دورية أكاديمية
Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild
| العنوان: | Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild |
|---|---|
| المؤلفون: | Ejin Kim, Hyoung-Kee Choi |
| المصدر: | Security and Communication Networks, Vol 2021 (2021) |
| بيانات النشر: | Hindawi-Wiley |
| سنة النشر: | 2021 |
| المجموعة: | Directory of Open Access Journals: DOAJ Articles |
| مصطلحات موضوعية: | Technology (General), T1-995, Science (General), Q1-390 |
| الوصف: | Windows Hello is a Fast IDentity Online- (FIDO-) based new login system for Windows 10, which provides a single sign-on (SSO) service to diverse online applications. Hardware protection is essential for Window Hello’s security. This paper aims to examine the security of Windows Hello on a device where hardware protection is unavailable. We present the first detailed analysis of Windows Hello’s security. The results show that, on a hardware-unsupported device, the authentication data for Windows Hello is not properly protected. We propose a migration attack to compromise Windows Hello’s security. In the proposed attack, an attacker extracts authentication data from a device to impersonate a victim in his or her Microsoft online account. We consider the possibility of such an attack to be serious and harmful to our society and demand immediate attention for remediation. |
| نوع الوثيقة: | article in journal/newspaper |
| اللغة: | English |
| تدمد: | 1939-0114 1939-0122 |
| العلاقة: | http://dx.doi.org/10.1155/2021/6245306Test; https://doaj.org/toc/1939-0114Test; https://doaj.org/toc/1939-0122Test; https://doaj.org/article/e8791cc6402d4b22a2c03b19834cf87aTest |
| DOI: | 10.1155/2021/6245306 |
| الإتاحة: | https://doi.org/10.1155/2021/6245306Test https://doaj.org/article/e8791cc6402d4b22a2c03b19834cf87aTest |
| رقم الانضمام: | edsbas.13BF46BD |
| قاعدة البيانات: | BASE |
Full Text Finder | تدمد: | 19390114 19390122 |
|---|---|
| DOI: | 10.1155/2021/6245306 |