移动平台典型应用的身份认证问题研究  被引量:4

Issues of identity verification of typical applications over mobile terminal platform

在线阅读下载全文

作  者:张效林 谷大武[1,2] 张驰 ZHANG Xiaolin;GU Dawu;ZHANG Chi(School of Electronic Information and Electrical Engineering,Shanghai Jiaotong University,Shanghai 200240,China;School of Cyber Engineering,Xidian University,Xi’an 710126,China)

机构地区:[1]上海交通大学电子信息与电气工程学院,上海200240 [2]西安电子科技大学网络与信息安全学院,陕西西安710126

出  处:《网络与信息安全学报》2020年第6期137-151,共15页Chinese Journal of Network and Information Security

基  金:国家电网有限公司总部科技项目(2019GW−12)。

摘  要:近年来的研究表明,针对USIM卡的攻击手段日益增多,在5G环境下攻击者也能使用复制的USIM卡绕过某些正常应用的身份认证,进而获取用户信息。在USIM可被复制的条件下,研究了移动平台上典型应用的身份认证流程,通过分析用户登录、重置密码、执行敏感操作的应用行为给出身份认证树。在此基础上,测试了社交通信、个人健康等7类58款典型应用,发现有29款认证时仅需USIM卡接收的SMS验证码便可通过认证。针对该问题,建议应用开启两步验证,并结合USIM防伪等手段完成认证。Recent studies have shown that attacks against USIM card are increasing,and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access.Considering the USIM card being cloned easily even under 5G network,the identity verification process of the popular mobile applications over mobile platform was analyzed.The application behaviors were profiled while users were logging in,resetting password,and performing sensitive operations,thereby the tree model of application authentication was summarized.On this basis,58 popular applications in 7 categories were tested including social communication,healthcare,etc.It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions.To address this issue,two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process.

关 键 词:移动应用 USIM复制 SMS 身份认证 移动应用测试 

分 类 号:TP311.1[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象