Finding flaws from password authentication code in Android apps

Finding flaws from password authentication code in Android apps

Password authentication is widely used to validate users’ identities because it is convenient to use, easy for users to remember, and simple to implement. The password authentication protocol transmits passwords in plaintext, which makes the authentication vulnerable to eavesdropping and replay atta...

Full description

Saved in:

Bibliographic Details
Main Authors:	MA, Siqi, BERTINO, Elisa, NEPAL, Surya, LI, Jianru, DIETHELM, Ostry, DENG, Robert H., JHA, Sanjay
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2019
Subjects:	Authentication protocol flaws Automated program analysis Mobile application security Password authentication protocol Vulnerability detection Information Security
Online Access:	https://ink.library.smu.edu.sg/sis_research/4511 https://ink.library.smu.edu.sg/context/sis_research/article/5514/viewcontent/esorics19.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Orchestration or automation: Authentication flaw detection in Android apps
by: MA, Siqi, et al.
Published: (2022)

n PAKE+: a tree-based group password-authenticated key exchange protocol using different passwords
by: WAN, Zhiguo, et al.
Published: (2009)

A new approach for anonymous password authentication
by: YANG, Yanjiang, et al.
Published: (2009)

A survey on privacy frameworks for RFID authentication
by: SU, Chunhua, et al.
Published: (2012)

Replay tolerance of authentication protocols
by: Lam, K.-Y.
Published: (2014)

Vulnerability analysis of EMAP: An efficient RFID mutual authentication protocol
by: LI, Tieyan, et al.
Published: (2007)

Password-free network security through joint use of audio and video
by: Civanlar M.R., et al.
Published: (2018)

Efficient threshold password-authenticated secret sharing protocols for cloud computing
by: Yi, Xun, et al.
Published: (2020)

HASVC: An efficient hybrid authentication scheme for vehicular communication
by: Guo, H., et al.
Published: (2014)

A practical password-based two-server authentication and key exchange system
by: YANG, Yanjiang, et al.
Published: (2006)

Cross-domain password-based authenticated key exchange revisited
by: CHEN, Liqun, et al.
Published: (2013)

Two-factor mutual authentication based on smart cards and passwords
by: YANG, Guomin, et al.
Published: (2008)

FORMAL SECURITY ANALYSIS: SECRECY, AUTHENTICATION AND ATTESTATION
by: LI LI
Published: (2015)

Virtualization based password protection against malware in untrusted operating systems
by: CHENG, Yueqiang, et al.
Published: (2012)

Towards Secure and Usable Leakage-Resilient Password Entry
by: YAN, Qiang
Published: (2013)

Leakage-resilient password entry: Challenges, design, and evaluation
by: YAN, Qiang, et al.
Published: (2015)

An empirical study of SMS one-time password authentication in Android apps
by: MA, Siqi, et al.
Published: (2019)

IND-PCA secure KEM is enough for password-based authenticated key exchange (short paper)
by: XUE, Haiyang, et al.
Published: (2017)

A New Architecture for User Authentication and Key Exchange Using Password for Federated Enterprises
by: YANG, Yanjiang, et al.
Published: (2005)

Vulnerability Analysis of RFID Protocols for Tag Ownership Transfer
by: PERIS-LOPEZ, Pedro, et al.
Published: (2010)

Cross-domain password-based authenticated key exchange revisited
by: CHEN, Liqun, et al.
Published: (2014)

Designing leakage-resilient password entry on head-mounted smart wearable glass devices
by: LI, Yan, et al.
Published: (2020)

A Security and Performance Evaluation of Hash-Based Rfid Protocols
by: Lim, Tong-Lee, et al.
Published: (2008)

Universally composable RFID mutual authentication
by: SU, Chunhua, et al.
Published: (2017)

Deposit-case attack against secure roaming
by: YANG, Guomin, et al.
Published: (2005)

EvoPass: Evolvable graphical password against shoulder-surfing attacks
by: YU, Xingjie, et al.
Published: (2017)

A new unpredictability-based RFID privacy model
by: YANG, Anjia, et al.
Published: (2013)

Secure self-checkout kiosks using Alma API with two-factor authentication
by: BULAON, Ron
Published: (2021)

PRESERVING FRESHNESS AND CONTINUITY IN REMOTE BIOMETRIC AUTHENTICATION
by: ANKIT SARKAR
Published: (2017)

An efficient privacy preserving message authentication scheme for Internet-of-Things
by: WEI, Jiannan, et al.
Published: (2021)

Seve: Automatic tool for verification of security protocols
by: LUU ANH TUAN
Published: (2011)

Secure wireless communication platform for EV-to-Grid research
by: Guo, H., et al.
Published: (2014)

Exploring relationship between indistinguishability-based and unpredictability-based RFID privacy models
by: YANG, Anjia, et al.
Published: (2018)

Faster authenticated key agreement with perfect forward secrecy for Industrial Internet-of-Things
by: YANG, Zheng, et al.
Published: (2020)

PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications
by: Zheng, Yue, et al.
Published: (2022)

Employing smartwatch for enhanced password authentication
by: CHANG, Bing, et al.
Published: (2017)

Stream authentication based on generlized butterfly graph
by: Zhang, Z., et al.
Published: (2014)

SeVe: Automatic tool for verification of security protocols
by: Luu, A.T., et al.
Published: (2013)

Policy-Based Remote User Authentication From Multi-Biometrics
by: TIAN, Yangguang, et al.
Published: (2023)

Humility breeds authenticity: How authentic leader humility shapes follower vulnerability and felt authenticity
by: OC, Burak, et al.
Published: (2019)