IEEE Consumer Electronics Magazine - May 2018 - 52
FIGURE 3. A user credential file (com.starbucks.co_preferences.xml) in the Starbucks application. Some important fields are highlighted
in red boxes.
MOCI
We also performed a user credential cloning attack on the
MOCI application. Unlike the Starbucks application using the
Shared Preferences file, MOCI uses the SQLite
Databases file (moci.sqlite) to store the user credential
data for automatic login. The moci.sqlite file consists of
three tables. The user credential data are stored in the prefs
table, with 44 records. When we compared the prefs table
for D attacker with that for D victim, the specific eight records were
different only between those tables (see Table 1). Therefore,
when we replaced those records for D attacker with the ones
for D victim, we successfully performed the user credential
cloning attack.
Figure 5 displays the results before and after performing
our attack on the MOCI application. In this figure, we can
also see that different account information is displayed
according to which user credential data are used. Even
though the user credential attack works well by simply copying all of the eight changed records, we concluded, after carefully inspecting the differences between the eight D attacker and
D victim records, that only two (ar and as) are associated with
the user credential data.
USER CREDENTIAL CLONING ATTACK PREVENTION
In this section, we discuss five possible defense strategies to
mitigate user credential cloning attacks.
BINDING USER CREDENTIAL
DATA TO A SPECIFIC DEVICE
(a)
(b)
FIGURE 4. The results of a user credential cloning attack on the Starbucks application: (a) before and (b) after the attack.
52 IEEE Consumer Electronics Magazine
^
MAy 2018
Our first strategy is to bind user credential data
in the target application to a specific device to
prevent an attacker from reusing user credential
data for his or her own device. To achieve this, a
typical method is to use cryptographic primitives, such as encryption.
For example, we can store user credential
data in encrypted form so that only an authorized application (running on a specific device)
can access the plaintext user credential data
in that form. For this purpose, user credential
data are encrypted with a key that is generated at runtime by the application with devicespecific attributes. Such attributes may include
the device model, operating system, International Mobile Equipment Identity (IMEI),
mobile equipment identifier, International
�
Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - May 2018
IEEE Consumer Electronics Magazine - May 2018 - Cover1
IEEE Consumer Electronics Magazine - May 2018 - Cover2
IEEE Consumer Electronics Magazine - May 2018 - 1
IEEE Consumer Electronics Magazine - May 2018 - 2
IEEE Consumer Electronics Magazine - May 2018 - 3
IEEE Consumer Electronics Magazine - May 2018 - 4
IEEE Consumer Electronics Magazine - May 2018 - 5
IEEE Consumer Electronics Magazine - May 2018 - 6
IEEE Consumer Electronics Magazine - May 2018 - 7
IEEE Consumer Electronics Magazine - May 2018 - 8
IEEE Consumer Electronics Magazine - May 2018 - 9
IEEE Consumer Electronics Magazine - May 2018 - 10
IEEE Consumer Electronics Magazine - May 2018 - 11
IEEE Consumer Electronics Magazine - May 2018 - 12
IEEE Consumer Electronics Magazine - May 2018 - 13
IEEE Consumer Electronics Magazine - May 2018 - 14
IEEE Consumer Electronics Magazine - May 2018 - 15
IEEE Consumer Electronics Magazine - May 2018 - 16
IEEE Consumer Electronics Magazine - May 2018 - 17
IEEE Consumer Electronics Magazine - May 2018 - 18
IEEE Consumer Electronics Magazine - May 2018 - 19
IEEE Consumer Electronics Magazine - May 2018 - 20
IEEE Consumer Electronics Magazine - May 2018 - 21
IEEE Consumer Electronics Magazine - May 2018 - 22
IEEE Consumer Electronics Magazine - May 2018 - 23
IEEE Consumer Electronics Magazine - May 2018 - 24
IEEE Consumer Electronics Magazine - May 2018 - 25
IEEE Consumer Electronics Magazine - May 2018 - 26
IEEE Consumer Electronics Magazine - May 2018 - 27
IEEE Consumer Electronics Magazine - May 2018 - 28
IEEE Consumer Electronics Magazine - May 2018 - 29
IEEE Consumer Electronics Magazine - May 2018 - 30
IEEE Consumer Electronics Magazine - May 2018 - 31
IEEE Consumer Electronics Magazine - May 2018 - 32
IEEE Consumer Electronics Magazine - May 2018 - 33
IEEE Consumer Electronics Magazine - May 2018 - 34
IEEE Consumer Electronics Magazine - May 2018 - 35
