IEEE Consumer Electronics Magazine - May 2018 - 53

Table 1. Eight different records in the moci.sqlite file between Dattacker and Dvictim.
Key

Value (ID1)

Value (ID2)

aq

1489063974653

1489061984928

ar

d3b2cd658c458400

9d2eb8a790b43f0f

as

58c149dab2d7330551ac...

58c14860cb8ac6317ca9...

ci

84789

86400

device_info

LGE Nexus 5X Android 7.1.1 (API 25)

LGE Nexus 5 Android 6.0.1 (API 23)

dv (in Korean)

No one knows who you are. What is my ideal type?

No one knows who you are. Please show off your lover!

dx

20

23

push_token

APA91bEUzS5v1J6i35p...

APA91bGcApwFvWdZOOj...

Mobile Subscriber Identity, electronic serial number,
media access control (MAC) address from a device's
Wi-Fi or Bluetooth hardware, and phone number. If the
attacker does not know the exact algorithm to generate
the device-specific key, the plaintext user credential data
cannot simply be extracted from the application's storage files.
Against this defense approach, an attacker may certainly
attempt to reverse-engineer the application to analyze the
key generation algorithm and its parameters. However, the
use of device-specific keys can considerably raise the bar for
attackers, because the cost of reverse engineering is significantly greater than that of reading files. In addition, there
exist a  number of antireverse-engineering techniques and
tools [13]-[15] to protect program codes, although it is
unclear whether such techniques are sufficiently strong to
protect sensitive software systems such as an encryption
algorithm implementation.

PREVENTING SUSPICIOUS LOGIN ATTEMPTS
Unfortunately, after successfully updating the attacker's files
with a victim's user credential data, it is not feasible to detect
automatic login attempts performed by the malefactor's
device, because the login attempt messages of both the victim
and the attacker's device are transmitted in exactly the same
manner. Alternatively, therefore, we can prevent suspicious
login attempts aimed at identifying the positions of user credential data in candidate storage files by targeting login patterns that are significantly different from normal ones. For
example, in the course of an attack, consecutive login
attempts with the wrong user credential data are periodically
made during a relatively short time. To prevent such login
attempts, a straightforward solution is limiting the number of
consecutive failed attempts from a particular device, e.g.,
based on its IMEI or MAC address. If we set this number
to, say, three, an attacker needs to exactly identify user

INCREASING THE SEARCH TIME FOR
IDENTIFYING USER CREDENTIAL DATA
As described in the "User Credential Cloning
Attack" section, an attacker has to search in the
collection of candidate files for user credential
data for extraction. Although this search process needs to be performed only once, we can
measurably boost the difficulty of the attack by
increasing the number of candidate paths for
the credential data. That is, the number of
changed fields and/or files can be intentionally
increased to make it more difficult for the
attacker to guess the correct positions of the
targeted information. Formally, given n candidate fields, 2 n - 1 different combinations should
be tested in the worst case. Therefore, if we
use a reasonably large value of n, identifying
user credential data becomes computationally
more expensive.

(a)

(b)

FIGURE 5. The results of a user credential cloning attack on the MOCI application: (a) before and (b) after the attack.

