Attacks and vulnerability analysis of e-mail as a password reset point

机译：电子邮件作为密码重置点的攻击和漏洞分析

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.

机译：在这项工作中，我们执行使用电子邮件作为自助密码重置点的安全性分析，并利用电子邮件服务器忘记的密码重置路径的某些漏洞。我们使用多种工具对个人电子邮件帐户执行和说明三种不同的攻击，例如：可通过社交媒体或公共记录获得的公共知识，以回答安全问题并执行社会工程攻击;可供公众使用的硬件来执行攻击。中间攻击，并使用免费软件对电子邮件帐户的登录进行蛮力攻击。我们的结果揭示了使用电子邮件作为密码重置点的一些固有漏洞。该发现与移动设备的安全性极为相关，因为用户的趋势倾向于通过台式机访问互联网来使用移动设备。

著录项

来源
《Conference on Mobile and Secure Services》|2018年|1-5|共5页
会议地点
作者
Caleb Routh; Brandon DeCrescenzo; Swapnoneel Roy;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Electronic mail; Password; Computer hacking; Mobile handsets; Protocols;

机译：电子邮件;密码;计算机黑客;手机;协议;

相似文献

外文文献
中文文献
专利

1. Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device [J] . Wang Dong, Zhang Xiaosong, Ming Jiang, Wireless communications & mobile computing . 2018,第12期

机译：重置密码容易受到攻击：IoT设备中基于SMS的常见身份验证的安全性研究
2. Password Security: An Analysis of Password Strengths and Vulnerabilities [J] . Katha Chanda International Journal of Computer Network and Information Security . 2016,第7期

机译：密码安全性：密码优势和漏洞分析
3. Analyzing the Vulnerability of U.S. Hospitals to Social Engineering Attacks: How Many of Your Employees Would Share Their Password? [J] . Medlin B. Dawn, Cazier Joseph A., Foulk Daniel P. International Journal of Information Security and Privacy . 2008,第3期

机译：分析美国医院遭受社会工程攻击的脆弱性：您的多少员工会共享密码？
4. Attacks and vulnerability analysis of e-mail as a password reset point [C] . Caleb Routh, Brandon DeCrescenzo, Swapnoneel Roy International Conference on Mobile and Secure Services . 2018

机译：电子邮件的攻击和漏洞分析作为密码重置点
5. Cyber-attacks on police departments: Analysis of cyber attack vulnerabilities on police digital infrastructures. [D] . Coop, John. 2016

机译：警察部门的网络攻击：分析警察数字基础设施上的网络攻击漏洞。
6. A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule [O] . Tapas Majumdar, Basudeb Haldar, Arabinda Mallick -1

机译：基于双通道二合一化学传感器分子的具有可重设和可重配置密码的光化学安全装置的策略设计
7. EEG Signal Discrimination using Non-linear Dynamics in the EMD Domain S. M. Shafiul Alam,S. M. Shafiul Alam,Aurangozeb, and Syed TarekShahriar Abstract—An EMD-chaos based approach is proposed todiscriminate EEG signals corresponding to healthy persons,and epileptic patients during seizure-free intervals and seizureattacks. An electroencephalogram (EEG) is first empiricallydecomposed to intrinsic mode functions (IMFs). The nonlineardynamics of these IMFs are quantified in terms of the largestLyapunov exponent (LLE) and correlation dimension (CD).This chaotic analysis in EMD domain is applied to a large groupof EEG signals corresponding to healthy persons as well asepileptic patients (both with and without seizure attacks). It isshown that the values of the obtained LLE and CD exhibitfeatures by which EEG for seizure attacks can be clearlydistinguished from other EEG signals in the EMD domain.Thus, the proposed approach may aid researchers in developingeffective techniques to predict seizure activities. Index Terms—Electroencephalogram (EEG), empiricalmode decomposition (EMD), largest Lyapunov exponent (LLE),correlation dimension (CD), epileptic seizures. The Authors are with the Electrical and Electronic EngineeringDepartment, Bangladesh University of Engineering and Technology,Dhaka-1000, Bangladesh (e-mail: imamul@eee.buet.ac.bd) PDF Cite: S. M. Shafiul Alam,S. M. Shafiul Alam,Aurangozeb, and Syed Tarek Shahriar, "EEG Signal Discrimination using Non-linear Dynamics in the EMD Domain," International Journal of Computer and Electrical Engineering vol. 4, no. 3, pp. 326-330, 2012. PREVIOUS PAPER Perception of Emotions Using Constructive Learningthrough Speech NEXT PAPER Physical Layer Impairments Aware OVPN Connection Selection Mechanisms Copyright © 2008-2013. International Association of Computer Science and Information Technology Press (IACSIT Press) [O] . S. M. Shafiul Alam, Syed TarekShahriar 2012

机译：EEG信号在EMD域S. S. Shafiul Alam，S中的非线性动力学使用非线性动力学。 M. Shafiul Alam，Aurangozeb和Syed Tarekshahriar摘要 - 基于EMD Chaos的方法，提出了对应于健康人的EEG信号，癫痫发作期间的癫痫患者和Seizureattacks。脑电图（EEG）首先被凭经上分解为内在模式功能（IMF）。这些IMF的非线性动力学在最大范围的指数（LLE）和相关尺寸（CD）方面是量化的。本域中的混沌分析应用于与健康人相对应的大型脑电图（Asepileptic患者）（两者都有癫痫发作）。因此，所获得的LLE和CD表展的价值可以从EMD领域的其他EEG信号中清晰地区分脑电图的表达展示。本拟议的方法可以帮助研究人员以预测癫痫发作的癫痫发作技术。索引术语 - 脑电图（EEG），仿真态分解（EMD），最大的Lyapunov指数（LLE），相关维度（CD），癫痫发作。作者与电气电子和电子工程公司，孟加拉国工程和技术大学，孟加拉国达卡 - 1000（电子邮件：imamul@eee.buet.ac.bd）pdf cite：s. m. shafiul Alam，s。 M. Shafiul Alam，Aurangozeb和Syed Tarek Shahriar，“EEG信号歧视在EMD领域的非线性动态，”计算机电气工程卷国际杂志。 4，不。 3，pp。326-330,2012，上一篇论文对情绪的看法，使用建设性的学习言论下一篇论文物理层障碍意识到OVPN连接选择机制版权所有©2008-2013。国际计算机科学与信息技术协会出版社（IACSIT Press）
8. Vulnerability of Network Traffic under Node Capture Attacks using Circuit Theoretic Analysis [R] . Tague, P., Slater, D., Rogers, J., 2008

机译：使用电路理论分析的节点捕获攻击下的网络流量漏洞

Attacks and vulnerability analysis of e-mail as a password reset point

摘要

著录项

相似文献

相关主题

期刊订阅