KR102433412B1 - Method of providing safety information of an access point, and mobile terminal and server tehrefor - Google Patents

Abstract

The present invention relates to a method of providing safety level information of an access point based on information of an access point near a terminal. To this end, the method for providing access point safety level information includes: outputting safety level evaluation information for an access point (AP) around a terminal; connecting the terminal to the AP; evaluating the safety level of the AP connected to the terminal when the terminal is connected to the AP; and updating and outputting the safety evaluation information of the AP based on the safety evaluation result of the AP connected to the terminal.

Description

Access point safety information providing method, and terminal and server device therefor

The present invention relates to a method for providing safety level information of an access point near a terminal.

In general, a mobile terminal accesses the Internet network through a method of accessing a mobile communication network base station provided by a mobile communication service provider or a method of accessing the Internet network through a connection with an access point (AP) connected to the Internet network. When accessing the Internet network through a mobile communication network base station, a separate fee is charged, so the method of accessing the Internet network through an AP is widely used indoors or in public places.

However, in the method of connecting the Internet through the AP, since the AP performs a relay role between the mobile terminal and the server, there may be a problem in that security is lower than that of the base station strictly managed by the mobile operator. For example, in a method of connecting the Internet through an AP, an attack that intercepts data or modulates data in the middle may occur. In addition, when using an AP installed by a malicious user in a public place to induce users to access, or an AP created by a normal user but infected by an external intruder, the user's main information stored in the mobile terminal (eg, , contact information, photos or videos) may be leaked, or there is a risk of secondary financial damage through linking to a Pharming site.

As the AP usage rate increases and security threats through the AP increase, various methods for reducing the security risk when using the AP are being discussed. In order to reduce the security threat of the AP, the use of applications can be considered, but a method for evaluating the security level of an AP by a mobile terminal has not been discussed yet, and in the case of a mobile terminal, only information about the AP to which it has been connected is not discussed. Therefore, when a user tries to connect to a new AP in a new location, there is a limit in that any security information cannot be provided.

In the present invention, in order to overcome these existing limitations, user-based AP information is collected and analyzed through an application in a mobile environment to build a database, and when a user wants to connect a mobile terminal to an AP, the safety of neighboring APs in advance We want to provide a big data-based AP security verification system that allows users to select and connect to an AP with confidence by providing information on the access point.

An object of the present invention is to provide information on the safety level of an AP around a terminal.

Specifically, an object of the present invention is to provide safety level information on the AP before the terminal accesses the AP.

Another object of the present invention is to provide a method for evaluating the safety level of an AP accessed by a terminal and updating the security level of the AP in real time.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those of ordinary skill in the art to which the present invention belongs from the description below. will be able

According to an aspect of the present invention to achieve the above or other object, outputting the safety evaluation information for the AP (Access Point) around the terminal; connecting the terminal to the AP; evaluating the safety level of the AP connected to the terminal when the terminal is connected to the AP; and updating and outputting the safety evaluation information of the AP based on the safety evaluation result of the AP connected to the terminal.

According to another aspect of the present invention, a communication unit for communicating with the AP (Access Point) and the server; a display unit for outputting safety evaluation information for the AP; and a control unit configured to evaluate a safety level of the AP when the communication unit is connected to the AP, wherein the control unit updates and outputs safety evaluation information for the AP based on a safety level evaluation result of the AP Disclosed is a terminal device, characterized in that it is controlled so that it becomes possible.

According to another aspect of the present invention, the method comprising: receiving information about an access point (AP) around the terminal from a terminal; inquiring into a database unit for safety level information on the AP; providing safety level information on the AP to the database unit according to the inquiry result; receiving network information of the AP from the terminal when the terminal is connected to the AP; evaluating the security level of the AP based on the network information; and updating the safety level information on the AP registered in the database unit based on the safety level evaluation result of the AP.

According to another aspect of the present invention, a database unit for storing safety information about the AP (Access Point) around the terminal; a collection unit for collecting information on the AP and network information of the AP from a terminal; and an analysis unit for evaluating the safety level of the AP based on the network information, wherein the analysis unit updates the safety level information for the AP registered in the database unit based on the safety level evaluation result of the AP A server device is disclosed, characterized in that.

The means of solving the technical problems to be achieved in the present invention are not limited to the solutions mentioned above, and other solutions not mentioned are clear to those of ordinary skill in the art to which the present invention belongs from the description below. will be able to understand

The effects according to the present invention will be described as follows.

According to the present invention, before the terminal accesses the AP, safety level information on the AP may be provided to the terminal.

Also, according to the present invention, it is possible to provide a method of updating the safety level of the AP in real time by evaluating the safety level of the AP accessed by the terminal.

The effects to be achieved in the present invention are not limited to the above-mentioned effects, and other effects not mentioned will be clearly understood by those of ordinary skill in the art to which the present invention belongs from the following description. .

1 is a diagram schematically illustrating an access point (AP) security verification system according to the present invention.
2 is a diagram illustrating a configuration diagram of a terminal.
3 is a block diagram of an AP verification platform.
4 is a flowchart of an operation of a terminal according to an embodiment of the present invention.
5 is a diagram illustrating an example in which the terminal outputs an AP list.
6 is a diagram illustrating an example in which the terminal collects network information and evaluates the safety level of the AP based on the collected network information.
7 is a diagram illustrating an example in which a visual effect applied to an indicator is changed according to a safety evaluation result of the AP.
8 is a diagram illustrating an example in which the AP verification platform provides AP safety level information to a terminal.
9 is a diagram illustrating an example in which the AP verification platform updates safety level information of the AP.

