This page has only limited features, please log in for full access.

Unclaimed
Jongwon Choi
Soongsil University

Basic Info

Basic Info is private.

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 21 January 2016 in Multimedia Tools and Applications
Reads 0
Downloads 0

The majority of mobile apps use credentials to provide an automatic login function. Credentials are security tokens based on a user’s ID and password information. They are created for initial authentication, and this credential authentication then replaces user verification. However, because the credential management of most Android apps is currently very insecure, the duplication and use of another user’s credentials would allow an attacker to view personal information stored on the server. Therefore, in this paper, we analyze the vulnerability of some major mobile SNS apps to credential duplication that would enable access to personal information. To address the identified weaknesses, we propose a secure credential management scheme. The proposed scheme first differentiates the credential from the smart device using an external device. Using a security mechanism, the credential is then linked with the smart device. This ensures that the credential will be verified by the special smart device. Furthermore, based on experimental results using a prototype security mechanism, the proposed scheme is shown to be a very useful solution because of its minimal additional overhead.

ACS Style

Jongwon Choi; Geonbae Na; Jeong Hyun Yi. Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks. Multimedia Tools and Applications 2016, 75, 14833 -14848.

AMA Style

Jongwon Choi, Geonbae Na, Jeong Hyun Yi. Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks. Multimedia Tools and Applications. 2016; 75 (22):14833-14848.

Chicago/Turabian Style

Jongwon Choi; Geonbae Na; Jeong Hyun Yi. 2016. "Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks." Multimedia Tools and Applications 75, no. 22: 14833-14848.

Journal article
Published: 10 June 2015 in Entropy
Reads 0
Downloads 0

To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems.

ACS Style

Jongwon Choi; Haehyun Cho; Jeong Hyun Yi. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy 2015, 17, 3947 -3962.

AMA Style

Jongwon Choi, Haehyun Cho, Jeong Hyun Yi. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy. 2015; 17 (6):3947-3962.

Chicago/Turabian Style

Jongwon Choi; Haehyun Cho; Jeong Hyun Yi. 2015. "Personal Information Leaks with Automatic Login in Mobile Social Network Services." Entropy 17, no. 6: 3947-3962.