Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices
Identifieur interne : 000030 ( Main/Curation ); précédent : 000029; suivant : 000031Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices
Auteurs : Dimitris Apostolopoulos [Grèce] ; Giannis Marinakis [Grèce] ; Christoforos Ntantogian [Grèce] ; Christos Xenakis [Grèce]Source :
English descriptors
- mix :
Abstract
This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an Android device. The results revealed that the majority of the Android applications are vulnerable to credentials discovery even in case of applications that their security is critical, such as web banking and password manager applications.
Url:
DOI: 10.1007/978-3-642-37437-1_15
Links toward previous steps (curation, corpus...)
- to stream Hal, to step Corpus: Pour aller vers cette notice dans l'étape Curation :000010
- to stream Hal, to step Curation: Pour aller vers cette notice dans l'étape Curation :000010
- to stream Hal, to step Checkpoint: Pour aller vers cette notice dans l'étape Curation :000018
- to stream Main, to step Merge: Pour aller vers cette notice dans l'étape Curation :000031
Links to Exploration step
Hal:hal-01470532Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices</title>
<author><name sortKey="Apostolopoulos, Dimitris" sort="Apostolopoulos, Dimitris" uniqKey="Apostolopoulos D" first="Dimitris" last="Apostolopoulos">Dimitris Apostolopoulos</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Marinakis, Giannis" sort="Marinakis, Giannis" uniqKey="Marinakis G" first="Giannis" last="Marinakis">Giannis Marinakis</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Ntantogian, Christoforos" sort="Ntantogian, Christoforos" uniqKey="Ntantogian C" first="Christoforos" last="Ntantogian">Christoforos Ntantogian</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Xenakis, Christos" sort="Xenakis, Christos" uniqKey="Xenakis C" first="Christos" last="Xenakis">Christos Xenakis</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">HAL</idno>
<idno type="RBID">Hal:hal-01470532</idno>
<idno type="halId">hal-01470532</idno>
<idno type="halUri">https://hal.inria.fr/hal-01470532</idno>
<idno type="url">https://hal.inria.fr/hal-01470532</idno>
<idno type="doi">10.1007/978-3-642-37437-1_15</idno>
<date when="2013-04-25">2013-04-25</date>
<idno type="wicri:Area/Hal/Corpus">000010</idno>
<idno type="wicri:Area/Hal/Curation">000010</idno>
<idno type="wicri:Area/Hal/Checkpoint">000018</idno>
<idno type="wicri:explorRef" wicri:stream="Hal" wicri:step="Checkpoint">000018</idno>
<idno type="wicri:Area/Main/Merge">000031</idno>
<idno type="wicri:Area/Main/Curation">000030</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en">Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices</title>
<author><name sortKey="Apostolopoulos, Dimitris" sort="Apostolopoulos, Dimitris" uniqKey="Apostolopoulos D" first="Dimitris" last="Apostolopoulos">Dimitris Apostolopoulos</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Marinakis, Giannis" sort="Marinakis, Giannis" uniqKey="Marinakis G" first="Giannis" last="Marinakis">Giannis Marinakis</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Ntantogian, Christoforos" sort="Ntantogian, Christoforos" uniqKey="Ntantogian C" first="Christoforos" last="Ntantogian">Christoforos Ntantogian</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
<author><name sortKey="Xenakis, Christos" sort="Xenakis, Christos" uniqKey="Xenakis C" first="Christos" last="Xenakis">Christos Xenakis</name>
<affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-379528" status="VALID"> <orgName>University of Piraeus</orgName>
<desc> <address> <addrLine>80, M. Karaoli & A. Dimitriou St., 18534 Piraeus</addrLine>
<country key="GR"></country>
</address>
<ref type="url">http://www.unipi.gr/unipi/en/</ref>
</desc>
</hal:affiliation>
<country>Grèce</country>
</affiliation>
</author>
</analytic>
<idno type="DOI">10.1007/978-3-642-37437-1_15</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Android</term>
<term>Android applications</term>
<term>credentials discovery</term>
<term>mobile security</term>
<term>volatile memory acquisition</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an Android device. The results revealed that the majority of the Android applications are vulnerable to credentials discovery even in case of applications that their security is critical, such as web banking and password manager applications.</div>
</front>
</TEI>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/XenakisV1/Data/Main/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000030 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Curation/biblio.hfd -nk 000030 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Musique |area= XenakisV1 |flux= Main |étape= Curation |type= RBID |clé= Hal:hal-01470532 |texte= Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices }}
This area was generated with Dilib version V0.6.33. |