完整後設資料紀錄
DC 欄位語言
dc.contributor.authorXie, Tianen_US
dc.contributor.authorWang, Sihanen_US
dc.contributor.authorTu, Guan-Huaen_US
dc.contributor.authorLi, Chi-Yuen_US
dc.contributor.authorLei, Xinyuen_US
dc.date.accessioned2020-10-05T02:01:29Z-
dc.date.available2020-10-05T02:01:29Z-
dc.date.issued2019-01-01en_US
dc.identifier.isbn978-1-7281-2485-8en_US
dc.identifier.urihttp://hdl.handle.net/11536/155263-
dc.description.abstractPeople nowadays use online service accounts (e.g., Gongle, Facebook, Twitter) to access certain services. Among them, Google accounts have become increasingly important for users. Not only do many Google services (e.g., Gmail, Google Voice, Google Play, etc.) require them, but many online services also trust and rely on them for operational needs (e.g., login based on Google accounts). This trend introduces a new type of attacks that create a large number of fake, but valid, Google accounts. The fake Google accounts allow the adversary to launch various cyber attacks towards Google account-related services. It motivates us to conduct an empirical security study on the Google account registration service. In this paper, we apply model checking techniques to systematically analyze the insecurity of Google account registration service. We develop a model-checking tool, GAcctAnalyzer, which consists of two phases: (1) service screening phase, which generates counterexamples from the violation of desired properties, and (2) experimental validation phase, which validates the counterexamples through real experiments. We use GAcctAnalyzer to discover four security vulnerabilities including design defects, operational slips. etc. Based on the discovered vulnerabilities, we devise two practical attacks against mobile users and Google: fake Google account generation and Google text/voice spamming attack. They can not only threaten the security of mobile applications and online services, but also cause the Google company to receive user complaints and lawsuits. We finally confirm the feasibility of these attacks through experiments, assess the real-world impact, and propose recommended solutions.en_US
dc.language.isoen_USen_US
dc.subjectSecurityen_US
dc.subjectGoogle accounten_US
dc.subjectregistrationen_US
dc.subjectmodel checkingen_US
dc.titleExploring the Insecurity of Google Account Registration Protocol via Model Checkingen_US
dc.typeProceedings Paperen_US
dc.identifier.journal2019 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2019)en_US
dc.citation.spage3087en_US
dc.citation.epage3096en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000555467203028en_US
dc.citation.woscount0en_US
顯示於類別:會議論文