I. Arce. Weak authentication in ATT VNC allows man-in-the-middle attack, 2001. [13] T.Egawa,N.Nishimura,andK.Kourai.Dependableandsecureremotemanagement in iaas clouds. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, pages 411–418, Dec 2012. [14] P. Kerai. Remote access forensics for vnc and rdp on windows platform. 2010. [15] P. Kerai. Tracing vnc and rdp protocol artefacts on windows mobile and windows smartphone for forensic purpose. 2010. [16] C. Longzheng, Y. Shengsheng, and Z. Jing-li. Research and implementation of re- mote desktop protocol service over ssl vpn. In Proceedings of the 2004 IEEE Inter- national Conference on Services Computing, SCC ’04, pages 502–505, Washington, DC, USA, 2004. IEEE Computer Society. [17] M. Montoro. Remote Desktop Protocol, the Good the Bad and the Ugly. 2005. http://www.oxid.it/downloads/rdp-gbu.pdf. [18] A. Varshavsky, A. Scannell, A. LaMarca, and E. Lara. Amigo: Proximity-based authentication of mobile devices. In J. Krumm, G. Abowd, A. Seneviratne, and T. Strang, editors, UbiComp 2007: Ubiquitous Computing, volume 4717 of Lecture Notes in Computer Science, pages 253–270. Springer Berlin Heidelberg, 2007.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16859	-
dc.description.abstract	螢幕共享 (Screen Sharing) 在 PC 上已經發展很久的技術,在 PC 上有許多螢幕共享的軟體,例如:VNC 、Windows Remote Desktop 等。在行動裝置上,也有越來越多的設備支援螢幕鏡像輸出 (Screen Mirroring) ,例如:iOS 及 Apple TV 支援 AirPlay Mirroring 、Android 手機上支援 Miracast ,以及 Chromecast 也即將支援和 Android 的螢幕鏡像輸出。我們發現在手機的鏡像輸出串流中,因為行動裝置的視覺回饋,可能會導致新的攻擊手法,例如:按下螢幕上的虛擬鍵盤,所按的鍵會放大,以增進使用者體驗,但是若此時攻擊者能攔截到鏡像串流的畫面資料,那麼使用者的輸入資料將會完全外洩,即使是在輸入密碼時也一樣。我們針對 AirPlay Mirroring ,實作了一套的中間人攻擊 (Man-in-the-middle Attack) 程式,能自動化的截取出 iOS 設備鏡像串流中所輸入的密碼,證明確實存在此安全問題。最後,針對此攻擊,我們也提出了幾個包括系統層面,或是安全協定層面的解決方法。	zh_TW
dc.description.abstract	The idea of sharing contents throughout different screens had been widely applied on personal computers for many years, such as the VNC, Remote Desktop and other related applications. While on mobile devices, the sim- ilar technique (a.k.a Screen Mirroring) had become more and more popular through these years. For instance, Apple had developed AirPlay Mirroring technique to stream contents from iOS devices to Apple TVs; Google also de- veloped corresponding technique to share screen contents between Android devices and Chromecasts. Based on the observation of how users interact with such technique on real devices, we discovered a new attacking approach base on the fact that the visual feedbacks (e.g. the selected key will be highlighted when typing with virtual keyboard) on mobile devices are not well protected during the streaming process. To prove our concept, we implemented a sys- tem using man-in-the-middle attack approach to steal the secret codes when users enter them on their own devices while streaming contents to the remote screen. Finally, we provided some possible solutions to prevent the proposed attacking approach.	en
dc.description.provenance	Made available in DSpace on 2021-06-07T23:48:08Z (GMT). No. of bitstreams: 1 ntu-103-R00922006-1.pdf: 8391391 bytes, checksum: dcad8719946195f340daa1609478930b (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	誌謝 iii 摘要 iv Abstract v 1 Introduction 1 2 Related Work 5 3 Background 7 3.1 ProtocolandSoftware............................ 7 3.2 AirPlayProtocol .............................. 8 3.3 Bonjour................................... 10 4 MITM Implementation 12 4.1 MITMAttack................................ 12 4.2 AttackDetail ................................ 12 4.3 ComputerVisionandOCR......................... 13 4.4 EnvironmentSetup ............................. 14 5 Solutions 15 5.1 SanitizeMirroringStream ......................... 15 5.2 PhysicalAccess............................... 16 6 Future Work 17 7 Conclusion 18 Bibliography 19
dc.language.iso	en
dc.subject	行動裝置	zh_TW
dc.subject	鏡像	zh_TW
dc.subject	中間人攻擊	zh_TW
dc.subject	串流	zh_TW
dc.subject	security	en
dc.subject	man in the middle attack	en
dc.subject	airplay	en
dc.subject	mirroring	en
dc.subject	mobile	en
dc.title	行動裝置上的螢幕鏡像串流之研究:針對 AirPlay Mirroring 的中間人攻擊	zh_TW
dc.title	Display Security for Mobile Mirroring: Keyboard Logging Attack by Visual Feedback	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	黃彥男,陳昇瑋,吳宗成
dc.subject.keyword	行動裝置,鏡像,串流,中間人攻擊,	zh_TW
dc.subject.keyword	mobile,security,mirroring,airplay,man in the middle attack,	en
dc.relation.page	20
dc.rights.note	未授權
dc.date.accepted	2014-03-12
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	8.19 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。