Hereinafter, the embodiments disclosed in the present specification will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numerals regardless of reference numerals, and redundant description thereof will be omitted. The suffixes "module" and "part" for components used in the following description are given or mixed in consideration of only the ease of writing the specification, and do not have distinct meanings or roles by themselves. In addition, in describing the embodiments disclosed in the present specification, if it is determined that detailed descriptions of related known technologies may obscure the gist of the embodiments disclosed in this specification, the detailed description thereof will be omitted. In addition, the accompanying drawings are only for easy understanding of the embodiments disclosed in this specification, and the technical idea disclosed herein is not limited by the accompanying drawings, and all changes included in the spirit and scope of the present invention , should be understood to include equivalents or substitutes.

Terms including ordinal numbers such as first, second, etc. may be used to describe various elements, but the elements are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

When a component is referred to as being “connected” or “connected” to another component, it may be directly connected or connected to the other component, but it is understood that other components may exist in between. it should be On the other hand, when it is said that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the other element does not exist in the middle.

The singular expression includes the plural expression unless the context clearly dictates otherwise.

In the present application, terms such as “comprises” or “have” are intended to designate that a feature, number, step, operation, component, part, or combination thereof described in the specification exists, but one or more other features It is to be understood that this does not preclude the possibility of the presence or addition of numbers, steps, operations, components, parts, or combinations thereof.

1 is a diagram schematically illustrating an access point (AP) security verification system according to the present invention. Referring to FIG. 1 , the AP security verification system may include an AP 100 , a terminal 200 , and an AP verification platform 300 .

The AP 100 refers to a wireless device serving as a base station for the terminal 200 . The terminal 200 and the AP 100 may communicate through wired or wireless communication such as a local area network (LAN), a wireless LAN (WLAN), and Bluetooth. The AP 100 serves to connect the terminal 200 to the Internet network. For example, a wireless router serving as a bridge connecting a wired network and a wireless network may operate as an AP.

The terminal 200 includes a wired or wireless communication device for connecting to the Internet network. The terminal 200 may include a mobile terminal 200 or a fixed terminal 200 in which applications can be installed. For example, the terminal 200 may include an electronic device capable of wired/wireless communication, such as a mobile phone, a set-top box, a notebook computer, a personal computer (PC), a tablet PC, and a TV.

2 is a diagram illustrating a configuration diagram of the terminal 200 .

Referring to FIG. 2 , the terminal 200 may include a communication unit 210 , a display unit 220 , a memory 230 , and a control unit 240 . Each configuration shown in FIG. 2 may be implemented by hardware or software.

The communication unit 210 may include a first communication unit and a second communication unit. The first communication unit supports communication with the AP through the first wireless communication method. Here, the first wireless communication may support at least one communication method among LAN, WLAN, and Bluetooth. The second communication unit supports communication with the AP verification platform 300 through the second wireless communication method. The second wireless communication supports at least one communication method among LAN, WLAN, LTE, HSPDA, CDMA, and LTE. The second wireless communication may have a different communication scheme than the first wireless communication.

If the terminal 200 is not connected to the AP (IP_connected), the terminal 200 communicates with the AP verification platform 300 through the second communication unit, and when the terminal 200 is connected to the AP, the terminal ( 200 may communicate with the AP verification platform 300 through the first communication unit.

The display unit 220 outputs information processed by the control unit 240 . For example, information related to the execution of an application and information about an AP surrounding the terminal 200 may be output to the display unit 220 .

The controller 240 controls the overall operation of the terminal 200 . Specifically, the control unit 240 controls the operation of each component and performs a function of processing an application required for the operation of the terminal 200 and a command related thereto. The controller 240 may be a hardware device such as a central processing unit (CPU) or a micro controller unit (MCU), but is not limited thereto.

The memory 230 serves to store data processed by the terminal 200 . For example, the memory 230 serves to store application execution data and data generated during application execution.

For convenience of description, in the embodiment to be described later, as in the example shown in FIG. 1 , it is assumed that the AP safety evaluation operation is performed as a predetermined application is executed in the terminal 200 . As an example, as the application is executed, communication between the terminal 200 and the AP verification platform 300 is performed, while an operation such as evaluating the AP safety level and visualizing and outputting the AP safety level information may be performed. .

Referring back to FIG. 1 , the AP verification platform 300 checks the safety level of the AP to which the terminal 200 intends to access, based on the data received from the terminal 200 . The AP verification platform 300 may provide information related to the safety level of the AP to the terminal 200 .

3 is a block diagram of the AP verification platform 300 . Referring to FIG. 3 , the AP verification platform 300 may include a collection unit 310 , an analysis unit 320 , and a database unit 330 . The AP verification platform 300 or each component of the AP verification platform 300 illustrated in FIG. 3 may be implemented in at least one server device. For example, the collection unit 310 may be implemented by a collection server, the analysis unit 320 may be implemented by an analysis server, and the database unit 330 may be implemented by a data server. It is also possible that two or more components are implemented by one server device, and it is also possible that one component is implemented by two or more server devices.