MAy 2018

^

IEEE Consumer Electronics Magazine

53



Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - May 2018

IEEE Consumer Electronics Magazine - May 2018 - Cover1
IEEE Consumer Electronics Magazine - May 2018 - Cover2
IEEE Consumer Electronics Magazine - May 2018 - 1
IEEE Consumer Electronics Magazine - May 2018 - 2
IEEE Consumer Electronics Magazine - May 2018 - 3
IEEE Consumer Electronics Magazine - May 2018 - 4
IEEE Consumer Electronics Magazine - May 2018 - 5
IEEE Consumer Electronics Magazine - May 2018 - 6
IEEE Consumer Electronics Magazine - May 2018 - 7
IEEE Consumer Electronics Magazine - May 2018 - 8
IEEE Consumer Electronics Magazine - May 2018 - 9
IEEE Consumer Electronics Magazine - May 2018 - 10
IEEE Consumer Electronics Magazine - May 2018 - 11
IEEE Consumer Electronics Magazine - May 2018 - 12
IEEE Consumer Electronics Magazine - May 2018 - 13
IEEE Consumer Electronics Magazine - May 2018 - 14
IEEE Consumer Electronics Magazine - May 2018 - 15
IEEE Consumer Electronics Magazine - May 2018 - 16
IEEE Consumer Electronics Magazine - May 2018 - 17
IEEE Consumer Electronics Magazine - May 2018 - 18
IEEE Consumer Electronics Magazine - May 2018 - 19
IEEE Consumer Electronics Magazine - May 2018 - 20
IEEE Consumer Electronics Magazine - May 2018 - 21
IEEE Consumer Electronics Magazine - May 2018 - 22
IEEE Consumer Electronics Magazine - May 2018 - 23
IEEE Consumer Electronics Magazine - May 2018 - 24
IEEE Consumer Electronics Magazine - May 2018 - 25
IEEE Consumer Electronics Magazine - May 2018 - 26
IEEE Consumer Electronics Magazine - May 2018 - 27
IEEE Consumer Electronics Magazine - May 2018 - 28
IEEE Consumer Electronics Magazine - May 2018 - 29
IEEE Consumer Electronics Magazine - May 2018 - 30
IEEE Consumer Electronics Magazine - May 2018 - 31
IEEE Consumer Electronics Magazine - May 2018 - 32
IEEE Consumer Electronics Magazine - May 2018 - 33
IEEE Consumer Electronics Magazine - May 2018 - 34
IEEE Consumer Electronics Magazine - May 2018 - 35
IEEE Consumer Electronics Magazine - May 2018 - 36
IEEE Consumer Electronics Magazine - May 2018 - 37
IEEE Consumer Electronics Magazine - May 2018 - 38
IEEE Consumer Electronics Magazine - May 2018 - 39
IEEE Consumer Electronics Magazine - May 2018 - 40
IEEE Consumer Electronics Magazine - May 2018 - 41
IEEE Consumer Electronics Magazine - May 2018 - 42
IEEE Consumer Electronics Magazine - May 2018 - 43
IEEE Consumer Electronics Magazine - May 2018 - 44
IEEE Consumer Electronics Magazine - May 2018 - 45
IEEE Consumer Electronics Magazine - May 2018 - 46
IEEE Consumer Electronics Magazine - May 2018 - 47
IEEE Consumer Electronics Magazine - May 2018 - 48
IEEE Consumer Electronics Magazine - May 2018 - 49
IEEE Consumer Electronics Magazine - May 2018 - 50
IEEE Consumer Electronics Magazine - May 2018 - 51
IEEE Consumer Electronics Magazine - May 2018 - 52
IEEE Consumer Electronics Magazine - May 2018 - 53
IEEE Consumer Electronics Magazine - May 2018 - 54
IEEE Consumer Electronics Magazine - May 2018 - 55
IEEE Consumer Electronics Magazine - May 2018 - 56
IEEE Consumer Electronics Magazine - May 2018 - 57
IEEE Consumer Electronics Magazine - May 2018 - 58
IEEE Consumer Electronics Magazine - May 2018 - 59
IEEE Consumer Electronics Magazine - May 2018 - 60
IEEE Consumer Electronics Magazine - May 2018 - 61
IEEE Consumer Electronics Magazine - May 2018 - 62
IEEE Consumer Electronics Magazine - May 2018 - 63
IEEE Consumer Electronics Magazine - May 2018 - 64
IEEE Consumer Electronics Magazine - May 2018 - 65
IEEE Consumer Electronics Magazine - May 2018 - 66
IEEE Consumer Electronics Magazine - May 2018 - 67
IEEE Consumer Electronics Magazine - May 2018 - 68
IEEE Consumer Electronics Magazine - May 2018 - 69
IEEE Consumer Electronics Magazine - May 2018 - 70
IEEE Consumer Electronics Magazine - May 2018 - 71
IEEE Consumer Electronics Magazine - May 2018 - 72
IEEE Consumer Electronics Magazine - May 2018 - 73
IEEE Consumer Electronics Magazine - May 2018 - 74
IEEE Consumer Electronics Magazine - May 2018 - 75
IEEE Consumer Electronics Magazine - May 2018 - 76
IEEE Consumer Electronics Magazine - May 2018 - 77
IEEE Consumer Electronics Magazine - May 2018 - 78
IEEE Consumer Electronics Magazine - May 2018 - 79
IEEE Consumer Electronics Magazine - May 2018 - 80
IEEE Consumer Electronics Magazine - May 2018 - 81
IEEE Consumer Electronics Magazine - May 2018 - 82
IEEE Consumer Electronics Magazine - May 2018 - 83
IEEE Consumer Electronics Magazine - May 2018 - 84
IEEE Consumer Electronics Magazine - May 2018 - 85
IEEE Consumer Electronics Magazine - May 2018 - 86
IEEE Consumer Electronics Magazine - May 2018 - 87
IEEE Consumer Electronics Magazine - May 2018 - 88
IEEE Consumer Electronics Magazine - May 2018 - 89
IEEE Consumer Electronics Magazine - May 2018 - 90
IEEE Consumer Electronics Magazine - May 2018 - 91
IEEE Consumer Electronics Magazine - May 2018 - 92
IEEE Consumer Electronics Magazine - May 2018 - 93
IEEE Consumer Electronics Magazine - May 2018 - 94
IEEE Consumer Electronics Magazine - May 2018 - 95
IEEE Consumer Electronics Magazine - May 2018 - 96
IEEE Consumer Electronics Magazine - May 2018 - 97
IEEE Consumer Electronics Magazine - May 2018 - 98
IEEE Consumer Electronics Magazine - May 2018 - 99
IEEE Consumer Electronics Magazine - May 2018 - 100
IEEE Consumer Electronics Magazine - May 2018 - 101
IEEE Consumer Electronics Magazine - May 2018 - 102
IEEE Consumer Electronics Magazine - May 2018 - 103
IEEE Consumer Electronics Magazine - May 2018 - 104
IEEE Consumer Electronics Magazine - May 2018 - 105
IEEE Consumer Electronics Magazine - May 2018 - 106
IEEE Consumer Electronics Magazine - May 2018 - 107
IEEE Consumer Electronics Magazine - May 2018 - 108
IEEE Consumer Electronics Magazine - May 2018 - 109
IEEE Consumer Electronics Magazine - May 2018 - 110
IEEE Consumer Electronics Magazine - May 2018 - 111
IEEE Consumer Electronics Magazine - May 2018 - 112
IEEE Consumer Electronics Magazine - May 2018 - 113
IEEE Consumer Electronics Magazine - May 2018 - 114
IEEE Consumer Electronics Magazine - May 2018 - 115
IEEE Consumer Electronics Magazine - May 2018 - 116
IEEE Consumer Electronics Magazine - May 2018 - 117
IEEE Consumer Electronics Magazine - May 2018 - 118
IEEE Consumer Electronics Magazine - May 2018 - 119
IEEE Consumer Electronics Magazine - May 2018 - 120
IEEE Consumer Electronics Magazine - May 2018 - Cover3
IEEE Consumer Electronics Magazine - May 2018 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com