- PDF 무료 다운로드

- i -

- ii -

2 3 3 13 4 69 - iii -

- iv -

< 3-1> ios 51 < 3-2> 71 < 3-3> 7 91 < 3-4> 02 < 3-5> 2 < 3-6> 42 < 3-7> 03 < 3-8> 23 < 3-9> 74 < 3-10> 94 < 3-11> WEP 3 5 < 3-12> 55 < 3-13> 65 < 3-14> 75 < 3-15> 06 < 3-16> 66 < 4-1> 37 < 4-2> 57 < 4-3> 97 < 4-4> 08 < 4-5> RFID 3 8 < 4-6> 68 < 4-7> SNS 88 < 4-8> 98 - v -

< 4-9> DRM DRM 1 9 < 4-10> DRM 5 9 < 4-11> - 102 < 4-12> - 103 < 4-13> AP 105 < 4-14> 108 < 4-15> TTA 109 < 4-16> 110 < 4-17> / 14 < 4-18> 115 < 4-19> 117 < 5-1> 123 < 5-2> 124 < 5-3> 132 < 5-4> 13 < 5-5> 135 < 5-6> 136 < 5-7> 140 < 5-8> 141 - vi -

[ 2-1] 4 [ 2-2] ( ) 5 [ 2-3] 6 [ 2-4] 7 [ 2-5] 7 [ 2-6] ( ) 8 [ 2-7] ( ) 9 [ 2-8] ( ) 9 [ 2-9] 10 [ 2-10] 10 [ 3-1] 14 [ 3-2] ios 61 [ 3-3] ios 61 [ 3-4] 17 [ 3-5] 18 [ 3-6] 7 19 [ 3-7] 7 19 [ 3-8] OS, 21 [ 3-9] 21 [ 3-10] 2 [ 3-11] 2 [ 3-12] 25 [ 3-13] 26 [ 3-14] VMC 72 [ 3-15] 28 [ 3-16] 29 - vii -

[ 3-17] 29 [ 3-18] 34 [ 3-19] 35 [ 3-20] 36 [ 3-21] 37 [ 3-22] 38 [ 3-23] 40 [ 3-24] 2011 14 [ 3-25] 美 Air Tight Network, 27 AP 3 4 [ 3-26] URL 44 [ 3-27] iphone Cydia 5 4 [ 3-28] 46 [ 3-29] 48 [ 3-30] Netstumbler 0 5 [ 3-31] Probe Request 15 [ 3-32] AP 25 [ 3-33] 59 [ 3-34] TTA 5 6 [ 4-1] 2011 07 [ 4-2] 71 [ 4-3] 71 [ 4-4] 72 [ 4-5] 3G+LTE vs 5 7 [ 4-6] 7 [ 4-7] 85 [ 4-8] 90 [ 4-9] 92 [ 4-10] 93 [ 4-11] 94 - viii -

[ 4-12] Open-Market 6 9 [ 4-13] 98 [ 4-14] 1 [ 4-15] IT Compliance Risk 31 1 [ 4-16] IT Compliance Risk 31 1 [ 4-17] 16 [ 5-1] 121 [ 5-2] 12 [ 5-3] TPM 127 [ 5-4] TPM 127 [ 5-5] TPM 128 [ 5-6] TPM 129 [ 5-7] TPM 130 [ 5-8] 131 [ 5-9] 134 [ 5-10] 139 [ 5-11] 143 [ 5-12] 145 - ix -

- x -

.,,.,..,, IT.. m m, -, m -, ( PC) m - xi -

-,,, - - - m 2011 7 1,600 2011 2000, 2013 3 2015 4. 2010 18 2015 1000. 2015 10 3, 2011 2.1, 2015 2 6, 2011 4.2. m,. LBS, AR, SNS, RFID NFC M2M.,,,,,. 2010 12 ' ' - xii -