The collection unit 310 collects information related to an AP around the terminal 200 from the terminal 200 . The AP-related information collected by the collecting unit 310 may include an SSID (Service Set Identifier) of the AP, address information of the AP (eg, an Internet Protocol (IP) address of the AP, and/or a Media Access Control (MAC) of the AP). address, etc.), and encryption method information of the AP.

The analysis unit 320 analyzes (or evaluates) the degree of safety of the APs around the terminal 200 based on the AP-related information collected by the collection unit 310 . AP safety analysis may be performed based on whether the DNS is harmful, a comparison with a normal DNS, a comparison of a response value with a normal homepage, and the like.

The database unit 330 serves to store (database) the AP safety level information analyzed by the analysis unit 320 . The AP safety level information stored in the database unit 330 may be used as data for AP safety analysis.

In addition to the configuration shown in FIGS. 1 to 3 , if additional information is required to analyze the AP's safety level, a component having the corresponding information may also be included in the AP security verification system. For example, a big data system that analyzes safety information may be additionally included in the AP security verification system.

Based on the above description, the terminal 200 and the AP verification platform 300 according to the present invention will be described in more detail.

4 is an operation flowchart of the terminal 200 according to an example of the present invention. Referring to FIG. 4 , first, the terminal 200 may search for a neighboring AP (S410). In this case, the terminal 200 may search for an AP using an active scanning method or may search an AP using a passive scanning method.

When information on neighboring APs is obtained through AP discovery, the terminal 200 may transmit the AP information to the AP verification platform 300 ( S420 ). In this case, the AP information transmitted to the AP verification platform 300 may include at least one of SSID, address information (eg, MAC address or IP address, etc.) and encryption method information of the AP. Here, the encryption method information of the AP may include Wi-Fi Protected Access (WAP), WAP2, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), Advanced Encryption Standard (AES), and the like.

If the security information corresponding to the AP information received from the terminal 200 is stored in the database unit 330 of the AP verification platform 300 , the terminal 200 provides the security of the neighboring APs from the AP verification platform 300 . It is also possible to receive information (S430). Specifically, the AP verification platform 300 queries the database for the received AP information, and if it is an AP whose safety level has already been analyzed, extracts the safety level information of the corresponding AP from the database and provides it to the terminal 200 . can do.

The AP safety level information that the terminal 200 receives from the AP verification platform 300 is encryption connection safety, DNS (Domain Name Server) safety (or pharming safety), ARP (Address Resolution Protocol) spoofing. It may include at least one of a safety level and an external illegal access safety level. Each safety level evaluation method will be described in detail through examples.

The terminal 200 may evaluate the safety level of the neighboring APs based on the AP safety level information received from the AP verification platform 300 . Specifically, the terminal 200 may evaluate the safety level of the AP by digitizing (scoring) or grading the safety level of the AP based on the received AP safety level information.

As an example, Table 1 below illustrates an evaluation table for calculating a score for the AP's safety level.

Item division score Encryption connection safety No encryption -40 Encryption applied WEP/WPA -20 WPA2 0 DNS safety Weak (harmful DNS) -40 Safe (normal DNS) 0 ARP spoofing safety Vulnerable (possible) -10 Safe (no possibility) 0 External illegal access safety Weak (unnecessary port open outside) -10 Safe (close port outside unnecessary) 0

The terminal 200 may calculate the safety evaluation grade for the AP by adding a weight for each item to the default value of the safety evaluation score. For example, when the reference value is 100 points and the encryption method of the neighboring AP is WPA, the AP safety level may be calculated as 80 points (100-20).

In Table 1, the encryption connection safety is subdivided into three grades, and the DNS security, ARP spoofing safety, and external illegal access safety are exemplified as being subdivided into two grades (safe / weak). Contrary to the illustration, each safety level may be subdivided into a larger number of grades or a smaller number of grades.

The terminal 200 may determine the AP safety evaluation grade based on the calculated AP safety evaluation score.

As an example, Table 2 exemplifies safety evaluation grades for each safety evaluation score.

Safety Rating Rating score range safety 91 to 100 points usually 61-90 points danger 0-60 points

In Table 2, the safety evaluation grades are exemplified as being subdivided into three grades, but the safety evaluation grades may be subdivided into more or fewer grades.

In the above-described embodiment, it has been described that the terminal 200 determines the safety evaluation score and the safety evaluation grade for the neighboring APs based on the AP safety information received from the AP verification platform 300 . Contrary to the description, the terminal 200 may receive, from the AP verification platform 300 , safety evaluation information (eg, a safety evaluation score and a safety evaluation grade) for neighboring APs.

Referring back to FIG. 4 , the terminal 200 may output an AP list based on the collected AP information and the AP safety level information received from the AP verification system ( S440 ). In this case, the AP list may include information on APs around the terminal 200 and safety evaluation information (safety evaluation score and safety evaluation grade) of the AP.

As an example, FIG. 5 is a diagram illustrating an example in which the terminal 200 outputs an AP list.

