کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
4950386 1440640 2017 19 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
A technique to circumvent SSL/TLS validations on iOS devices
کلمات کلیدی
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر نظریه محاسباتی و ریاضیات
پیش نمایش صفحه اول مقاله
A technique to circumvent SSL/TLS validations on iOS devices
چکیده انگلیسی
SSL/TLS validations such as certificate and public key pinning can reinforce the security of encrypted communications between Internet-of-Things devices and remote servers, and ensure the privacy of users. However, such implementations complicate forensic analysis and detection of information disclosure; say, when a mobile app breaches user's privacy by sending sensitive information to third parties. Therefore, it is crucial to develop the capacity to vet mobile apps augmenting the security of SSL/TLS traffic. In this paper, we propose a technique to bypass the system's default certificate validation as well as built-in SSL/TLS validations performed in iOS apps. We then demonstrate its utility by analysing 40 popular iOS social networking, electronic payment, banking, and cloud computing apps.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Future Generation Computer Systems - Volume 74, September 2017, Pages 366-374
نویسندگان
, ,