2015,,,,,. m,,,,,,,...,,,..,,., SNS..,. - xiii -

. URL URL.,.,.,.,. Wi-Fi AP,,... - xiv -

Study on Security for New Mobile Devices The recent widespread use of smartphone has enabled advanced life style based on mobile devices. In the future, the demand for mobile services providing mobility, openness, and diversity continuously will increases. As new mobile devices diversifies, however, new mobile security threats are emerging. This leads an increasing demand on emerging mobile security technologies, solutions, and policies for use of secure mobile devices. In this study, therefore, we analyze the new mobile security threats can occur in new mobile devices and suggest strategies to establish the countermeasures to mitigate new security threats. This will help to strengthen Korea s international competitive power as a powerful country of the IT industry. The detailed contents of this project are as follows: m State of the art and future trends in new mobile devices m Usage, threat trends, and policy of new mobile devices m Major security issues in new mobile devices m Security countermeasures for securing mobile devices in corporate environments. - xv -

In this study, we introduce the current state of the art and future trends in new mobile devices. Especially, we focus on new security threats and security policies in new mobile devices. By analyzing the new security threats, we provide security countermeasures and policy suggestions for securing mobile devices in corporate environments. The result of this study can be applied to the following. m Information security guideline needs to be developed and deployed for secure mobile office and smart work system m Mobile SNS security needs to be strengthened m Mobile cloud security system needs to be strengthened m As wireless network traffic in new mobile devices increases wireless network security needs to be strengthened. By analyzing new and emerging security threats and security policies in new mobile devices, this study will help guide to identify new security issues and establish mobile security policy and security countermeasures for new mobile devices. Finally, this study will help provide secure internet environment to users and establish national information security policy in the medium and long term. - xvi -

Introduce the state of the art and future trends in new mobile devices Introduce the definition of new mobile devices and analyze new security threats and current status in security policy and standardization Snalyze new security threats from various perspectives such as device, network, service, contents, and policies. Suggest security policies and countermeasures to reduce and mitigate the new security threats - xvii -

- xviii -

1, (SNS: Social Network Service),, ( PC), e-book..,,., PC,. PC. PC,, PC.,., ( PC) PC,, PC (device).,. PC., PC.,.,. PC - 1 -

.,. - 2 -

2,,.,, (Wi-Fi), (Wibro), LTE(Long Term Evolution) 4, e- (e-book Reader), ( PC). 1 10 IT.. ( PC) TV (Smart Life) (M2M)., ICT.. < 2-1> 2009 80 2011 1626-3 -

2009 16. ( : ) [ 2-1] 2009 2011 7,. [ 2-2] ( ). 2010 12 722 14.2%. 2013 3 2015 4. 2010 18 2015 982. - 4 -

[ ] ( ) : Mobile voice and data forecast pack: 2010-15 OVUM(2010.5 ) 2010 (NIA, 2010.7 ) KISDI KCC (2010.11 ) 2 70,, 2011 54 4,270 100% 3 (3G). < 2-2> 2015 10 3, 2011 2.1, 2015 2 6, 2011 4.2-5 -

. 2011 8 IHS isuppli [ 2-3], 2015. [ ] [ 2-4] 2010 ipad 100% 2015. - 6 -

[ ] 1. 2009 3GS 219% 302. 2010 475. 2014 797. [ ] ( : ) : MIC, 2010 2-7 -

, MCPC(Mobile Computing Promotion consortium) [ 2-6], [ 2-7], [ 2-8].[ 2-6] 2010 176, 634, 2015 26%, 46%. [ ] ( ) ( : ) : MCPC/Impress R&D joint survey conducted in September 2010. [ 2-7] 2010 73, 337, 2015 12%, 46%. - 8 -

[ ] ( ) ( : ) : MCPC/Impress R&D joint survey conducted in September 2010. [ 2-8] 2010 17, 84, 2015 46%, 50%. [ ] ( ) ( : ) - 9 -

: MCPC/Impress R&D joint survey conducted in September 2010. 2. [ ] : Neilsen Company, 2010 [ ] : Neilsen Company, 2010-10 -

2008 2 90% 2011 3 51% 2008 2 10% 2011 3 49%. - 11 -

- 12 -

1 1..,, (Smartciety).. 2007 (Apple) (iphone),,...,, GPS,. APU(Application Processing Unit).. ios (Google) (Android). - 13 -

SDK API. Wi-fi.,... [ 3-1]. [ ]. (Smart Phone) PDA( ) - 14 -

... 1) ios(iphone OS) MAC OS X,,. ios API SDK. ios < 3-1> [ 3-1]. [ 3-2] ios. ios MAC OS X ios 4.3.3 Core OS, Core Service, Medeia, Cocoa Touch Objective-C ios, - 15 -