When the terminal 200 searches for a plurality of APs, the terminal 200 may output an AP list including information on each of the plurality of APs. In this case, the information on each AP on the AP list may include identification information of the AP, a degree of safety for the AP, and the like. As an example, in FIG. 5A , each item of the AP list is exemplified as including the AP's SSID, the AP's signal strength, the AP's safety evaluation score, and the AP's safety evaluation grade.

The terminal 200 may sort AP information on the AP list according to a predetermined criterion. As an example, the terminal 200 may sort the AP list in descending order (or ascending order) based on at least one of an AP signal strength, an AP safety evaluation score, and an AP safety evaluation grade.

When any one of the AP list is selected, the terminal 200 may output detailed safety level information for the selected AP. As an example, FIGS. 5B and 5C are diagrams illustrating an example in which detailed safety level information is output. When any one AP is selected from the AP list or the terminal 200 is connected to a predetermined AP, as in the example shown in FIG. 5(b) and (c), the selected AP or A pop-up window including information such as a safety evaluation grade, a safety evaluation score, and items impeding safety for the connected AP may be output.

Although not shown in FIG. 5 , the terminal 200 considers at least one of the signal strength of the AP and the safety evaluation information of the AP (eg, the AP's safety evaluation score or the AP safety evaluation grade), and the plurality of APs Among them, you can select a recommended AP. Even if the AP safety level is high, smooth communication cannot be expected if the AP signal strength is low. Accordingly, the terminal 200 may select a recommended AP in consideration of not only the AP's safety level but also the AP's signal strength. As an example, the terminal 200 may extract an AP having a safety evaluation score or grade of the AP equal to or greater than a predetermined standard, and may select an AP having the highest signal strength among the extracted APs as a recommended AP. As another example, the terminal 200 may extract an AP having a signal strength of the AP equal to or greater than a predetermined reference value, and may select an AP having the highest safety evaluation score or grade among the extracted APs as the recommended AP.

When there are a plurality of APs meeting the recommended AP selection criteria, the terminal 200 may select the recently accessed AP or the most accessed AP as the recommended AP. For example, when there are two APs having the same safety evaluation score or grade among APs having signal strength of the APs equal to or greater than a predetermined reference value, the terminal 200 accesses the most recently accessed AP among the two APs or accesses one of the two APs. An AP with high frequency may be selected as a recommended AP.

When the recommended AP is selected, the terminal 200 may visually identify and display the recommended AP on the AP list. For example, the terminal 200 may visually identify and display the recommended AP by displaying the AP selected as the recommended AP at the top of the AP list, or by displaying an image indicating that the AP selected as the recommended AP is selected on the item selected as the recommended AP. can

The terminal 200 may automatically connect (IP_connected) to an AP with the highest level of safety among APs included in the AP list, an AP with the highest signal strength, or an AP selected as a recommended AP. If, while the terminal 200 is connected to the AP, a condition that cannot maintain the connection to the AP is satisfied, the terminal 200 releases the connection to the AP, and the next-priority AP (eg, the level of safety is It can connect to the next highest AP, the AP with the next highest signal strength, or the next-priority recommended AP, etc.). Here, the condition that the terminal 200 and the AP are switched is when the connection status with the AP is below a predetermined grade, when the signal strength of the AP is below the reference value, the safety evaluation grade of the AP is down-regulated cases may be included.

By automatically connecting to an AP having high signal strength or safety, the terminal 200 can be seamlessly connected to an optimal AP that satisfies both security and availability.

As another example, the terminal 200 may be connected to an AP selected by the user from the AP list.

After the terminal 200 is connected to the AP, the terminal 200 itself can evaluate the safety level of the AP based on the network information collected from the AP. The collected AP network information and the AP safety level evaluated by the terminal 200 may be transmitted to the AP verification platform 300 . The AP verification platform 300 may update the AP safety level information stored in the database based on the network information and the AP safety level information received from the terminal 200 .

6 is a diagram illustrating an example in which the terminal 200 collects network information and evaluates the safety level of the AP based on the collected network information. Referring to FIG. 6 , first, when the terminal 200 is connected to the AP (IP_connected) (S610), the terminal 200 may collect network information from the AP (S620). In this case, the network information may include a DNS address (eg, DNS IP address) of the AP, a MAC address table of the AP, port information of the AP, and the like.

Some of the network information may be used to evaluate the safety level of the AP in the terminal 200 , and the rest may be used to evaluate the security level of the AP in the AP verification platform 300 . For convenience of explanation, the MAC address table and port information of the AP among the network information are used to evaluate the security level of the AP in the terminal 200 , and the DNS address is used to evaluate the security level of the AP in the AP verification platform 300 . assumed to be

The AP safety evaluation using the MAC address table and the AP port information may be performed in the AP verification platform 300 instead of the terminal 200, and the AP safety evaluation using the DNS address may be performed in the terminal 200. However, in the embodiments to be described later, the operation of each component will be described by applying the above assumption.

The terminal 200 may transmit a DNS address among the collected network information to the AP verification platform 300 ( S620 ). The DNS address transmitted to the AP verification platform 300 may be used to evaluate the DNS security level of the AP.

