Godkända
Tvåfaktorsautentisering i smarta telefoner: Implementationer och attacker
Christofer Ericson (2010)
Start
2015-03-02
Presentation
2015-08-24 13:15
Plats:
E:3139
Avslutat:
2015-09-03
Examensrapport:
Sammanfattning
Two-factor authentication greatly enhances security attributes compared to traditional password-only methods. With the advent of the smartphone, new convenient authentication methods has been developed in order to take advantage of the versatility such devices provide. However, older two-factor authentication methods such as sending codes via SMS are still widely popular and in the case of the smartphone opens up new attack vectors for criminals to exploit.<br /><br /> This thesis explores, discusses and compares three distinct two-factor authentication methods used in smartphones today in the sense of security and usability. These are mTAN, TOTP and PKI. Both existing and theoretical attacks against these methods are reviewed with a focus on malicious software and advantages and disadvantages of each method are presented. An in-depth analysis of an Android smartphone SMS-stealing trojan is done in order to gain a deeper understanding of how smartphone malware operates.
Handledare: Albert Altman (IT-Advisor) och Martin Hell (EIT)
Examinator: Thomas Johansson (EIT)