[ ] ios [ ] ios 2) (Android) ios,, (Java).. < 3-2> [ 3-4] [ 3-5] - 16 -

. Android 2.3( ) / Android 3.2( ) Linux Kernel, Library, Android Runtime Library, Application Framework, Applications, [ ] - 17 -

[ ] 3) (Windows Phone) 7 (Microsoft) (Windows Mobile). 7 PC. ios (Nokia). < 3-3> 7 [ 3-6] [ 3-7] 7. - 18 -

7 Windows Embedded CE Windows Phone 7 Mango Windows embedded CE Kernel, OEM Adaptation Layer, Board Support Package, Application Platforms XNA 7 [ ] 7 [ ] 7-19 -

4) (Blackberry) (Rim). (Lotus) (Widget) SDK. < 3-4> [ 3-8] [ 3-9] OS,. RIM Blackberry OS 7 Blackberry OS, APIs, Java Runtime, Blackberry Widget HTML, CSS, Javascript, MIDP, WAP, - 20 -

[ ] OS, [ ] 5) (bada). OS RTOS, OS. IDE,, C++.. < 3-5> [ 3-10] [ 3-11],. - 21 -

Nucleus RTOS bada OS 2.0 bada OS Kernel, Device Layer, Service Layer, Framework Layer, Application Eclipse IDE [ ] [ ] - 22 -

. (Smart Pad),..,. PC,,. 7 ~10.,,.. < 3-6>. - 23 -

ios Apple ipad Samsung Galaxy tab Android HTC Flyer Motorola Zoom Blackberry RIM Playbook WebOS HP TouchPad. - 24 -

1) - (Telematics)., (auto) PC., PC,.,,. [ ] (GM) (On-Star) GPS -, -..,,,,,,,. - 25 -

,.,. [ ] -VMC( ) (ETRI) (Smart Highway) VMC..,.,,. 100ms., 200km 1km. VMC - 26 -

. [ ] VMC 2),, Wi-fi. 10~20m. 10~20m PC. Sony (Transfer Jet). s95 Eye-Fi PC..., - 27 -

. [ ] 2. (user-centric),., SNS(Social Networking Service), Win-Win. [ 3-16],, TV /,,. - 28 -

[ ], [ 3-17] 85%, 61%, 15%, 35%. Zokem',,. [ ] : Zokem LTD., 2010-29 -

,.. < 3-7> 1)..., (itunes) 1) ipad (ETRI 25 5 2010 10 ) - 30 -

.,. PDA... LBS, AR, SNS, RFID NFC M2M, < 3-8>. - 31 -

- - - SNS M2M -AR -LBS -AR SNS - SNS. -LBS -, - - - -,,, - DMB, SMS, - :.. 2010 M2M. ABI 2010 140 2015 2,800, IDC 2011 14%. 2010 11 ios 4.2 PC. - 32 -

,., (Automotive apps): SK Telecom 2011.. (Ford Motors) (MyFord). /., (Mobile VoIP+Video): VoIP. Nokia N900. Apple iphone 4 FaceTime, Wi-Fi iphone 4. Wi-Fi 3G PC., (Social Media): TNS 3.1, E-mail 2.2.., (Augmented Reality: AR):., (ReadWriteWeb) 200, 50., Qualcomm (prototype) (GIT) (AR gaming R&D center)., (Adult Entertainment): (Video Chat). - 33 -

. [ 3-18], [ 3-19] /, /,. [ ] : Pew Research Center's internet & American Life Project, 2010-34 -

[ ] :, KISA, 2010 PC [ 3-20].,,, e / /,,,, PC,,,,,. PC,,, e / /,,,. - 35 -

[ ] : Morgan Stanley Research, SAI, 2011 [ 3-21] 38.5%, 10.7%, 7.2%. - 36 -

[ ] : Nielsen Company, 2010.,,, SMS/MMS,. - 37 -

[ ] : Forrester Research, US Interactive Marketing Online Survey", 2010,,,.,.. 2010 UN 1..... - 38 -

. PC.. (Location based Service, LBS) (Social Network Service, SNS)..,,.. 2 1.,,,.,..., SMS. 2011 3-39 -

