Issues of identity verification of typical applications over mobile terminal platform
Recent studies have shown that attacks against USIM card are increasing,and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access.Considering the USIM card being cloned easily even under 5G network,the identi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2020-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020081 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529912700174336 |
|---|---|
| author | Xiaolin ZHANG Dawu GU Chi ZHANG |
| author_facet | Xiaolin ZHANG Dawu GU Chi ZHANG |
| author_sort | Xiaolin ZHANG |
| collection | DOAJ |
| description | Recent studies have shown that attacks against USIM card are increasing,and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access.Considering the USIM card being cloned easily even under 5G network,the identity verification process of the popular mobile applications over mobile platform was analyzed.The application behaviors were profiled while users were logging in,resetting password,and performing sensitive operations,thereby the tree model of application authentication was summarized.On this basis,58 popular applications in 7 categories were tested including social communication,healthcare,etc.It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions.To address this issue,two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process. |
| format | Article |
| id | doaj-art-bde0ea2bbde445d096986d4465f40d44 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2020-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-bde0ea2bbde445d096986d4465f40d442025-01-15T03:14:35ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2020-12-01613715159562155Issues of identity verification of typical applications over mobile terminal platformXiaolin ZHANGDawu GUChi ZHANGRecent studies have shown that attacks against USIM card are increasing,and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access.Considering the USIM card being cloned easily even under 5G network,the identity verification process of the popular mobile applications over mobile platform was analyzed.The application behaviors were profiled while users were logging in,resetting password,and performing sensitive operations,thereby the tree model of application authentication was summarized.On this basis,58 popular applications in 7 categories were tested including social communication,healthcare,etc.It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions.To address this issue,two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020081mobile applicationUSIM cloningSMSauthenticationmobile app testing |
| spellingShingle | Xiaolin ZHANG Dawu GU Chi ZHANG Issues of identity verification of typical applications over mobile terminal platform 网络与信息安全学报 mobile application USIM cloning SMS authentication mobile app testing |
| title | Issues of identity verification of typical applications over mobile terminal platform |
| title_full | Issues of identity verification of typical applications over mobile terminal platform |
| title_fullStr | Issues of identity verification of typical applications over mobile terminal platform |
| title_full_unstemmed | Issues of identity verification of typical applications over mobile terminal platform |
| title_short | Issues of identity verification of typical applications over mobile terminal platform |
| title_sort | issues of identity verification of typical applications over mobile terminal platform |
| topic | mobile application USIM cloning SMS authentication mobile app testing |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020081 |
| work_keys_str_mv | AT xiaolinzhang issuesofidentityverificationoftypicalapplicationsovermobileterminalplatform AT dawugu issuesofidentityverificationoftypicalapplicationsovermobileterminalplatform AT chizhang issuesofidentityverificationoftypicalapplicationsovermobileterminalplatform |