Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/5944
Full metadata record
DC FieldValueLanguage
dc.contributor.authorÖzkan, C.-
dc.contributor.authorBıçakcı, Kemal-
dc.date.accessioned2021-09-11T15:20:57Z-
dc.date.available2021-09-11T15:20:57Z-
dc.date.issued2020en_US
dc.identifier.citation13th International Conference on Information Security and Cryptology, ISCTURKEY 2020, 3 December 2020 through 4 December 2020, , 166977en_US
dc.identifier.isbn9781665418638-
dc.identifier.urihttps://doi.org/10.1109/ISCTURKEY51113.2020.9308020-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/5944-
dc.description.abstractDeploying Two-Factor Authentication (2FA) is one of the highly-recommended security mechanism against account hijacking attacks. One of the common methods for 2FA is to bring something you know and something you have factors together. For the latter we have options including USB sticks, smart cards, SMS verification, and one-time password values generated by mobile applications (soft OTP). Due to the cost and convenience reasons, deploying 2FA via soft OTPs is more common. However, unlike smart cards which have tamper resistance property, attackers can access smartphones remotely or physically so that they can fetch shared secret seed value - an important security risk for mobile authenticators. For this reason, it is critical to analyze mobile authenticator applications in this context. In this paper, we report our findings after analyzing eleven different Android authenticator applications. We report that we have fetched cleartext shared secret seed value from storage in five applications and from memory in seven applications using standard reverse engineering techniques and open-source tools. © 2020 IEEE.en_US
dc.description.sponsorshipAselsan;Havelsan;Huawei;NETAS;TURKSATen_US
dc.language.isoenen_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartof2020 International Conference on Information Security and Cryptology, ISCTURKEY 2020 - Proceedingsen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectAndroiden_US
dc.subjectAndroid Key Storeen_US
dc.subjectAuthenticationen_US
dc.subjectCryptographic Controlsen_US
dc.subjectMobile Authenticatoren_US
dc.subjectMobile Securityen_US
dc.subjectObfuscationen_US
dc.subjectProGuarden_US
dc.subjectReverse Engineeringen_US
dc.subjectTwo Factor Authenticationen_US
dc.titleSecurity Analysis of Mobile Authenticator Applicationsen_US
dc.typeConference Objecten_US
dc.departmentFaculties, Faculty of Engineering, Department of Computer Engineeringen_US
dc.departmentFakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümütr_TR
dc.identifier.startpage18en_US
dc.identifier.endpage30en_US
dc.identifier.wosWOS:000676395800004en_US
dc.identifier.scopus2-s2.0-85101066889en_US
dc.institutionauthorBıçakcı, Kemal-
dc.identifier.doi10.1109/ISCTURKEY51113.2020.9308020-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.relation.conference13th International Conference on Information Security and Cryptology, ISCTURKEY 2020en_US
item.openairetypeConference Object-
item.languageiso639-1en-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
crisitem.author.dept02.3. Department of Computer Engineering-
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

WEB OF SCIENCETM
Citations

7
checked on Dec 21, 2024

Page view(s)

70
checked on Dec 23, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.