. [ 3-23]. [ ].. [ 3-24] 2011 100, 2009 524. - 40 -

[ ] 2011.. 2009 6 15.,,. AP. AP(Access Point),. (Wi-Fi). 3G AP. AP. AP - 41 -

,,.. (MITM, Man-In-The_Middle). AP Wi-Fi. AP,,. 2010 7 15 / 29 AP 42,997, 44.8%. AP 28,312 55.2%. AP. [ 3-25] 美 Air tight Networks 27. AP 80%, WEP(Wired Equivalent Privacy). - 42 -

[ ] Air Tight Network, 27 AP.....,,,.,. - 43 -

[ ] URL, URL( URL ) ㆍ. [ 3-26] URL. URL facebook, URL URL. URL... Melon, Dosirak Tving,. (Digital Right Management),,. 2009 12 DRM, DRM. - 44 -

[ ] iphone Cydia. (Jail-breaking) [ 3-27], (rooting). 2.,,.. 2.,.,. 1.,. - 45 -

,...,,. [ ], Cydia. [ 3-28].,. - 46 -

.. weak point. 2010 62%.,. ADT (Wi-Fi) AP,, 3 1... 2010 12 2015. [ 3-29]. - 47 -

[ ]. 1) m - AP,. AP. < 3-9>. - 48 -

3 10 AP AP AP LAN AP - AP AP AP,,. -,.,, PDA,,.,.. m - 49 -

[ ] Netstumbler - 50 -

[ ]Probe Request - 51 -

[ ] AP - 52 -

3 11 WEP 1 (IV) 2 RC4 3 4 m - 53 -

. < 3-12>. - 54 -

3 12 OS, OS OS OS /, DDoS / /.... - 55 -

3 13-56 -

3 14.,.....,... - 57 -

.,.,. 10,.., (T-Store, OZ-store, Olleh)...,.. [ 3-33]. - 58 -

[ ] - 59 -

3 15 ( 5 ) ( 9 ) ( 15 40, ). 3, 3 3 3 ( 19 3 ) (, 23 ), ( 8,, 26 ), ( 29 ) 2.. 1) 2010 5 (National Security Strategy).. 2) ) - 60 -

. IT.,.,.,,.... ),...,..,.. 1) 2010 7. - 61 -

. 2) )..,... 2009 6 4,000 94% 6%... 1) 2010 10.,. 5.,,,. - 62 -

.. 2) ).......,. ).,.. 4 6 5,000. - 63 -

.,.,,. 3.. 2010 TTA, ITU-T 17.... 2013.. 2010 TTA.,,,, [ 3-34]. - 64 -

[ ] TTA :, TTA Journal No 132 < 3-16>. - 65 -

< 3 16> TTA ITU-T SG17 MCPC PPCA LIPS Forum 2,, -PG605 :,, 3 -PG504 : 10, ( ) :, TTA Journal No 132 < 3-16>,., TTA PG 605 [TTAS.KO-10.0245], [TTAS.KO-10.0243] 3.. ITU-T 17 6 (X.msec-6) 2009 9., - 66 -

. X.msec-6,, ID,,,.,, OS,,.,., ITU-T X.509... Verisign( ), ( )., MCPC(Mobile Computing Promotion Consortium) Smartphone. PPCA(Portable Computer and Communications Association) LIPS Forum(Linux Phone Standard). - 67 -

- 68 -

1 1.,,... (lookout) 8 3 2011 Mobile Threat Report' (Operation system) 50 100, 6 2.5. 10 3. [ 4-1] 1 80 6 400. - 69 -

[ ] 2011 :, 2011. 1) ) [ 4-2] (Third party market).. - 70 -

[ 4 2] 악성코드포함된앱업로드 다운로드후설치 블랙마켓 해커 스마트폰사용자 인터넷사이트 [ 4-3]... [ ] ) 2011 6 [ 4-4]. QR-Code root - 71 -

. root. [ ] 2).,,,, 5,. - 72 -

4 1. 2004 Skulls.. 2005 Locknut Gavno.. 2004 Cabir... 2010.. 3D 50..,,. 3.4 DDoS. (mvoip) DDoS..,. 2011 5 McAfee Carnegie Mellon University 63%, - 73 -