Next, the terminal 200 may evaluate the security level of the AP based on the collected MAC address table and port information. First, the terminal 200 may check the MAC address table of the AP to evaluate the possibility of an ARP spoofing attack. For the ARP spoofing attack, the MAC address of the terminal 200 that attacks using the ARP spoofing is highly likely to be registered in the AP at least two. Accordingly, the terminal 200, when there are two or more identical MAC addresses in the AP (S630), determines the ARP spoofing safety level as 'vulnerable' (S640), otherwise, the ARP spoofing safety level is 'safe' It can be determined as (S645).

For ARP spoofing safety evaluation, the terminal 200 may use any ARP packet. For example, when connected to the AP, the terminal 200 generates an arbitrary ARP packet (specifically, an ARP REQUEST packet) based on the IP address of the gateway and the MAC address of the terminal 200, and transmits the generated ARP packet. transmit to the network. Specifically, the terminal 200 may generate an arbitrary ARP REQUEST packet by mapping the IP address of the gateway and the MAC address of the terminal 200 to the sender's address, and broadcast the generated ARP packet. . In this case, the sender's IP address (Target's Address) may be set to the IP address of an arbitrary terminal connected to the same gateway as the terminal.

Thereafter, if a response (specifically, ARP RESPONSE packet) to the ARP packet directed to the gateway is also received by the terminal, the ARP spoofing safety level is determined as 'weak', otherwise, the ARP spoofing safety level is set to 'safe'. can judge

When the evaluation of the ARP spoofing safety level is completed, the terminal 200 may transmit the ARP spoofing safety level evaluation result to the AP verification platform 300 (S650).

Next, the terminal 200 may evaluate the external illegal access security level of the AP based on the port information of the AP. Specifically, the terminal 200 may check whether a service port that is likely to be attacked through remote access among specific ports of an AP connected through an application is open to the outside. Here, the service port may include at least one of telnet (tcp 23), SSH (tcp 22), FTP (tcp 21), http (tcp 80), and https (tcp 443). When at least one of the service ports is open to the outside (S660), it may be determined that the external illegal access safety level is 'vulnerable' (S670). Otherwise, when the service port is closed so that it cannot be accessed from the outside, it may be determined that the external illegal access safety level is 'safe' (S675).

As another example, the terminal 200 may determine the external illegal access safety level by further considering whether the service port is open to the outside and whether it is actually easily accessible from the outside to the inside of the AP. In the case of telnet (tcp 23), SSH (tcp 22), FTP (tcp 21), http (tcp 80), https (tcp 443), etc., these are service ports used for remote access to the AP. Analyze whether access to the inside of the AP is possible through the port. To this end, the AP may evaluate whether access to the inside of the AP is possible without authentication through the corresponding port, or whether access to the inside of the AP is possible using previously known account information such as root or admin.

In this case, the previously known account information may be stored and managed in the database of the AP verification platform 300 . The terminal 200 may receive previously known account information from the database of the AP verification platform 300 and attempt to access the inside of the AP based on the received account information.

If access to the inside of the AP is possible without authentication through the service port or access to the inside of the AP is possible using previously known account information, the external illegal access security level may be judged to be 'vulnerable'. Otherwise, if it is impossible to access the inside of the AP without authentication through the service port, or if it is impossible to access the inside of the AP using previously known account information, the external illegal access safety level may be determined to be 'safe'.

When the evaluation of the external illegal access safety level is completed, the terminal 200 may transmit the evaluation result of the external illegal access safety level to the AP verification platform 300 .

In the above-described embodiment, after evaluating the ARP spoofing safety level, it has been described that the evaluation of the external illegal access safety level is performed. The evaluation order of the ARP spoofing safety level and the external illegal access safety level is not limited to the illustrated example. After evaluating the external illegal access safety level, the ARP spoofing safety level may be evaluated, and the ARP spoofing safety level evaluation and the external illegal access safety level evaluation may be performed in parallel.

Although not shown, the terminal 200 may evaluate the encryption security level information of the AP based on the encryption method of the AP. When the evaluation of the encryption safety level is completed, the terminal 200 may transmit the evaluation result of the encryption security level to the AP verification platform 300 .

Thereafter, the terminal 200 may receive updated AP safety level information from the AP verification platform 300 . The terminal 200 may update the AP list based on the updated AP safety level information. For example, when the safety information of the AP to which the terminal 200 is connected is changed, the terminal 200 may update the safety evaluation score or safety evaluation grade of the corresponding AP on the AP list (S680). For example, when the currently connected safety evaluation score or safety evaluation grade is changed, the terminal 200 may control the changed evaluation score or the changed evaluation grade to be output through the display unit. Since the example of outputting the safety evaluation information has been described with reference to FIG. 5 , a detailed description thereof will be omitted.

As another example, when the safety evaluation result (eg, safety evaluation score or safety evaluation grade) of the AP is changed to less than or equal to a preset reference value due to the updated AP safety information, the terminal 200 connects to the AP can be turned off. Then, the terminal 200 may automatically attempt to connect to any one of the remaining APs except for the disconnected AP in consideration of the safety level and signal strength of the remaining APs. For example, the terminal 200 connects to an AP having the highest safety evaluation score or safety evaluation grade among remaining APs other than the disconnected AP, or the safety evaluation score or safety evaluation grade is a predetermined reference value. It is possible to connect to the AP having the highest signal strength among the above APs. As another example, the AP may connect to an AP having the highest safety evaluation score or safety evaluation grade among APs having a signal strength equal to or greater than a predetermined reference value.

