SMS-Based One-Time Passwords: Attacks and Defense - (Short Paper)
نویسندگان
چکیده
SMS-based One-Time Passwords (SMS OTP) were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone trojans. In this paper, we analyze the security architecture of SMS OTP systems and study attacks that pose a threat to Internet-based authentication and authorization services. We determined that the two foundations SMS OTP is built on, cellular networks and mobile handsets, were completely different at the time when SMS OTP was designed and introduced. Throughout this work, we show why SMS OTP systems cannot be considered secure anymore. Based on our findings, we propose mechanisms to secure SMS OTPs against common attacks and specifically against smartphone trojans.
منابع مشابه
SMS-Based One-Time Passwords: Attacks and Defense
SMS-based One-Time Passwords (SMS OTP) were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone Trojans. In this paper, we analyze the security architecture of SMS OTP syst...
متن کاملUsing an approximated One-Time Pad to Secure Short Messaging Service (SMS)
Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Yet due to a lack of understanding in its insecure implementation, it is generally trusted by people. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology. SMS was an “after-thought” in the Global Syste...
متن کاملAn Effective Model for SMS Spam Detection Using Content-based Features and Averaged Neural Network
In recent years, there has been considerable interest among people to use short message service (SMS) as one of the essential and straightforward communications services on mobile devices. The increased popularity of this service also increased the number of mobile devices attacks such as SMS spam messages. SMS spam messages constitute a real problem to mobile subscribers; this worries telecomm...
متن کاملBad Sounds Good Sounds: Attacking and Defending Tap-Based Rhythmic Passwords Using Acoustic Signals
Tapping-based rhythmic passwords have recently been proposed for the purpose of user authentication and device pairing. They offer a usability advantage over traditional passwords in that memorizing and recalling rhythms is believed to be an easier task for human users. Such passwords might also be harder to guess, thus possibly providing higher security. Given these potentially unique advantag...
متن کاملForschungsberichte der Fakultät IV – Elektrotechnik und Informatik Countering SMS Attacks: Filter Recommendations
In this paper we summarize the findings of our investigation on security issues of Short Message Service (SMS) clients on mobile phones. We realized that firmware updates will not be available on a large scale and thus see filtering of SMS traffic as the only possible counter measure against large scale attacks based on SMS messages. This paper presents our ideas on filtering SMS features by th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013