. 2. DDoS, IPS. mddos(mobile DDoS)... 3G Node B 2), RNC 3) (Radio Network Controller) SGSN 4) (Serving GPRS 5) Support Node)., 3G, 3G. 2010 Cisco VNI (Visual Networking Index) 2015 92%. 3G, / /, 2) Node B : UMTS (Universal Mobile Telecommunications System) BTS (Base Tranceiver Station). UMTS 3,, 2 Mbps. BTS. 3) RNC : UMTS radio access network Node B. 4) SGSN :. 5) GPRS : General Packet Radio Service - 74 -

. [ 4-5]. 2015 3G + LTE (Long Term Evolution) 3.2,., 4G(LTE, LTE Advanced) 3G,. [ ] 3G+LTE vs 4 2 1,000%., 2010.12 Call Drop., 2010.1 TredDial 6) ( ). 2010 12 3G. SGSN., 2010.4, 2010.12-75 -

. DDoS SMS,. 3G,,,,. /. 3.,. PC,,,..,, RFID,, SNS(Social Networking Service).. (Location Based Service, LBS),.. 6) TredDial : 2010 4 13 4 19. - 76 -

1) ),,... [ ] ).. - 77 -

).. 2) ),. ).., 3... - 78 -

4 3.,.,.. 1).,.,. 2) Public DB - 79 -

DB,. 3),,.. 4). 5),.. 4 4-80 -

. RFID RFID RFID. RFID RFID /, RFID,. RFID RFID,, RFID.. 1) + RFID RFID, RFID RFID. RFID. ). RFID,. ) ID. ) RFID,. - 81 -

. 2) + RFID RFID, RFID. ) RFID,. ) RFID RFID RFID RFID.. RFID. - 82 -

4 5 RFID + RFID + RFID RFID RFID RFID RFID RFID..., SAS(Strategic Application System) 7) PC. 2010 1 7,. 7) North Carolina SAS (SAS/ETS),, (SAS/SQL), (SAS/GRAPH), OR(SAS/OR). - 83 -

.,,. 1)., 2009 4.,,,. 2). 2009 500 74% 370.,.. 2010.. - 84 -

[ ] ),.,. 2008,.. ) - 85 -

. DNS(Domain Name Service), DHCP(Dynamic Host Configuration Protocol), HTTP(Hyper Text Transfer Protocol) SSID(Service Set IDentifier), 'NESXXX, IPTIXX, MYLGXXX'.,. 3) PIMS(Personal Information Management System, ).,,.. 4 6,,. SNS (Social Networking Service) - 86 -

SNS., SNS. 1). SNS,,,,.. 2, SNS,,,,. 2) SNS.. 3) SNS SNS,,.,.,, - 87 -

. SNS. 4 7 SNS SNS SNS SNS,,. MtoM (Machine to Machine) ICT( ). MtoM,,,,. GPS. - 88 -

4 8, 1) (EDR, Event Data Recorder).. 2013,.,. 2),, PC,. LG,. 2012 (CES) - 89 -

기아자동차가 북미 텔레매틱스 회사인 유보(UVO)와 함께 차세대 텔레매틱스 서비스를 선보였다. 이를 이용하면 고객 휴대폰과 연동, 사고신호를 자동 통보해 긴급출동을 유 도하고, 차량 상태를 진단하는 것도 가능하다. 또한 스마트폰과 연동하여 주차위치를 확인하거나 문자 메시지를 음성으로 읽어주는 서비스도 제공한다. 이처럼 무선 네트워 크를 이용한 각종 서비스가 시행됨에 따라 운전자의 개인정보나 차량 운행정보 등의 유출 가능성이 우려되고 있다. 그림 4 ] 텔레매틱스 서비스 자동차 [ 8 위치정보의 불법적인 유출 최근 도로 상의 교통사고 다발지역, 휴게소 정보, 통과지점의 제한속도 안내 등 다양 한 정보에 대한 데이터베이스가 구축되어 GPS(Global Positioning System)와 함께 다양 한 서비스로 발전되었다. 하지만 운전자의 위치정보가 서버에 저장되는 경우에는 타인 에게 운전자의 위치정보가 유출되어 사생활 침해의 문제가 발생할 우려가 있다. 3) 콘텐츠 보안위협 콘텐츠 위협중 대표적인 위협 유형으로는 콘텐츠 상의 DRM(Digital Right Management) 공격 위협이 있다. DRM이란, 디지털 콘텐츠의 불법유통과 복제를 방지하 4. - 90 -

