Title :
Security Assessment on User Authentication by an HttpSendRequest Hooking in an HTTP Client
Author :
Kyungroul Lee ; Hyungjun Yeuk ; Sungkwan Kim ; Kangbin Yim
Author_Institution :
Dept. of Inf. Security Eng., Soonchunhyang Univ., Asan, South Korea
Abstract :
Most current user authentications on the web server use the server/client based HTTP protocol. In the past, the ID-password based user authentication is exposed the plaintext on the network, because of this problem, the user authentication using the SSL is researched. Through this solution, transferred the user authentication information is able to protect on the network. Nevertheless, a novel problem comes to the fore as an attack using vulnerability of the platform and it causes exposure of the user authentication information. In particular, the attacker utilizes the hooking technique for steal the user authentication information by HttpSendRequest function that sends the user authentication or connection related information. Therefore, in this paper, we analyze this kind of vulnerability and draw its result using implemented sample proof-of concept tools.
Keywords :
Internet; authorisation; client-server systems; hypermedia; transport protocols; user interfaces; HTTP client; HttpSendRequest hooking; ID-password; Web server; proof of concept tools; security assessment; server/client based HTTP protocol; user authentication; Authentication; Encryption; Hardware; Internet; Protocols; Servers; API hooking; HTTP; HttpSendRequest; User authentication;
Conference_Titel :
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference on
Conference_Location :
Taichung
DOI :
10.1109/IMIS.2013.127
