A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2018-11-24

AUTHORS

Erisa Karafili , Daniele Sgandurra , Emil Lupu

ABSTRACT

With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts.This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise. More... »

PAGES

73-87

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-04372-8_7

DOI

http://dx.doi.org/10.1007/978-3-030-04372-8_7

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1110133580


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, London, England", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, London, England"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Karafili", 
        "givenName": "Erisa", 
        "id": "sg:person.012361707104.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012361707104.86"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Information Security Group, Royal Holloway, University of London, Egham, England", 
          "id": "http://www.grid.ac/institutes/grid.4970.a", 
          "name": [
            "Information Security Group, Royal Holloway, University of London, Egham, England"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Sgandurra", 
        "givenName": "Daniele", 
        "id": "sg:person.07601314332.16", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07601314332.16"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, London, England", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, London, England"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lupu", 
        "givenName": "Emil", 
        "id": "sg:person.013404167044.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2018-11-24", 
    "datePublishedReg": "2018-11-24", 
    "description": "With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts.This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise.", 
    "editor": [
      {
        "familyName": "Saracino", 
        "givenName": "Andrea", 
        "type": "Person"
      }, 
      {
        "familyName": "Mori", 
        "givenName": "Paolo", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-04372-8_7", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-04371-1", 
        "978-3-030-04372-8"
      ], 
      "name": "Emerging Technologies for Authorization and Authentication", 
      "type": "Book"
    }, 
    "keywords": [
      "online accounts", 
      "user accounts", 
      "social network accounts", 
      "banking details", 
      "reset attacks", 
      "user information", 
      "malicious attackers", 
      "authentication vulnerabilities", 
      "cyber attacks", 
      "verification techniques", 
      "risk of compromise", 
      "pieces of information", 
      "online services", 
      "personal information", 
      "shared pieces", 
      "security checks", 
      "possible vulnerabilities", 
      "correlation attacks", 
      "corresponding tools", 
      "network accounts", 
      "possible countermeasures", 
      "users", 
      "reasoner", 
      "primary contribution", 
      "full control", 
      "attacks", 
      "information", 
      "attacker", 
      "vulnerability", 
      "tool", 
      "strong interconnectivity", 
      "logic", 
      "services", 
      "daily activities", 
      "countermeasures", 
      "pieces", 
      "access", 
      "interconnectivity", 
      "interconnection", 
      "check", 
      "technique", 
      "modelling", 
      "account", 
      "compromise", 
      "different accounts", 
      "detail", 
      "use", 
      "contribution", 
      "control", 
      "addition", 
      "risk", 
      "activity", 
      "presence", 
      "significant proportion", 
      "proportion", 
      "paper"
    ], 
    "name": "A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts", 
    "pagination": "73-87", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1110133580"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-04372-8_7"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-04372-8_7", 
      "https://app.dimensions.ai/details/publication/pub.1110133580"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:15", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_383.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-04372-8_7"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-04372-8_7'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-04372-8_7'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-04372-8_7'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-04372-8_7'


 

This table displays all metadata directly associated to this object as RDF triples.