,,. DRM,,. DRM DRM. < 4-9> DRM DRM. 4 9 DRM DRM DRM DRM,,, - DRM - (ex., ) - S/W - OS - MS WMRM Proprietary DRM De facto Standard,,, - DRM - - OS S/W - OS - OMA DRM De jure Standard Proprietary DRM (MS WMRM, Apple Fairplay ). DRM 1) DRM - 91 -

DRM,,. ) DRM. DRM,..,. [ 4-9]. [ ] ). - 92 -

. [ 4-10]. [ ] ) DRM..,. [ 4-11]. - 93 -

[ ] DRM DRM. < 4-10> DRM. - 94 -

4 10 DRM 2006 2009 2010 2011 MS DRM'. FairUse4WM 8. MS SW 10 11 DRM. QTFairUse6. e DRM..azw DRM e PC.. DRM DRM.,, (itunes).,,. 4S Siri( ). Siri 4S. 2 1..,,, OS - 95 -

. [ 4 12] Open-Market ( ),.,,.,,., - 96 -

, (Jailbreak)...,, DB. 1). 3G IMEI 100. IMSI USIM USIM. -,.. e, ID,,,. -.. ios (OS) OS - 97 -

,,,,,..,,.,. [ 4 13], Wi-Fi USB.. 5. 1). 2004 Skulls. - 98 -

. 2005 Locknut. Gavno. -, - UI, ( ), (,, ) -, o Skull(2004) : o Bootton(2005) :, o BlankFont(2005) : o Ikee(2009) :, 80 o Liberty(2000) : 2). 2004 Cabir. Cabir,.. - CPU,, - 99 -

3)., SMS/MMS( ), SMS( ),,,. - 20% SMS, MMS (, 2010.4, KISA ) - RedBrowser (2007) - o Mosquit(2004) :, SMS o CommWarrior(2005) : MMS o Timofonica(2000) : o CommWarrior(2005) : MMS o RedBrowser(2006) : 4). 2008 Infojack..cab, Infojack., OS, 2. - 100 -

Flexispy, PBStealer. Flexispy,. - SMS,, - ( : Mobile-Spy) SMS,, - o PBStealer(2005) : o Infojack(2008) : (OS, ) 2 o iphone/privacy.a(2009) : (, ) o Duh Worm(2009) : SMS (6 ) 5) PC. 2005 Cardtrap.A, PC autorun PC. PC.. 1) - - 101 -

< 4 11> - -,. - 21 (2010 7 ). -. -, Cydia, (JailBreak). -, API,. - 3 2~30 3G 2~300M,. 2) - - 102 -

< 4 12> - -. -. - 5 (2010 7 ) -. -,, ADB(Anroid Debug Bridge). - (Fragmentation) CTS(Compliance Test Suite). - 58, 26. - SMS 10. -.. 2. - 103 -

.. 1),., ( 56 ), ( 57 ) ( 29 )., ( 45 ), ( 46 ), ( 46 2), ( 46 3), ( 47 ), ( 47 3), ( 48 ), ( 48 2 48 3), ( 49 ), ( 49 2).,.... 8) 8) 2001 1. 1986 30,,, - 104 -

.. AP.,,. AP. < 4 13> AP - AP (ISP) - AP (, ) - (Municipal Wireless network) - AP -, AP ) ( ) 46 3 1 9). 9) 46 3 ( ) ( ) - 105 -

ISP., AP. AP. ) 53 1 10). ( 98 ), 53 1 ISP AP. AP. ). 15 3. 1. 2 1 1 ( ) 2. 3., 10) 45 ( ). 53 ( ) 19, 25, 26, 29, 45, 46, 52, 57 58. - 106 -

38 2 2 11), ISP. Hot-spot FMC. ). ISP AP. (AP). AP AP. AP,. AP. 2) OECD (OCECDGuidlines for the Security of Information System and Networks: Towards a Culture of Security) 11) 38 2( ).. 2. - 107 -

. < 4-14>. < 4 14> - : 22948.6 - :, -2009 House Bill 1011 -CFAA(The Computer Fraud and Abuse Act) -ECPA(the Electronic Communications Privacy Act) MICH. COMP. LAWS ANN. 752.795 (Police and justice Act 2006) (Computer Misuse Act) 342.1 326 - :Nigerian Communications Act 2003 :Cybercrime Act 2001 : AS 11.46.200. Theft of Services (Communications Act 2003) (Telecommunications Act) OECD,,. - 108 -

