开源智能终端认证漏洞挖掘及登录认证改进

发布时间：2018-05-08 06:32

本文选题：计算机网络 + 登录认证机制　；参考：《清华大学学报(自然科学版)》2017年09期

【摘要】：开源智能终端占智能终端市场的绝对优势,基于开源智能终端的应用层出不穷,但与此同时,其安全隐患也一样触目惊心。该文以典型社交网络APP登录认证为例,通过逆向分析当今市场上的主流Android应用,分析登录认证实现过程的机理,对登录认证机制进行安全性评估,挖掘基于现有认证机制的安全漏洞,并针对所发现的安全问题提出了登录认证机制改进方案,总结出一套安全实用的登录认证实践方案,有效提高移动智能终端系统的安全性。
[Abstract]:The open source intelligent terminal occupies the absolute superiority of the intelligent terminal market. The application based on the open source intelligent terminal emerges in endlessly, but at the same time, its security hidden trouble is also shocking. This paper takes the typical social network APP login authentication as an example, through the reverse analysis of the mainstream Android applications in the market today, analyzes the mechanism of the login authentication realization process, and evaluates the security of the login authentication mechanism. In order to improve the security of mobile intelligent terminal system, this paper exploits the security vulnerabilities based on the existing authentication mechanism, and puts forward an improved scheme of login authentication mechanism for the security problems found, and summarizes a set of safe and practical scheme of login authentication practice, which can effectively improve the security of mobile intelligent terminal system.
【作者单位】：清华大学网络科学与网络空间研究院;中国科学院信息工程研究所;重庆师范大学数学学院;中信银行清华科技园支行;
【基金】：国家自然科学基金资助项目(61272427) 国家科技支撑计划项目(2015AA016007,2015AA020101) 贵州省科技支撑计划项目(20136020)
【分类号】：TP393.08

【相似文献】