基于标识符的Android客户端身份认证方案

doi:10.11959/j.issn.2096-109x.2017.00140

Abstract

Abstract:

The Android mobile terminal’s own identifier information was used,which was credibly ensured by the Android system,then combining the Hash function and operation such as xor or connection,an algorithm of authentication information generation for the Android client was created.The traditional mobile client’s process of register and login were analyzed,putting the identity information generation and authentication on the sever.A novel authentication scheme was constructed,which made the users free from the cumbersome authentication process and privacy divulges.Finally,the security and efficiency of the scheme were analyzed.The results show that the new scheme has strong security and high convenience.

Key words: identifier, Android client, authentication model,, algorithm of authentication information generation

CLC Number:

TP393

Ya-wei WANG,Chang-gen PENG,Hong-fa DING,Kai ZHOU. Identity authentication scheme of Android client based on identifiers[J]. Chinese Journal of Network and Information Security, 2017, 3(4): 32-38.

Figures/Tables 4

References 15

[1]	吴吉义, 李文娟, 黄剑平 ,等. 移动互联网研究综述[J]. 中国科学:信息科学, 2015(1): 45-69.
	WU J Y , LI W J , HUANG J P ,et al. Summary of mobile Internet[J]. Scientia Sinica Informationis, 2015(1): 45-69.
[2]	罗军舟, 吴文甲, 杨明 . 移动互联网:终端、网络与服务[J]. 计算机学报, 2011,11: 2029-2051.
	LUO J Z , WU W J , YANG M . Mobile Internet:terminals,networks and services[J]. Chinese Journal of Computer, 2011,11: 2029-2051.
[3]	刘鑫洋, 王菁, 韩博洋 . 面向移动客户端的数据服务推荐策略研究[J]. 小型微型计算机系统, 2015,8: 1752-1757.
	LIU X Y , WANG J , HAN B Y . Data services for mobile clients the strategy[J]. Journal of Chinese Mini-Micro Computer Systems, 2015,8: 1752-1757.
[4]	王崇霞, 朱艳琴 . 一种动态口令身份认证协议的设计与研究[J]. 计算机工程与应用, 2010,46(18): 71-73.
	WANG C X , ZHU Y Q . Design and research of dynamic passworduser authentication protocol[J]. Computer Engineering and Applications, 2010,46(18): 71-73.
[5]	邓飞, 朱莹 . 基于口令的客户端/服务器认证协议[J]. 计算机工程与应用, 2015,20: 72-76.
	DENG F , ZHU Y . The client/server authentication protocol based on a password[J]. Computer Engineering and Applications, 2015,20: 72-76.
[6]	马明阳 . 针对社会工程学攻击的防御技术研究[D]. 北京:北京邮电大学, 2015.
	MA M Y . Research on defense technology against social engineering attacks[D]. Beijing:Beijing University of Posts and Telecommunications, 2015.
[7]	数据安全再爆重磅炸弹12306数据泄露事件确认为撞库攻击[J]. 信息安全与通信保密, 2015,1:17.
	Safety critical blockbuster 12306 data leak identified as collision attack[J]. Journal of Library and Communication Security,Information Security, 2015,1:17.
[8]	王鹃, 唐西铭, 王勇 ,等. 一种基于手机令牌和NFC技术的身份认证系统[J]. 武汉大学学报(理学版), 2013,5: 403-410.
	WANG J , TANG X M , WANG Y ,et al. A mobile phone token-based authentication systems and NFC technology[J]. Journal of Wuhan University (Natural Science Edition), 2013,5: 403-410.
[9]	CHOI J , CHO H , YI J . Personal information leaks with automatic login in mobile social network services[J]. Entropy, 2015,17(6): 3947-3962.
[10]	LIU D , COX L P . VeriUI:attested login for mobile devices[C]// The Workshop on Mobile Computing Systems & Applications. 2014: 1-6.
[11]	程瑶, 应凌云, 焦四辈 ,等. 移动社交应用的用户隐私泄露问题研究[J]. 计算机学报, 2014,1: 87-100.
	CHENG Y , YING L Y , JIAO S B ,et al. Mobile social application privacy leaks[J]. Chinese Jurnal of Computer, 2014,1: 87-100.
[12]	牛犇, 李凤华, 华佳烽 ,等. 移动网络中场景关联的隐私保护机制研究[J]. 网络与信息安全学报, 2016,2(1): 31-42.
	NIU B , LI F H , HUA J F ,et al. Research on scenario-based mechanism in privacy-aware mobile networks[J]. Chinese Journal of Network and Information Security, 2015,2(1): 31-42.
[13]	董超, 杨超, 马建峰 ,等. Android系统中第三方登录漏洞与解决方案[J]. 计算机学报(自然科学版), 2016,3: 582-594.
	DONG C , YANG C , MA J F ,et al. The vulnerabilities and solutions of third-part login services in Android system[J]. Chinese Journal of Computer (Natural Science Edition), 2016,3: 582-594.
[14]	LU Y , LI L , PENG H ,et al. Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment[J]. Security & Communication Networks, 2016,9(11): 1331-1339.
[15]	王研昊, 马媛媛, 杨明 ,等. 基于隐性标识符的零权限Android智能终端识别[J]. 东南大学学报(自然科学版), 2015,6: 1046-1050.
	WANG Y H , MA Y Y , YANG M ,et al. Zero permission Android device identification based on implicit identifiers[J]. Journal of Southeast University (Natural Science Edition), 2015,6: 1046-1050.

Metrics

Recommended 0

No Suggested Reading articles found!

标识符名称	获取方式（以Java代码形式获取）	标识符内容
IMEI码	getSystemService (TELEPHONY_SERVICE).getDevieceId()	18 bit数字
IMSI码	getSystemService (TELEPHONY_SERVICE).getSubscriber()	15 bit数字
手机型号	android.os.Build.MODEL	字符串
系统版本号	android.os.Build.VERSION	字符串

Identity authentication scheme of Android client based on identifiers

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 15

Related Articles 15

Metrics

Recommended 0

[1]	Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27.
[2]	Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.
[3]	Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59.
[4]	Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89.
[5]	Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101.
[6]	Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122.
[7]	Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134.
[8]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[9]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[10]	Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93.
[11]	Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131.
[12]	Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.
[13]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[14]	Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163.
[15]	Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183.