.. PC..,. 2010 TTA, ITU-T 17. 1). TTA ITU-T. ) 2013. TTA < 4-15>., TTA PG 605 3. < 4 15> TTA - 109 -

/ ) -,, - - PC (VPN) - ITU-T 17 6 (X.msec-6) 2009 9,., MCPC(Mobile Computing Promotion Consortium) Smartphone. PPCA(Portable Computer and Communications Association) LIPS Forum(Linux Phone Standard). < 4 16> TTA 2,, PG605 :,, 3 PG504 : 10 ITU-T SG17-110 -

MCPC PPCA LIPS Forum, ( ).... 1) [ 4 14]. - 111 -

) -, -Email, - - ) IT Compliance Risk IT Compliance IT. IT IT Compliance,. - 112 -

[ 4 15] IT Compliance Risk [ 4 16] IT Compliance Risk Privacy Risk - Customer Information Privacy Risk :, / - Workplace Privacy Risk - 113 -

: Mobile E-mail, PIN < 4 17> / Customer Information Privacy Risk Workplace Risk Privacy GS Research In Motion 1,863 DB 14 1 100~200 1,125 DB 4 1 100 Big Brother PIN Copyright / Infringement Risk,. - :, - : - : - : JailBreaking DRM Attack - 114 -

) < 4 18> - (2010.1)11) (BSI) (2010.8.11) (CERTA) (2010.8.6), RIM (2010.8.9.) 4),. 3, /.. IT.. [ 4-9] IDC 244 IT IT cloud, - 115 -

.. [ 4 17] ),,,,.. ➁ ➂ ) IT, - 116 -

., local cloud.. ➁ ➂ ➃ ➄ / ➅ e-discovery.,.,. - - - / (. ).. < 4 19> - 117 -

SaaS -. -SaaS. -( ),,,. -. -. - SaaS -,. -. - PaaS IaaS -( ),,. -. -( ). -( ). -PaaS -,. -. -. -. ) DDoS SMS,. DDoS DDoS (, 2010.1, KISA ) - 118 -

2009 DDoS iphone/ibotnet.a (DDoS) (KISA 2009 12, 2010.1.24) o DDoS o, - 119 -

- 120 -

,,,. [ 5-1]., PC,. SNS, LBS, ( PKI, ).,,,,. [ 5 1] - 121 -

1 1..,.,,, [ 5-2] OS,,. [ 5 2] < 5-1>. - 122 -

< 5 1> - -, - - 8 - - - SW - - - - - OS OS OS - OS - OS. < 5-2>.,,,, 1, 2, 2. - 123 -

< 5 2> - / - - (PKI) - (OTP ) - (PKI) - - S/W - - - (, ) - - (Sandboxing) - - - - TPM - ( ) - - ( ) - ( ) - - (RTS), - 124 -

1) ID/ (8 ) (PKI). PKI.,,. PKI, (OTP ). 2) PKI.,. RSA(2,048 ), SHA-2(256 ). 3) Virus, Trojan, Worm Anti-Virus.. (SD ),. Jailbreaking, Rooting OS.,. 4) OS (Jailbreaking), (Rooting)., - 125 -

. (Sandbox) 12).,., (Privilege).,.,. 5) TPM,,,,,, TPM(Trusted Platform Module). TPM [ 5-3],,,. 12) 보호된영역안에서만 3rd party application 이동작될수있도록하는시스템소프 트웨어기능으로, 네트워크를통해전송받은 applications 의시스템자원에대한접근 을제한하는기능을제공한다. - 126 -

[ 5 3] TPM TPM [ 5-4] BIOS,,,,. [ 5 4] TPM TPM 2. TPM Endorsement Key TPM Storage Root Key. (extend operation) (measurement) 160-127 -

(Platform Configuration Register: PCR) TPM (Key Slot). TPM., (Remote Attestation). Attestation Identity Key (AIK). [ 5 5] TPM TPM,, [ 5-5] BIOS, (Boot Loader), OS, OS. - 128 -

[ 5 6] TPM, TPM [ 5-6]. TPM [ 5-7]., (Remote Attestation Agent), (Remote Attester). - 129 -

