學術產出-Theses
Article View/Open
Publication Export
-
題名 即時通訊軟體安全性分析之研究
A Study on Security Analysis of Instant Messaging Applications作者 鄧妤庭
Deng, Yu-Ting貢獻者 左瑞麟
Tso, Ray-Lin
鄧妤庭
Deng, Yu-Ting關鍵詞 即時通訊軟體
網路封包分析
檔案分析
資料庫分析
Instant messaging applications
Network packet analysis
File analysis
Database analysis日期 2024 上傳時間 1-Feb-2024 13:00:08 (UTC+8) 摘要 近年來各式各樣的即時通訊軟體相繼崛起發展,使得人與人之間的互動更加便利。即時通訊軟體不僅為人們帶來更便捷的交流方式,也造成使用者對安全和隱私的擔憂越來越大。本篇論文將著重在台灣使用率較高的即時通訊軟體LINE、Messenger及由國內開發的即時通訊軟體SKI+進行通訊時之資訊安全議題進行分析及研究,透過網路封包分析、檔案分析及資料庫分析等3種分析方法,澈底瞭解在網路傳輸及行動裝置內部儲存空間中所能發現的資訊,以保證即時通訊軟體在傳輸訊息及在儲存上的安全性,提供使用者去判斷及評估即時通訊軟體的使用與否,以降低自身使用即時通訊軟體的風險。
In recent years, various instant messaging applications have successively emerged and developed, making interpersonal interactions more convenient. Instant messaging applications not only bring people a more convenient way to communicate but also raise concerns among users regarding security and privacy. This paper will focus on analyzing and researching information security issues during communication on three instant messaging applications: widely used in Taiwan—LINE, Messenger, and the domestically developed SKI+. Through three analysis methods—network packet analysis, file analysis, and database analysis—the study aims to thoroughly understand the information that can be discovered in network transmissions and the internal storage space of mobile devices. This analysis aims to ensure the security of message transmission and storage on instant messaging applications. By providing users with the means to assess and evaluate the usage of instant messaging applications, the paper aims to reduce the risks associated with using these applications.參考文獻 [1] 財團法人台灣網路資訊中心(TWNIC), "Table of Content - Internet基本概念", 2003, from http://dns-learning.twnic.net.tw/internet/intro6.html [2] Joseph A. Salowey, Sean Turner, Christopher A. Wood, "TLS 1.3", IETF., 10 August 2018. [3] WIRED, "Hacker Lexicon: What Is End-to-End Encryption? ", 2014, from https://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/ [4] Ryota INOUE, "Becoming a "Third Pole" from Japan: Expansion of LINE's Hyper-Localization Strategy in Asia", 2023, from https://www.z-holdings.co.jp/en/strategy/13/ [5] SimilarWeb, "全球最受歡迎的通訊應用程式", 2023, from https://www.similarweb.com/blog/zh-tw/research/market-research/worldwide-messaging-apps/ [6] LINE, "LINE的最低系統需求為何?", 2023, from https://help.line.me/line/android/pc?lang=zh-Hant&contentId=10002433 [7] LINE, "LINE Encryption Report", 2022, from https://linecorp.com/en/security/encryption/2022h1 [8] 財團法人台灣網路資訊中心(TWNIC), "2023年台灣網路報告", 2023年8月29日 [9] Messenger, "哪些作業系統版本支援Messenger應用程式?", 2023, from https://zh-tw.facebook.com/help/messenger-app/197039404112757 [10] 陳冠榮, "不顧FBI反對加密方式,Messenger個人訊息和通話終獲端對端加密", 2023, from https://infosecu.technews.tw/2023/12/10/launching-default-end-to-end-encryption-on-messenger/ [11] Messenger, "Messenger端對端加密功能的意義及運作方式", 2023, from https://zh-tw.facebook.com/help/messenger-app/786613221989782 [12] Matt Joras, Yang Chi, "How Facebook is bringing QUIC to billions", 21 October 2020, from https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook-is-bringing-quic-to-billions/ [13] Chromium Blog, "Experimenting with QUIC", 2013, from https://blog.chromium.org/2013/06/experimenting-with-quic.html [14] Catalin Cimpanu, "HTTP-over-QUIC to be renamed HTTP/3", 12 November 2018, from https://www.zdnet.com/article/http-over-quic-to-be-renamed-http3/ [15] IETF, RFC 9000, 2021. [16] 中央研究院資訊科技創新研究中心, "SKI+ APP操作手冊", 2018. [17] 中央研究院資訊科技創新研究中心, "SKI+即時通", 2021, from https://iptt.sinica.edu.tw/shares/905 [18] SANS Institute InfoSec Reading Room, "iPwn Apps:Pentesting iOS Applications", 2014. [19] 邱金燕, "社群通訊應用程式安全性分析之研究-以LINE即時通APP為例", 國防大學管理學院資訊管理學系碩士班碩士論文, 2017. [20] 陳詰昌, "LINE封包特徵分析預測使用者網路活動", Communications of the CCISA, Vol. 23, No. 3, July 2017 描述 碩士
國立政治大學
資訊科學系碩士在職專班
109971004資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109971004 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 鄧妤庭 zh_TW dc.contributor.author (Authors) Deng, Yu-Ting en_US dc.creator (作者) 鄧妤庭 zh_TW dc.creator (作者) Deng, Yu-Ting en_US dc.date (日期) 2024 en_US dc.date.accessioned 1-Feb-2024 13:00:08 (UTC+8) - dc.date.available 1-Feb-2024 13:00:08 (UTC+8) - dc.date.issued (上傳時間) 1-Feb-2024 13:00:08 (UTC+8) - dc.identifier (Other Identifiers) G0109971004 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/149682 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 109971004 zh_TW dc.description.abstract (摘要) 近年來各式各樣的即時通訊軟體相繼崛起發展,使得人與人之間的互動更加便利。即時通訊軟體不僅為人們帶來更便捷的交流方式,也造成使用者對安全和隱私的擔憂越來越大。本篇論文將著重在台灣使用率較高的即時通訊軟體LINE、Messenger及由國內開發的即時通訊軟體SKI+進行通訊時之資訊安全議題進行分析及研究,透過網路封包分析、檔案分析及資料庫分析等3種分析方法,澈底瞭解在網路傳輸及行動裝置內部儲存空間中所能發現的資訊,以保證即時通訊軟體在傳輸訊息及在儲存上的安全性,提供使用者去判斷及評估即時通訊軟體的使用與否,以降低自身使用即時通訊軟體的風險。 zh_TW dc.description.abstract (摘要) In recent years, various instant messaging applications have successively emerged and developed, making interpersonal interactions more convenient. Instant messaging applications not only bring people a more convenient way to communicate but also raise concerns among users regarding security and privacy. This paper will focus on analyzing and researching information security issues during communication on three instant messaging applications: widely used in Taiwan—LINE, Messenger, and the domestically developed SKI+. Through three analysis methods—network packet analysis, file analysis, and database analysis—the study aims to thoroughly understand the information that can be discovered in network transmissions and the internal storage space of mobile devices. This analysis aims to ensure the security of message transmission and storage on instant messaging applications. By providing users with the means to assess and evaluate the usage of instant messaging applications, the paper aims to reduce the risks associated with using these applications. en_US dc.description.tableofcontents 第一章 緒論 1 1.1 研究動機 1 1.2 研究方法及目標 2 第二章 背景知識 3 2.1 封包格式 3 2.2 