E-viri
Recenzirano
Odprti dostop
-
Kingo, Thomas; Aranha, Diego F.
Computers & security, September 2023, 2023-09-00, Letnik: 132Journal Article
MitID is the new electronic identification (eID) solution in Denmark. It provides access to many online services, including online banking, insurance, taxes, and health information. In this paper, we analyze the security of the new solution from the user experience perspective concerning Denial of Service (DoS), Social Engineering (SocEng), and other possible attacks that can be mounted without special privileges or obtaining unauthorized access. Our analysis shows that, even though the solution is of paramount importance to the Danish online infrastructure, the analyzed version did not adequately defend against simple attacks targeting specific users. With simple automated scripts, we were able to prevent a targeted user from authenticating for a period of 9 days; and show how an attacker can collect information to mount convincing SocEng attacks aiming at identity theft. Our findings were disclosed to the affected parties in December 2021, and since then, the solution has been updated two times. The first update in January 2022 rendered the SocEng attacks ineffective. However, due to the inherent design trade-offs, targeted DoS attacks were still unmitigated. The second update was in June 2023 and appears to address all of our findings.
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Vnos na polico
Trajna povezava
- URL:
Faktor vpliva
Dostop do baze podatkov JCR je dovoljen samo uporabnikom iz Slovenije. Vaš trenutni IP-naslov ni na seznamu dovoljenih za dostop, zato je potrebna avtentikacija z ustreznim računom AAI.
Leto | Faktor vpliva | Izdaja | Kategorija | Razvrstitev | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Baze podatkov, v katerih je revija indeksirana
Ime baze podatkov | Področje | Leto |
---|
Povezave do osebnih bibliografij avtorjev | Povezave do podatkov o raziskovalcih v sistemu SICRIS |
---|
Vir: Osebne bibliografije
in: SICRIS
To gradivo vam je dostopno v celotnem besedilu. Če kljub temu želite naročiti gradivo, kliknite gumb Nadaljuj.