When disconnecting from the AP and attempting to connect to the new AP, the terminal 200 may disconnect the existing AP and output a message indicating that the connection is made to the new AP.

In the above-described embodiment, it has been described that the terminal 200 releases the connection with the AP when the safety evaluation result of the AP is changed to be less than or equal to the preset reference value. As another example, when the safety evaluation result of the AP is changed to be less than or equal to a preset reference value, the terminal 200 may output a message indicating that the AP's safety evaluation result has been downgraded without disconnecting the connection to the AP.

When the terminal 200 is connected to the AP, the terminal 200 may output an indicator indicating that the terminal 200 is connected to the AP. In this case, the visual effect applied to the indicator may be changed according to the safety evaluation result of the connected AP. Here, changing the visual effect means changing an element that can visually identify the indicator, such as the shape, color, and size of the indicator.

As an example, FIG. 7 is a diagram illustrating an example in which a visual effect applied to an indicator is changed according to a safety evaluation result of the AP. When the terminal 200 is connected to the AP, the terminal 200 may output an indicator indicating that the terminal 200 is connected to the AP. For example, as in the example shown in FIG. 7A , the terminal 200 may output an indicator 710 indicating that the AP is connected to the status bar. In this case, the terminal 200 may determine a visual effect to be applied to the indicator 710 according to the safety evaluation result of the AP. As an example, if the safety evaluation result of the AP is equal to or greater than a preset reference value, the terminal 200 may control the indicator 710 to have a first color, as in the example shown in FIG. 7A . have.

When the updated AP safety information is received from the AP verification platform 300, and the safety evaluation result of the AP calculated based on the updated AP safety information falls below a preset reference value, the terminal 200 may control the indicator 710 to have a second color, as in the example shown in FIG. 7B .

As in the example shown in FIG. 7 , by determining the visual effect applied to the indicator 710 based on the AP safety evaluation result, it is possible to provide the effect that the user can easily recognize the AP safety level.

Next, a method for the AP verification platform 300 to provide AP safety level information to the terminal 200 and a method for evaluating the AP safety level will be described in detail.

8 is a diagram illustrating an example in which the AP verification platform 300 provides AP safety level information to the terminal 200 . FIG. 8 relates to the operation of the AP verification platform 300 corresponding to the operation of the terminal 200 described above with reference to FIG. 4 .

When the terminal 200 searches for a neighboring AP, the collection unit 310 may receive information on the AP around the terminal 200 from the terminal 200 ( S810 ). In this case, the AP information may include an SSID of the AP, address information of the AP, and encryption method information of the AP.

When AP information is received from the terminal 200 , the collection unit 310 inquires whether the safety information of the AP having the same address value (eg, the AP having the same MAC address) is stored in the database unit 330 . can be (S820).

When the safety level information of the AP having the same address value is stored in the database unit 330 , the collection unit 310 may transmit the safety level information of the corresponding AP to the terminal 200 ( S830 ).

Otherwise, when the security level information of the AP cannot be inquired in the database unit 330, a new AP may be registered in the database unit 330 based on the received AP information (S840).

In this case, the AP safety level information for the new AP may be set to a preset value. As an example, at least one of encryption connection safety, Domain Name Server (DNS) safety, ARP (Address Resolution Protocol) spoofing safety, and external illegal access security level among AP safety information has a default value set. can

Although not shown in FIG. 8 , when a new AP is registered in the database unit 330 , the analysis unit 320 may evaluate the encryption connection security level of the AP based on the information on the encryption method of the AP among the received AP information. have. The database unit 330 may update the security level information of the newly registered AP based on the result of the encryption connection safety level evaluation performed by the analysis unit 320 .

The collection unit 310 provides the terminal 200 with safety level information of the newly registered AP (ie, safety level information having a default value or safety level information analyzed for some items by the analysis unit 320 ). can do.

In FIG. 8 , the AP verification platform 300 is illustrated as providing safety level information to the terminal 200 , but the present invention is not limited thereto. The AP verification platform 300 may provide the terminal 200 with an AP safety evaluation score and/or an AP safety evaluation grade calculated (or determined) based on the safety information to the terminal 200 . At this time, when the AP is newly registered in the database unit 330, the AP safety evaluation score and/or the AP safety evaluation grade has a default value, or a value that reflects the evaluation result of the encryption connection safety to a default value. will be able to have

As another example, when the database unit 330 cannot inquire the safety level information of the AP having the same address value as the address value of the APs around the terminal 200, the AP verification platform 300 sends the corresponding AP to the terminal 200. It can also transmit a message notifying that the search for safety information of safety information has failed.

In this case, when evaluating the safety level of the corresponding AP, the terminal 200 may set a safety evaluation score or a safety evaluation grade as a default value.

9 is a diagram illustrating an example in which the AP verification platform 300 updates safety level information of the AP. FIG. 9 is related to the operation of the AP verification platform 300 corresponding to the operation of the terminal 200 described above with reference to FIG. 6 .

When the terminal 200 is connected to the AP, the AP verification platform 300 may receive network information of the AP connected to the terminal 200 from the terminal 200 (S910). Here, the network information may include the DNS address of the AP.

