دورية أكاديمية
Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild
العنوان: | Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild |
---|---|
المؤلفون: | Ejin Kim, Hyoung-Kee Choi |
المصدر: | Security and Communication Networks, Vol 2021 (2021) |
بيانات النشر: | Hindawi-Wiley |
سنة النشر: | 2021 |
المجموعة: | Directory of Open Access Journals: DOAJ Articles |
مصطلحات موضوعية: | Technology (General), T1-995, Science (General), Q1-390 |
الوصف: | Windows Hello is a Fast IDentity Online- (FIDO-) based new login system for Windows 10, which provides a single sign-on (SSO) service to diverse online applications. Hardware protection is essential for Window Hello’s security. This paper aims to examine the security of Windows Hello on a device where hardware protection is unavailable. We present the first detailed analysis of Windows Hello’s security. The results show that, on a hardware-unsupported device, the authentication data for Windows Hello is not properly protected. We propose a migration attack to compromise Windows Hello’s security. In the proposed attack, an attacker extracts authentication data from a device to impersonate a victim in his or her Microsoft online account. We consider the possibility of such an attack to be serious and harmful to our society and demand immediate attention for remediation. |
نوع الوثيقة: | article in journal/newspaper |
اللغة: | English |
تدمد: | 1939-0114 1939-0122 |
العلاقة: | http://dx.doi.org/10.1155/2021/6245306Test; https://doaj.org/toc/1939-0114Test; https://doaj.org/toc/1939-0122Test; https://doaj.org/article/e8791cc6402d4b22a2c03b19834cf87aTest |
DOI: | 10.1155/2021/6245306 |
الإتاحة: | https://doi.org/10.1155/2021/6245306Test https://doaj.org/article/e8791cc6402d4b22a2c03b19834cf87aTest |
رقم الانضمام: | edsbas.13BF46BD |
قاعدة البيانات: | BASE |
تدمد: | 19390114 19390122 |
---|---|
DOI: | 10.1155/2021/6245306 |