Paper Info
Title
Security Assessment on User Authentication by an HttpSendRequest Hooking in an HTTP Client
Abstract
Most current user authentications on the web server use the server/client based HTTP protocol. In the past, the ID-password based user authentication is exposed the plaintext on the network, because of this problem, the user authentication using the SSL is researched. Through this solution, transferred the user authentication information is able to protect on the network. Nevertheless, a novel problem comes to the fore as an attack using vulnerability of the platform and it causes exposure of the user authentication information. In particular, the attacker utilizes the hooking technique for steal the user authentication information by HttpSendRequest function that sends the user authentication or connection related information. Therefore, in this paper, we analyze this kind of vulnerability and draw its result using implemented sample proof-of concept tools.
Year
DOI
Venue
2013
10.1109/IMIS.2013.127
IMIS
Keywords
Field
DocType
id-password,web server,http,user interfaces,httpsendrequest,user authentication,httpsendrequest hooking,http client,current user authentication,httpsendrequest function,proof of concept tools,transport protocols,server/client based http protocol,authorisation,internet,api hooking,client-server systems,sample proof-of concept tool,user authentication information,hypermedia,security assessment,servers,authentication,protocols,hardware,encryption
Lightweight Extensible Authentication Protocol,NTLMSSP,Chip Authentication Program,Challenge-Handshake Authentication Protocol,Generic Bootstrapping Architecture,Computer science,Challenge–response authentication,Computer security,Computer network,Authentication protocol,Multi-factor authentication
Conference
Citations 
PageRank 
References 
0
0.34
4
Authors
4
Name
Order
Citations
PageRank
Kyungroul Lee14420.27
Hyungjun Yeuk210.68
Sung-Kwan Kim39715.23
Kangbin Yim431056.23