The analyzer 320 may evaluate the DNS security level of the AP based on the network information of the AP received from the terminal 200 . DNS safety evaluation can be evaluated through the following three steps. However, since the following three steps are not all essential, DNS safety evaluation may be performed while some steps are omitted.

As a first step, the analyzer 320 may check whether the DNS address of the AP is registered in the pre-registered harmful DNS black list (S915). The harmful DNS black list may be stored or managed in the database unit 330 .

When the DNS address of the AP exists in the harmful DNS black list (S920), the analysis unit 320 may evaluate the DNS security level of the AP as 'weak' (S925). In addition, the analysis unit 320 may newly register the DNS address of the AP in the harmful DNS black list of the database unit 330 ( S965 ).

If the DNS address of the AP does not exist in the harmful DNS black list, the analysis unit 320 may receive and compare a response value between the normal DNS address and the DNS address of the AP with respect to a predetermined domain address in a second step. There is (S930). In this case, the normal DNS address and domain address may be stored or managed in the database unit 330 .

When a plurality of normal DNS addresses are registered in the database unit 330, the analysis unit 320 arbitrarily selects any one of a plurality of DNS addresses registered in the database or selects any one of the plurality of DNS addresses according to a preset policy. You can choose.

When a plurality of domain addresses are registered in the database unit 330, the analysis unit 320 arbitrarily selects any one of the plurality of domain addresses registered in the database, or selects any one of the plurality of domain addresses according to a preset policy. You can choose. For example, the AP verification system receives the Internet access record of the terminal 200 from the terminal 200, and corresponds to a web page recently accessed by the user or a web page with a high number of access by the user among the received Internet access records. You can select a domain name to be used as a domain address to evaluate DNS safety.

When the setting of the normal DNS address and the domain address is completed, the analyzer 320 may compare response values of the normal DNS address and the DNS address of the AP with respect to the domain address (S935). When the response values of the two DNS addresses to the domain address do not match, the analysis unit 320 may evaluate the DNS safety level as 'weak' (S940). In addition, the analysis unit 320 may newly register the DNS address of the AP in the harmful DNS black list of the database unit 330 ( S965 ).

When the response values of both DNS addresses to the domain address match, the analysis unit 320 may analyze a web source that is responded to when the domain address is connected using the DNS of the AP in a third step ( S945). Specifically, the analyzer 320 may determine the DNS safety level based on whether a malicious code is included in the web source string in the HTTP response to the web page (S950). Here, the harmful code may be stored or managed in the database unit 330 .

When it is determined that the HTTP response web source contains a harmful code, the analysis unit 320 may determine the DNS security level of the AP as 'vulnerable' (S955). In addition, the analysis unit 320 may newly register the DNS address of the AP in the harmful DNS black list of the database unit 330 ( S965 ). Otherwise, when it is determined that the HTTP response web source does not contain harmful codes, the analysis unit 320 may determine the DNS safety level of the AP as 'safe' (S960).

When the DNS safety level evaluation of the AP is completed, the analysis unit 320 may update the AP safety level information based on the DNS safety level evaluation (S970).

In addition, when the ARP spoofing safety level and the external illegal access safety level are received from the terminal 200, the security level information of the AP may be updated based on the received ARP spoofing safety level and the external illegal security level.

Although not shown, the analysis unit 320 may evaluate the encryption security level of the AP based on the encryption information of the AP, and update the security level information of the AP based on the encryption security evaluation.

Thereafter, the collection unit 310 may provide the updated safety level information of the AP to the terminal 200 (S975).

As another example, as the safety level information of the AP is updated, the collection unit 310 may provide the updated safety level information of the AP to the terminal 200 only when the safety level information of the AP is changed.

In FIG. 9 , it is illustrated that the analysis unit 320 evaluates the DNS security level of the AP based on the network information received from the terminal 200 . As another example, when the collection unit 310 in the AP verification platform 300 receives the network information of the AP from the terminal 200, instead of evaluating the DNS safety in the AP verification platform 300, the DNS of the AP in the big data system A safety analysis may be requested. In this case, the AP verification platform 300 may update the AP safety level information stored in the database unit 330 based on the DNS safety analysis result received from the big data system.

According to an embodiment of the present invention, the above-described method (operation flow chart) can be implemented as a processor-readable code in a program (or application) or a medium in which the program is recorded. Examples of the processor-readable medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc., and may be implemented in the form of a carrier wave (eg, transmission over the Internet). include

For each of the components described as above, the configuration and method of the above-described embodiments are not limitedly applicable, but the embodiments are configured by selectively combining all or part of each embodiment so that various modifications can be made. it might be