[ 5 7] TPM TPM,., TPM Endorment Key (PKI), Storage Root Key,, (Privacy PKI) TPM.,,, TPM,,,, PKI,., PKI. - 130 -

2.... [ 5-8].,., VPN,. [ 5 8] < 5-3>. - 131 -

< 5 3> VPN - AP - - AP SSID Broadcast - ( : ) - AP - VPN - VPN - VPN -,. < 5-4>. - 132 -

< 5 4> - - AP, - Wi-Fi, 3G ( : ) - (3W) - - - - (WPA2 ) - PKI VPN 1) (CDMA, WCDMA, WiBro, LTE) WPA2 (Wi-Fi).. 2),,,,,,.. 3) MAC, - 133 -

(WPA2 ). (AES 128bit, ARIA 128bit). VPN PKI. 3.. SNS, LBS. 위치 / 개인정보유출, 모바일뱅킹해킹, 서비스불법사용등의침해사고가발생할수있다. 때문에 [ 5-9], SW, (IDS),. [ 5 9] - 134 -

< 5-5>. < 5 5> H/W -, GPS, HW SW S/W - SW - - 8 - -, -, - - OTP,, - - - -.. < 5-7> - 135 -

< 5 6> - - - (PMS) - ( ) - H/W(, GPS, ) SW - (configuration) - (Remote Attestation) - (Remote Attestation) - P2P, - -PC - -PC - PC (USB, microsd ) -, IDS - - URL - 24 - - PKI - 1), SNS CC,., - 136 -

. (WiFi), (CDMA, WCDMA, WiBro). (, T, ), PC (PC Sync) PC., PMS(Patch Management System)..., H/W(, GPS, ). 2) (configuration),. (Remote Attestation). (Remote Attester). 3) P2P,. PC, PC (Tethering) 13)., PC (USB, microsd ). 13) AP - 137 -

4),. 5), 24.,,. 6)., ( ), View. 7),,,.,,. - 138 -

4..,,,. [ 5-10],,. [ 5 10] < 5-7>. - 139 -

< 5 7> - PC - -. - - - (SMS, MMS) - -. < 5-9>. - 140 -

< 5 8> - P2P, - -PC - -PC - PC (USB, microsd ) - - - DRM - - N- - (SMS, MMS) - - / - - - ( ) 1) P2P,. PC, PC (Tethering) 14)., PC (USB, microsd ). 2) 14) AP - 141 -

, DRM.,.,.,.,.. AES(128 ), ARIA(128 ). 3) (SMS, MMS).,,.,.. 4) PC, (,,, ). - 142 -

.. [ 5 11].,,. - 143 -

.,. Wi-Fi AP,,. DDoS IP...,,,..,,.,., SNS..,.. - 144 -

[ 5 12] URL URL.,.,,. - 145 -

3..,,,,..., PC,.,,, 4., Device [ ]->[ ]->[ ]->[ ]->[ ]->[ ]->[ ] Process. USB, SD, Bluetooth, (Rooting) ios (Jailbreak)., Network Wi-Fi, AP Rouge AP Wireless IPS., Contents., (Anti Malware),. - 146 -

,,.,, IT. IT, /.,.,. 4.,,,.....,..,.. 500. - 147 -

.,.,,. - 148 -

149 (2010),. (2010),. ZDNet Korea (2011), 韓 2,. (2011). (2010),. MIC (2010), 2010 2., (2010),, TTA Journal No 132, pp 54~60. (2010),, 22 22 498,. (2011), 2011,. Forrester Research. (2010). US Interactive Marketing Online Survey. IHS isuppli Research. (2011). By 2015 smarphones will rule the mobile planet. IHS isuppli Research. (2011). Media Tablet Forecast Increased as Apple s Dominance Grow. Morgan Stanley Research. (2011). SAI. Zokem LTD. (2010) MCPC/Impress. (2010). R&D joint survey conducted in September. Neilsen Company. (2010). - 149 -

Pew Research. (2010). Center's internet & American Life Project. OVUM. (2010). "Mobile voice and data forecast pack: 2010-15.". Lookout. 2011-150 -

Drexel Pennsylvania (Study on Security for New Mobile Devices) 2011 12 31 2011 12 31 20 TEL: 02-750-1114 E-mail: webmaster@kcc.go.kr Homepage: www.kcc.go.kr