A Review of Mobile Security Technologies: Current Technologies, Loopholes, associated Risks and Countermeasures

Daniel W. K. Tse

mobile commerce ； electronic commerce ； wireless data communication ； security ； loophole ； risks ； countermeasures ； SETA

電腦稽核

28期（2013 / 07 / 13）

14 - 24

英文

由於行動科技在近數年間進步神速及日新月異，行動商貿的普及性已有驚人的進展。可惜的是無線通訊的本質是很容易被干擾及侵犯，從而明顯地惡化了行動商貿的保安問題。此學術論文對現存之行動保安技術作了一個很全面的批判思考，當中包括有可能的保安漏洞及相關風險問題。最後，此論文提供一些實用的對策去應付以上日益嚴重的保安問題。

Mobile commerce has been booming rapidly partly due to advancement and sophistication of mobile technologies in recent years. Because o f the highly vulnerability nature existing in wireless data communication, this further exacerbates the security problems inherited from electronic commerce. This paper gives a critical review of most common mobile security technologies with respect to possible loopholes and associated risks. Finally, some countermeasures are derived from the discussion of the above issues.

1. Deploying WPA and WPA 2 in the Enterprise. Wi-Fi Alliance White Paper, DOI= http://www.wi-fi.org/white_papers/whitepaper-022705-deployingwpawpa2enterprise
2. Gilbert David. 2012. How Secure is Your Smartphone? Google Android, iOS, BlackBerry and Microsoft Windows Phone Under Attack http://www.ibtimes.co.uk/articles/319581/20120326/safe-smartphone.htm
3. Wired Equivalent Privacy. Retrieved: DOI= http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
4. Cisco ITP MAP Gateway for Public WLAN SIM Authentication and Authorization. Cisco White Paper
5. Simon, D & Aboba, B & Hurst, R. The EAP-TLS Authentication Protocol. RFC 5216. DOI= http://datatracker.ietf.org/doc/rfc5216/
6. Haverinen, H Ed. & Salowey, J Ed. 2006, Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAPSIM). RFC 4186. DOI= http:// datatracker.ietf.org/doc/rfc 4186/
7. Palekar, Ashwin & Simon, Dan & Salowey, Joe & Zhou, Hao & Zorn, Glen & Josefsson, S. 2004. Protected EAP Protocol (PEAP) Version 2. INTERNET-DRAFT. DOI= http://tools.ietf.org/id/draft-josefsson-pppext-eap-tls-eap-10.txt
8. Hight, Stephanie D., 2005. The importance of security, education, training and awareness program. City of Raleigh, NC 27601..
9. Mitchell, Bradley. What is infrastructure mode in wireless networking?. DOI=http://compnetworking.about.com/cs/wireless/f/infrawireless.htm
10. Beck, Martin & Tews, Erik Tews. 2008, Practical attacks against WEP and WPA. DOI= http://dl.aircrack-ng. org/breakingwepandwpa.pdf
11. Synder, Joey. What is 802. 1X. 2010, Network World. DOI= http://www.networkworld.com/research/2002/0506whatisit.html
12. IEEE Std 802. 11i-2004. DOI= http://standards.ieee.org/reading/ieee/interp/802.11i-2004.html
13. The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard. IEEE 802. 11mb Issues List v 12. DOI= https://mentor.ieee.org/802.11/file/08/11-08-1127-12-000m-tgmb-issues-list.xls
14. Berghel, Hal,Uecker, Jacob(2005).WiFi Attack Vectors.Communications of the ACM - Spyware,48(8),21-28.
15. Dantu, Ram,Clothier, Gabriel,Atri, Anuj(2007).EAP methods for wireless networks.Computer Standards & Interfaces,29(3),289-301.
16. Piper, Fred,Walker, Michael(1998).Cryptographic solutions for voice telephony and GSM.Network Security,12,14-19.
17. Tseng, Yuh-Min(2009).USIM-based EAP-TLS authentication protocol for wireless local area networks.Computer Standards & Interfaces,31(1),128-136.
18. Whitman, Michael E.,Mattord, Herbert J.(2012).Principles of Information Security.Thomson Course Technology.

1. 許光睿(2018)。基於多層次高效監督下降預測演算法的強健多模板追蹤設計。淡江大學電機工程學系碩士班學位論文。2018。1-67。 
2. 楊旻錡(2016)。低介電常數芳香族高分子之合成與鑑定。國立臺灣大學化學工程學系學位論文。2016。1-108。