کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
4955560 | 1444220 | 2017 | 38 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Mind your SMSes: Mitigating social engineering in second factor authentication
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
![عکس صفحه اول مقاله: Mind your SMSes: Mitigating social engineering in second factor authentication Mind your SMSes: Mitigating social engineering in second factor authentication](/preview/png/4955560.png)
چکیده انگلیسی
SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authentication codes. We demonstrate one social engineering attack for which we experimentally obtained a 50% success rate against Google's SMS-based authentication. At the heart of the problem is the messaging associated with the authentication code, and how this must not have been developed with security against social engineering in mind. Pursuing a top-down methodology, we generate alternative messages and experimentally test these against an array of social engineering attempts. Our most robust messaging approach reduces the success of the most effective social engineering attack to 8%, or a sixth of its success against Google's standard second factor verification code messages.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 65, March 2017, Pages 14-28
Journal: Computers & Security - Volume 65, March 2017, Pages 14-28
نویسندگان
Hossein Siadati, Toan Nguyen, Payas Gupta, Markus Jakobsson, Nasir Memon,