IEEE Consumer Electronics Magazine - May 2018 - 36
IEEE Consumer Electronics Magazine - May 2018 - 37
IEEE Consumer Electronics Magazine - May 2018 - 38
IEEE Consumer Electronics Magazine - May 2018 - 39
IEEE Consumer Electronics Magazine - May 2018 - 40
IEEE Consumer Electronics Magazine - May 2018 - 41
IEEE Consumer Electronics Magazine - May 2018 - 42
IEEE Consumer Electronics Magazine - May 2018 - 43
IEEE Consumer Electronics Magazine - May 2018 - 44
IEEE Consumer Electronics Magazine - May 2018 - 45
IEEE Consumer Electronics Magazine - May 2018 - 46
IEEE Consumer Electronics Magazine - May 2018 - 47
IEEE Consumer Electronics Magazine - May 2018 - 48
IEEE Consumer Electronics Magazine - May 2018 - 49
IEEE Consumer Electronics Magazine - May 2018 - 50
IEEE Consumer Electronics Magazine - May 2018 - 51
IEEE Consumer Electronics Magazine - May 2018 - 52
IEEE Consumer Electronics Magazine - May 2018 - 53
IEEE Consumer Electronics Magazine - May 2018 - 54
IEEE Consumer Electronics Magazine - May 2018 - 55
IEEE Consumer Electronics Magazine - May 2018 - 56
IEEE Consumer Electronics Magazine - May 2018 - 57
IEEE Consumer Electronics Magazine - May 2018 - 58
IEEE Consumer Electronics Magazine - May 2018 - 59
IEEE Consumer Electronics Magazine - May 2018 - 60
IEEE Consumer Electronics Magazine - May 2018 - 61
IEEE Consumer Electronics Magazine - May 2018 - 62
IEEE Consumer Electronics Magazine - May 2018 - 63
IEEE Consumer Electronics Magazine - May 2018 - 64
IEEE Consumer Electronics Magazine - May 2018 - 65
IEEE Consumer Electronics Magazine - May 2018 - 66
IEEE Consumer Electronics Magazine - May 2018 - 67
IEEE Consumer Electronics Magazine - May 2018 - 68
IEEE Consumer Electronics Magazine - May 2018 - 69
IEEE Consumer Electronics Magazine - May 2018 - 70
IEEE Consumer Electronics Magazine - May 2018 - 71
IEEE Consumer Electronics Magazine - May 2018 - 72
IEEE Consumer Electronics Magazine - May 2018 - 73
IEEE Consumer Electronics Magazine - May 2018 - 74
IEEE Consumer Electronics Magazine - May 2018 - 75
IEEE Consumer Electronics Magazine - May 2018 - 76
IEEE Consumer Electronics Magazine - May 2018 - 77
IEEE Consumer Electronics Magazine - May 2018 - 78
IEEE Consumer Electronics Magazine - May 2018 - 79
IEEE Consumer Electronics Magazine - May 2018 - 80
IEEE Consumer Electronics Magazine - May 2018 - 81
IEEE Consumer Electronics Magazine - May 2018 - 82
IEEE Consumer Electronics Magazine - May 2018 - 83
IEEE Consumer Electronics Magazine - May 2018 - 84
IEEE Consumer Electronics Magazine - May 2018 - 85
IEEE Consumer Electronics Magazine - May 2018 - 86
IEEE Consumer Electronics Magazine - May 2018 - 87
IEEE Consumer Electronics Magazine - May 2018 - 88
IEEE Consumer Electronics Magazine - May 2018 - 89
IEEE Consumer Electronics Magazine - May 2018 - 90
IEEE Consumer Electronics Magazine - May 2018 - 91
IEEE Consumer Electronics Magazine - May 2018 - 92
IEEE Consumer Electronics Magazine - May 2018 - 93
IEEE Consumer Electronics Magazine - May 2018 - 94
IEEE Consumer Electronics Magazine - May 2018 - 95
IEEE Consumer Electronics Magazine - May 2018 - 96
IEEE Consumer Electronics Magazine - May 2018 - 97
IEEE Consumer Electronics Magazine - May 2018 - 98
IEEE Consumer Electronics Magazine - May 2018 - 99
IEEE Consumer Electronics Magazine - May 2018 - 100
IEEE Consumer Electronics Magazine - May 2018 - 101
IEEE Consumer Electronics Magazine - May 2018 - 102
IEEE Consumer Electronics Magazine - May 2018 - 103
IEEE Consumer Electronics Magazine - May 2018 - 104
IEEE Consumer Electronics Magazine - May 2018 - 105
IEEE Consumer Electronics Magazine - May 2018 - 106
IEEE Consumer Electronics Magazine - May 2018 - 107
IEEE Consumer Electronics Magazine - May 2018 - 108
IEEE Consumer Electronics Magazine - May 2018 - 109
IEEE Consumer Electronics Magazine - May 2018 - 110
IEEE Consumer Electronics Magazine - May 2018 - 111
IEEE Consumer Electronics Magazine - May 2018 - 112
IEEE Consumer Electronics Magazine - May 2018 - 113
IEEE Consumer Electronics Magazine - May 2018 - 114
IEEE Consumer Electronics Magazine - May 2018 - 115
IEEE Consumer Electronics Magazine - May 2018 - 116
IEEE Consumer Electronics Magazine - May 2018 - 117
IEEE Consumer Electronics Magazine - May 2018 - 118
IEEE Consumer Electronics Magazine - May 2018 - 119
IEEE Consumer Electronics Magazine - May 2018 - 120
IEEE Consumer Electronics Magazine - May 2018 - Cover3
IEEE Consumer Electronics Magazine - May 2018 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com