13.11.2014 Kategorie: IT-Sicherheit
MJS Article published: Social Authentication: Vulnerabilities, Mitigations, and Redesign
The Articel Social Authentication: Vulnerabilities, Mitigations, and Redesign by Marco Lancini has been published in the DeepSec edition of the MJS.
Social Authentication: Vulnerabilities, Mitigations, and Redesign
High-value services have introduced two-factor authentication to prevent adversaries from compromising accounts using stolen credentials. Facebook has recently released a two-factor authentication mechanism, referred to as Social Authentication (SA). We designed and implemented an automated system able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker. We then revisited the SA concept and propose reSA, a two-factor authentication scheme that can be easily solved by humans but is robust against face-recognition software.
This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer
You can find all articles of the MJS at http://www.sicherheitsforschung-magdeburg.de/publikationen/journal.html