100: terminal
200: AP (Access Point)
300: AP verification platform

Claims (18)

outputting safety evaluation information for an access point (AP) around the terminal;
connecting the terminal to the AP;
When the terminal is connected to the AP, the terminal acquires domain name system (DNS) address information of the AP, medium access control (MAC) address table information of the AP, and port information of the AP from the AP to evaluate the security level of the AP to do; and
based on the safety evaluation result of the AP connected to the terminal, updating and outputting the safety evaluation information of the AP;
When evaluating the security level of the AP, the ARP spoofing safety level is evaluated based on whether two or more identical MAC addresses are registered in the MAC address table according to the MAC address table information,
If two or more of the same MAC address is not registered in the MAC address table, the ARP spoofing safety is evaluated as safe,
When two or more of the same MAC address is registered in the MAC address table, the ARP spoofing safety is evaluated based on whether there is an open port among the service ports of the AP according to the port information of the AP,
If the open port exists among the service ports of the AP, it is evaluated that the ARP spoofing safety level is not secure,
If the open port does not exist among the service ports of the AP, the ARP spoofing safety is evaluated as safe, the access point safety information providing method.
The method of claim 1,
When a plurality of APs exist around the terminal, the step of connecting the terminal to the AP comprises:
The method of providing access point safety information, characterized in that the terminal automatically connects to the AP based on the safety evaluation information of each of the plurality of APs. The method of claim 1,
As the safety evaluation information of the AP connected to the terminal is updated, when the safety evaluation information of the AP falls below a reference value, the terminal disconnects the connection with the AP, access point safety information How to provide. 4. The method of claim 3,
When a plurality of APs exist in the vicinity of the terminal, the terminal automatically connects to any one of the plurality of APs except for the AP whose safety evaluation information has fallen below a reference value, access point safety information How to provide. The method of claim 1,
The step of outputting the safety evaluation information for the AP includes:
transmitting, by the terminal, information on the AP to a server;
receiving safety level information on the AP from the server when the AP is registered in a database of the server; and
Based on the received safety level information of the AP, comprising the step of outputting the safety evaluation information for the AP, access point safety information providing method. The method of claim 1,
The step of updating the safety evaluation information of the AP includes:
transmitting, by the terminal, a safety evaluation result of the AP to a server;
receiving, by the terminal, updated safety level information of the AP from the server; and
Based on the updated safety level information of the AP, comprising the step of updating the safety evaluation information for the AP, access point safety information providing method. delete delete delete delete AP (Access Point) and a communication unit for communicating with the server;
a display unit for outputting safety evaluation information for the AP; and
When the communication unit is connected to the AP, a control unit for evaluating the security level of the AP by acquiring domain name system (DNS) address information of the AP, medium access control (MAC) address table information of the AP, and port information of the AP from the AP including,
The control unit controls so that safety evaluation information for the AP is updated and output based on the safety evaluation result of the AP;
When evaluating the security level of the AP, the ARP spoofing safety level is evaluated based on whether two or more identical MAC addresses are registered in the MAC address table according to the MAC address table information,
If two or more of the same MAC address is not registered in the MAC address table, the ARP spoofing safety is evaluated as safe,
When two or more of the same MAC address is registered in the MAC address table, the ARP spoofing safety is evaluated based on whether there is an open port among the service ports of the AP according to the port information of the AP,
If the open port exists among the service ports of the AP, it is evaluated that the ARP spoofing safety level is not secure,
If the open port does not exist among the service ports of the AP, the ARP spoofing safety level is evaluated as safe, the terminal device.
Receiving information about an AP (Access Point) around the terminal from the terminal;
inquiring into a database unit for safety level information on the AP;
providing safety level information on the AP to the database unit according to the inquiry result;
When the terminal is connected to the AP, receiving network information of the AP from the terminal, wherein the network information includes DNS (domain name system) address information of the AP, MAC (medium access control) address table information of the AP, and including port information of the AP;
evaluating the security level of the AP based on the network information; and
updating the safety level information on the AP registered in the database unit based on the safety level evaluation result of the AP;
When evaluating the security level of the AP, the ARP spoofing safety level is evaluated based on whether two or more identical MAC addresses are registered in the MAC address table according to the MAC address table information,
If two or more of the same MAC address is not registered in the MAC address table, the ARP spoofing safety is evaluated as safe,
When two or more of the same MAC address is registered in the MAC address table, the ARP spoofing safety is evaluated based on whether there is an open port among the service ports of the AP according to the port information of the AP,
If the open port exists among the service ports of the AP, it is evaluated that the ARP spoofing safety level is not secure,
If the open port does not exist among the service ports of the AP, the ARP spoofing safety is evaluated as safe, the access point safety information providing method.
13. The method of claim 12,
The access point safety level evaluation method further comprises receiving, from the terminal, a safety level evaluation result of the AP evaluated by the terminal,
The update of the safety level information of the AP is characterized in that performed based on a safety level evaluation result based on the network information and a safety level evaluation result received from the terminal, the access point safety level information providing method. delete delete delete delete a database unit for storing safety level information on an access point (AP) around the terminal;
a collection unit for collecting information on the AP and network information of the AP from a terminal; and
Comprising an analysis unit to evaluate the safety level of the AP based on the network information,
The analysis unit updates the safety level information on the AP registered in the database unit based on the safety level evaluation result of the AP,
When evaluating the security level of the AP, the ARP spoofing safety level is evaluated based on whether two or more identical MAC addresses are registered in the MAC address table according to the MAC address table information,
If two or more of the same MAC address is not registered in the MAC address table, the ARP spoofing safety is evaluated as safe,
When two or more of the same MAC address is registered in the MAC address table, the ARP spoofing safety is evaluated based on whether there is an open port among the service ports of the AP according to the port information of the AP,
If the open port exists among the service ports of the AP, it is evaluated that the ARP spoofing safety level is not secure,
If the open port does not exist among the service ports of the AP, the ARP spoofing safety level is evaluated as safe, the server device.

Images