情报学视域下的网站“第三方授权登录”安全研究

发布时间：2018-09-06 16:03

【摘要】：在互联网飞速发展和Web概念快速迭代的今天,账户信息安全一直都是广大网络用户所关注的热点问题。在安全、便捷等多种主客观需求的驱动下,开发者制作了各种独特的应用来满足用户需求。其中,以OAuth2.0协议为基础的“第三方授权登录”凭借着其便捷、安全等特性逐渐取代了传统账密登录而得到广泛应用,且趋势越来越明显。“第三方授权登录”在网络用户信息组织和用户登录行为方面也带来了巨大的变化,它使得用户个人信息组织更加趋于集中,也为用户登录行为带来了更多的不安全因素。为了揭示“第三方授权登录”为用户带来的安全变化,本文运用了情报学和相关学科概念来揭示其运行机制及特点。本文调查了国内社交类和电商类100多家网站的授权登录选项,将收集到的数据利用社会网络分析法对“第三方授权登录”网站之间的关系进行分析并通过可视化方法展示出来。分析发现,国内“第三方授权登录”分布广、集中性较强。这一功能为用户的使用提供了客观的便利环境,但是“第三方授权登录”的特性也使用户个人信息存在安全结构洞,使得用户在账户内的信息变得更不安全。除此之外,本文以用户的主观安全意识及用户信息行为研究对象,以发放问卷的形式调查收集用户使用“第三方授权登录”过程中的用户信息行为与安全意识来进行分析。经过分析发现,网络用户信息安全意识有所提高。在调查中,绝大多数用户使用过此项功能,但其中的大部分用户并不了解“第三方授权登录”,能充分使用“第三方授权登录”各项功能并有意识借此保护自己信息安全的用户也占少数。通过分析用户使用“第三方授权登录”的信息行为,本文发现了用户的主观安全意识问题。本文希望通过分析“第三方授权登录”的安全问题来引起学界对现代网络技术发展带来的新的账户信息安全问题的重视。本文的研究成果将有助于拓展现有信息安全领域,发现新网络环境下的用户信息行为。最后,根据分析结果,从网站和用户的角度分别给出适当的建议,来帮助用户最大限度降低账户的安全风险。
[Abstract]:With the rapid development of the Internet and the rapid iteration of Web concepts, account information security has always been a hot issue for network users. Driven by various subjective and objective requirements such as security, convenience and so on, developers have developed a variety of unique applications to meet user needs. Login has been widely used because of its convenience, security and other characteristics, and the trend is becoming more and more obvious. Recording behavior brings more insecurity. In order to reveal the security changes brought about by "third party authorized login", this paper uses the concepts of information science and related disciplines to reveal its operating mechanism and characteristics. This paper investigates the authorized login options of more than 100 websites in China, including social and e-commerce, and uses the collected data. The social network analysis method analyzes the relationship between the "third-party authorized login" websites and displays it through visualization. The analysis shows that the "third-party authorized login" is widely distributed and highly centralized in China. This function provides an objective and convenient environment for users to use, but the "third-party authorized login" features are also. In addition, this paper investigates user information behavior and security awareness in the process of collecting user's "third party authorized login" by sending out questionnaires based on user's subjective security awareness and user information behavior. In the survey, most users have used this function, but most of them do not understand the "third party authorized login" and can fully use the "third party authorized login" functions and consciously protect their own information security. Users are also in the minority. By analyzing the information behavior of users using "third party authorized login", this paper finds out the subjective security consciousness of users. This paper hopes to arouse the attention of academia to the new account information security problem brought by the development of modern network technology by analyzing the security problem of "third party authorized login". Finally, according to the analysis results, some suggestions are given from the website and the user's point of view to help users minimize the account security risk.
【学位授予单位】：广西民族大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.092

【参考文献】