Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2017, Vol. 57 Issue (9) : 897-902     DOI: 10.16511/j.cnki.qhdxxb.2017.26.037
COMPUTER SCIENCE AND TECHNOLOGY |
Login authentication vulnerability mining and improved login authentication method based on an open source intelligent terminal
LIU Wu1, WANG Yongke2, SUN Donghong1, REN Ping3, LIU Ke4
1. Institute of Network Science and Network Space, Tsinghua University, Beijing 100084, China;
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
3. College of Mathematics Science, Chongqing Normal University, Chongqing 400047, China;
4. China Citic Bank Branch of Tsinghua Science and Technology Park, Beijing 100084, China
Download: PDF(1098 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  Open source intelligent terminals have many advantages in intelligent smart phones with endless applications of intelligent terminals based on open source codes. However, there are also many security risks for applications using intelligent terminals. This study analyzes the login authentication of a mainstream Android application in today's market by reverse analysis. The security flaws for current login authentication mechanisms are evaluated to discover potential security vulnerabilities in intelligent terminal devices. An improved for login authentication scheme is then given which effectively improves the security of intelligent terminal systems.
Keywords computer networks      login authentication mechanism      security vulnerabilities      network security      intelligent terminal devices      mobile Internet     
ZTFLH:  TP393.0  
Issue Date: 15 September 2017
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
LIU Wu
WANG Yongke
SUN Donghong
REN Ping
LIU Ke
Cite this article:   
LIU Wu,WANG Yongke,SUN Donghong, et al. Login authentication vulnerability mining and improved login authentication method based on an open source intelligent terminal[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 897-902.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.26.037     OR     http://jst.tsinghuajournals.com/EN/Y2017/V57/I9/897
  
  
  
  
  
  
  
  
[1] 中国互联网络信息中心. 中国互联网络发展状况统计报告.. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201701/P020170123364672657408.pdf. China Internet Network Information Center. China Internet Development Statistics Report.. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201701/P020170123364672657408.pdf. (in Chinese)
url: http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201701/p020170123364672657408.pdf. china internet network information center. china internet development statistics report.. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201701/p020170123364672657408.pdf. (in chinese)
[2] Strategy Analytics Company. Wireless Smartphone Strategies.. http://www.strategya-nalytics.com/default.aspx?mod=saservice&a0=91&m=5#1.
url: http://www.strategya-nalytics.com/default.aspx?mod=saservice&a0=91&m=5#1.
[3] 张一文, 雷友珣. Android"碎片化" 问题的适配方案的分析与应用[J]. 软件, 2015, 36(12):180-183.Zhang Y W, Lei Y X. An analysis and application for adaptation solutions of Android fragmentation[J]. Computer Engineering & Software, 2015, 36(12):180-183. (in Chinese)
url: http://dx.doi.org/ter Engineering
[4] Yuan Z, Lu Y, Xue Y. Droid detector:Android malware characterization and detection using deep learning[J]. Tsinghua Science & Technology, 2016, 21(1):114-123.
url: http://dx.doi.org/hua Science
[5] Feizoliah A, Anuarn B, Salleh R, et al. A review on feature selection in mobile malware detection[J]. Digital Investigation, 2015, 6(13):22-37.
[6] Yang X L. Malicious detection based on reliefF and boosting multidimensional features[J]. Journal of Communications, 2015, 10(11):910-917.
[7] IETF OAuth Work Group. OAuth Protocol.. http://oauth.net/.
url: http://oauth.net/.
[8] 陈伟, 杨伊彤, 牛乐园. 改进的OAuth 2.0协议及其安全性分析[J]. 计算机系统应用, 2014, 23(3):25-30.Chen W, Yang Y T, Niu L Y. Improved OAuth 2.0 protocol and analysis of its security[J]. Computer Systems and Applications, 2014, 23(3):25-30. (in Chinese)
[9] Schneier B. Two-factor authentication:Too little, too late[J]. Communications of the ACM, 2005, 48(4):136.
[10] Shehab M, Marouf S. Recommendation models for open authorization[J]. Dependable and Secure Computing, 2012, 9(4):583-596.
[11] Wang R, Zhou Y, Chen S, et al. Explicating SDKs:Uncovering assumptions underlying secure authentication and authorization[C]//Proceedings of the 22nd USENIX Conference on Security (SEC 2013). Berkeley, CA, USA:ACM, 2013:399-414.
[12] IETF OAuth Work Group. The OAuth 2.0 Authorization Framework.. https://tools.ietf.org/html/rfc6749#page-61.
[13] Chen E, Pei Y, Chen S, et al. OAuth demystified for mobile application developers[C]//Proceedings of the ACM Conference on Computer and Communications Security (CCS 2014). Scottsdale, AZ, USA:ACM, 2014:892-903.
[14] 王焕孝, 顾纯祥, 郑永辉. 开放授权协议OAuth2.0的安全性形式化分析[J]. 信息工程大学学报, 2014, 15(2):141-147.Wang H X, Guo C X, Zheng Y H. Formal security analysis of OAuth2.0 authorization protocol[J]. Journal of Information Engineering University, 2014, 15(2):141-147. (in Chinese)
[15] Mariantonietta L P, Febio M, Daniele S. A survey on security for mobile devices[J]. IEEE Communications Surveys & Tutorials, 2013, 15(1):446-471.
url: http://dx.doi.org/Communications Surveys
[16] William E, Machigar O, Patrick M. Understanding Android security[J]. IEEE Security and Privacy, 2009, 7(1):50-57.
[17] Asaf S, Yuval F, Uri K, et al. Google Android:A comprehensive security assessment[J]. IEEE Security and Privacy, 2010, 8(2):35-44.
[18] Zhang Y, Fang J, Wang K, et al. Overview of Android security vulnerabilities mining technology[J]. Computer Research and Development, 2015, 52(10):2167-2177.
[19] Enck W, Ongtang M, Mcdaniel P. Understanding Android security[J]. IEEE Security and Privacy, 2009, 7(1):50-57.
[1] PING Guolou, ZENG Tingyu, YE Xiaojun. Unsupervised network traffic anomaly detection based on score iterations[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(5): 819-824.
[2] JIA Fan, YAN Yan, YUAN Kaiguo, ZHAO Lujing. Security analysis of 5G authentication and key agreement protocol[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(11): 1260-1266.
[3] ZHAO Xiaolin, JIANG Xiaoyi, ZHAO Jingjing, XU Hao, GUO Jiong. Metrics for network attack and defense effectiveness based on differential manifolds[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 380-385.
[4] SU Hui, TAN Qi, ZHAO Yi, XU Ke. Pricing strategy and revenue allocation between service providers in mobile sponsored markets[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 8-13.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd