Please use this identifier to cite or link to this item:
https://hdl.handle.net/20.500.11851/5944
Title: | Security Analysis of Mobile Authenticator Applications | Authors: | Özkan, C. Bıçakcı, Kemal |
Keywords: | Android Android Key Store Authentication Cryptographic Controls Mobile Authenticator Mobile Security Obfuscation ProGuard Reverse Engineering Two Factor Authentication |
Publisher: | Institute of Electrical and Electronics Engineers Inc. | Source: | 13th International Conference on Information Security and Cryptology, ISCTURKEY 2020, 3 December 2020 through 4 December 2020, , 166977 | Abstract: | Deploying Two-Factor Authentication (2FA) is one of the highly-recommended security mechanism against account hijacking attacks. One of the common methods for 2FA is to bring something you know and something you have factors together. For the latter we have options including USB sticks, smart cards, SMS verification, and one-time password values generated by mobile applications (soft OTP). Due to the cost and convenience reasons, deploying 2FA via soft OTPs is more common. However, unlike smart cards which have tamper resistance property, attackers can access smartphones remotely or physically so that they can fetch shared secret seed value - an important security risk for mobile authenticators. For this reason, it is critical to analyze mobile authenticator applications in this context. In this paper, we report our findings after analyzing eleven different Android authenticator applications. We report that we have fetched cleartext shared secret seed value from storage in five applications and from memory in seven applications using standard reverse engineering techniques and open-source tools. © 2020 IEEE. | URI: | https://doi.org/10.1109/ISCTURKEY51113.2020.9308020 https://hdl.handle.net/20.500.11851/5944 |
ISBN: | 9781665418638 |
Appears in Collections: | Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection |
Show full item record
CORE Recommender
WEB OF SCIENCETM
Citations
7
checked on Dec 21, 2024
Page view(s)
70
checked on Dec 23, 2024
Google ScholarTM
Check
Altmetric
Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.