Upload
trandieu
View
224
Download
4
Embed Size (px)
Citation preview
1
2
3
4
5
1
http://tw.news.yahoo.com/article/url/d/a/110914/5/2yp2c.html
4
5
http://www.mobileindustryreview.com/2011/06/idcs-smartphone-forecast-55-increase-this-year-reckons-1-billion-will-ship-by-2015.html
2011 2015 Android 38.9% 43.8%BlackBerry OS 14.2% 13.4%Symbian 20.6% 0.1%iOS 18.2% 16.9%Windows Mobile 3.8% 20.3%Others 4.3% 5.5%
6
Android
2007/11 Google (Open Handset Alliance, OHA) Android
Linux
C/C++
Google Dalvik ( Oracle JVM )
Java
IDE Eclipse
7
Linux Kernel
LibrariesRuntime
Application Framework
Applications
iOS
iPhone OS20106iOS
iPhoneiPod touchiPad
Mac OS X
Objective-C
IDE X-code
8
Cocoa Touch
Media
Core Services
Core OS
Windows Phone
Pocket PC Windows Mobile Windows Phone
Mango
Silverlight XNA
IDE Visual Studio
9
vs.
HTML 5
iPhone/ iPad AndroidCanvas (Canvas Text API )
CSS3 Web Storage Web SQL Database Geolocation API
HTML5 iPhone, iPad, Android
10
2
(Physical Security) (Secure Data Storage) (Strong Authentication with Poor
Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)
Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )
12
13
(Physical Security) (Secure Data Storage) (Strong Authentication with Poor
Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)
Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )
14
VPN
Internet
Intranet
VPN
15
(Physical Security) (Secure Data Storage) (Strong Authentication with Poor
Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)
Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )
16
NIST SP 800-63
NIST SP 800-63
1
2
3 (Two-Factor)
(What you know?) (What you have?) (Who you are?)
4 (Token)
17
(Physical Security) (Secure Data Storage) (Strong Authentication with Poor
Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)
Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )
18
19
3
/
21
22
1.
2.
3.
4. Token
5. Token
6. Token
7. Token
23
Two Factor
1.
2.
3.
4.
24
OTP
1.
2.
3.
4. OTP
OTP
25
1.
2.
3.
4.
26
Ex.
1.
2.
3.
4.
27
[ SD ]
PKI
JB root
28
USB Mini-USB Micro-USB USB
29
30
31
4
33
34
1. 2.
3.
OTP
35
36
1. ()
2.
/
3.
4. Token
5. Token
(1/2)
37
/
1.
2.
3. App
4.
5.
6.
App
(2/2)
38
1.
2.
3.
4.
5. TokenToken Token
6. Token
7. Token ( Token )
8.
/
Ex. OpenID OAuth
39
40
1. ID
2.
3.
4.
41
/
1.
2. Token4.
3.
5.
API
Google Facebook API
App
IPC
42
43
1. 2. Token
3.
4.
Oops
44
45
1. App
1.
2a. Token
2b. ID
3. App
4. Token App
5. App
6, Token
46
1.
2.
3. ID
4. TokenToken
5. ID, Token Token ()
6. Token
5
48
49