安全通訊協定(Secure Socket Layer)/傳輸層安全協定(Transport Layer Security) 4 2.3 端對端加密(End-to-End Encryption,E2EE) 6 第三章 即時通訊軟體研究 7 3.1 LINE 7 3.2 Messenger 11 3.3 SKI+ 14 第四章 即時通訊軟體分析實作 22 4.1 網路封包分析 23 4.2 手機內部儲存空間檔案分析 41 4.3 手機內部儲存空間資料庫分析 45 4.4 即時通訊軟體分析結果 52 第五章 結論 59 參考文獻 60 zh_TW dc.format.extent 6848967 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109971004 en_US dc.subject (關鍵詞) 即時通訊軟體 zh_TW dc.subject (關鍵詞) 網路封包分析 zh_TW dc.subject (關鍵詞) 檔案分析 zh_TW dc.subject (關鍵詞) 資料庫分析 zh_TW dc.subject (關鍵詞) Instant messaging applications en_US dc.subject (關鍵詞) Network packet analysis en_US dc.subject (關鍵詞) File analysis en_US dc.subject (關鍵詞) Database analysis en_US dc.title (題名) 即時通訊軟體安全性分析之研究 zh_TW dc.title (題名) A Study on Security Analysis of Instant Messaging Applications en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] 財團法人台灣網路資訊中心(TWNIC), "Table of Content - Internet基本概念", 2003, from http://dns-learning.twnic.net.tw/internet/intro6.html [2] Joseph A. Salowey, Sean Turner, Christopher A. Wood, "TLS 1.3", IETF., 10 August 2018. [3] WIRED, "Hacker Lexicon: What Is End-to-End Encryption? ", 2014, from https://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/ [4] Ryota INOUE, "Becoming a "Third Pole" from Japan: Expansion of LINE's Hyper-Localization Strategy in Asia", 2023, from https://www.z-holdings.co.jp/en/strategy/13/ [5] SimilarWeb, "全球最受歡迎的通訊應用程式", 2023, from https://www.similarweb.com/blog/zh-tw/research/market-research/worldwide-messaging-apps/ [6] LINE, "LINE的最低系統需求為何?", 2023, from https://help.line.me/line/android/pc?lang=zh-Hant&contentId=10002433 [7] LINE, "LINE Encryption Report", 2022, from https://linecorp.com/en/security/encryption/2022h1 [8] 財團法人台灣網路資訊中心(TWNIC), "2023年台灣網路報告", 2023年8月29日 [9] Messenger, "哪些作業系統版本支援Messenger應用程式?", 2023, from https://zh-tw.facebook.com/help/messenger-app/197039404112757 [10] 陳冠榮, "不顧FBI反對加密方式,Messenger個人訊息和通話終獲端對端加密", 2023, from https://infosecu.technews.tw/2023/12/10/launching-default-end-to-end-encryption-on-messenger/ [11] Messenger, "Messenger端對端加密功能的意義及運作方式", 2023, from https://zh-tw.facebook.com/help/messenger-app/786613221989782 [12] Matt Joras, Yang Chi, "How Facebook is bringing QUIC to billions", 21 October 2020, from https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook-is-bringing-quic-to-billions/ [13] Chromium Blog, "Experimenting with QUIC", 2013, from https://blog.chromium.org/2013/06/experimenting-with-quic.html [14] Catalin Cimpanu, "HTTP-over-QUIC to be renamed HTTP/3", 12 November 2018, from https://www.zdnet.com/article/http-over-quic-to-be-renamed-http3/ [15] IETF, RFC 9000, 2021. [16] 中央研究院資訊科技創新研究中心, "SKI+ APP操作手冊", 2018. [17] 中央研究院資訊科技創新研究中心, "SKI+即時通", 2021, from https://iptt.sinica.edu.tw/shares/905 [18] SANS Institute InfoSec Reading Room, "iPwn Apps:Pentesting iOS Applications", 2014. [19] 邱金燕, "社群通訊應用程式安全性分析之研究-以LINE即時通APP為例", 國防大學管理學院資訊管理學系碩士班碩士論文, 2017. [20] 陳詰昌, "LINE封包特徵分析預測使用者網路活動", Communications of the CCISA, Vol. 23, No. 3, July 2017 zh_TW