137 TRIPLES      22 PREDICATES      80 URIs      73 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-04372-8_7 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author Neaf7b897530b44e4b358749a1f6c1bef
4 schema:datePublished 2018-11-24
5 schema:datePublishedReg 2018-11-24
6 schema:description With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts.This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise.
7 schema:editor N8327f146b6b64f3ba4ff8dde7e26ae4b
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Nbb3e8ed9ce5d40fbb98e4812d5f9e214
11 schema:keywords access
12 account
13 activity
14 addition
15 attacker
16 attacks
17 authentication vulnerabilities
18 banking details
19 check
20 compromise
21 contribution
22 control
23 correlation attacks
24 corresponding tools
25 countermeasures
26 cyber attacks
27 daily activities
28 detail
29 different accounts
30 full control
31 information
32 interconnection
33 interconnectivity
34 logic
35 malicious attackers
36 modelling
37 network accounts
38 online accounts
39 online services
40 paper
41 personal information
42 pieces
43 pieces of information
44 possible countermeasures
45 possible vulnerabilities
46 presence
47 primary contribution
48 proportion
49 reasoner
50 reset attacks
51 risk
52 risk of compromise
53 security checks
54 services
55 shared pieces
56 significant proportion
57 social network accounts
58 strong interconnectivity
59 technique
60 tool
61 use
62 user accounts
63 user information
64 users
65 verification techniques
66 vulnerability
67 schema:name A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts
68 schema:pagination 73-87
69 schema:productId N2007e40727094ef8b4ad31717dbea085
70 Ne8172a90ecab41c39d686d59fcc13a95
71 schema:publisher Ne9e19c84d578427a9f9d7200ac20ecd1
72 schema:sameAs https://app.dimensions.ai/details/publication/pub.1110133580
73 https://doi.org/10.1007/978-3-030-04372-8_7
74 schema:sdDatePublished 2022-09-02T16:15
75 schema:sdLicense https://scigraph.springernature.com/explorer/license/
76 schema:sdPublisher N917f863a918f42f0a368eeef07b63fd8
77 schema:url https://doi.org/10.1007/978-3-030-04372-8_7
78 sgo:license sg:explorer/license/
79 sgo:sdDataset chapters
80 rdf:type schema:Chapter
81 N2007e40727094ef8b4ad31717dbea085 schema:name dimensions_id
82 schema:value pub.1110133580
83 rdf:type schema:PropertyValue
84 N75e9a167b8684c32b2bd9b7210517a7f schema:familyName Mori
85 schema:givenName Paolo
86 rdf:type schema:Person
87 N8327f146b6b64f3ba4ff8dde7e26ae4b rdf:first Nd9c88a4699084e838ed16439469e3e4f
88 rdf:rest N97157d73410247879c4c501986ef59d6
89 N8d5a8534e37d4e1ab687ae37743445bb rdf:first sg:person.013404167044.28
90 rdf:rest rdf:nil
91 N917f863a918f42f0a368eeef07b63fd8 schema:name Springer Nature - SN SciGraph project
92 rdf:type schema:Organization
93 N97157d73410247879c4c501986ef59d6 rdf:first N75e9a167b8684c32b2bd9b7210517a7f
94 rdf:rest rdf:nil
95 Nbb3e8ed9ce5d40fbb98e4812d5f9e214 schema:isbn 978-3-030-04371-1
96 978-3-030-04372-8
97 schema:name Emerging Technologies for Authorization and Authentication
98 rdf:type schema:Book
99 Nc3ae64a9227e48eabff6227160bb7ab7 rdf:first sg:person.07601314332.16
100 rdf:rest N8d5a8534e37d4e1ab687ae37743445bb
101 Nd9c88a4699084e838ed16439469e3e4f schema:familyName Saracino
102 schema:givenName Andrea
103 rdf:type schema:Person
104 Ne8172a90ecab41c39d686d59fcc13a95 schema:name doi
105 schema:value 10.1007/978-3-030-04372-8_7
106 rdf:type schema:PropertyValue
107 Ne9e19c84d578427a9f9d7200ac20ecd1 schema:name Springer Nature
108 rdf:type schema:Organisation
109 Neaf7b897530b44e4b358749a1f6c1bef rdf:first sg:person.012361707104.86
110 rdf:rest Nc3ae64a9227e48eabff6227160bb7ab7
111 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
112 schema:name Information and Computing Sciences
113 rdf:type schema:DefinedTerm
114 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
115 schema:name Artificial Intelligence and Image Processing
116 rdf:type schema:DefinedTerm
117 sg:person.012361707104.86 schema:affiliation grid-institutes:grid.7445.2
118 schema:familyName Karafili
119 schema:givenName Erisa
120 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012361707104.86
121 rdf:type schema:Person
122 sg:person.013404167044.28 schema:affiliation grid-institutes:grid.7445.2
123 schema:familyName Lupu
124 schema:givenName Emil
125 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28
126 rdf:type schema:Person
127 sg:person.07601314332.16 schema:affiliation grid-institutes:grid.4970.a
128 schema:familyName Sgandurra
129 schema:givenName Daniele
130 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07601314332.16
131 rdf:type schema:Person
132 grid-institutes:grid.4970.a schema:alternateName Information Security Group, Royal Holloway, University of London, Egham, England
133 schema:name Information Security Group, Royal Holloway, University of London, Egham, England
134 rdf:type schema:Organization
135 grid-institutes:grid.7445.2 schema:alternateName Department of Computing, Imperial College London, London, England
136 schema:name Department of Computing, Imperial College London, London, England
137 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...