research-article

A note on the security of code memo

Authors:

Mobility '07: Proceedings of the 4th international conference on mobile technology, applications, and systems and the 1st international symposium on Computer human interaction in mobile technology

Pages 261 - 267

https://doi.org/10.1145/1378063.1378107

Published: 10 September 2007 Publication History

Get Access

Abstract

Today, secret codes such as passwords and PINs are the most prevalent means for user authentication. Because of the constantly growing number of required secret codes, computer users are increasingly overtaxed. This leads to many problems in daily use, e.g., costs due to forgotten passwords in enterprises and security problems through bad password practice. Storing secret codes on mobile phones seems to be some kind of panacea to have secret codes always available since mobile phones are today's permanent companions. Code Memo is a software that is used on mobile phones to store secret codes in a safe way; it is provided as firmware on Sony Ericsson mobile phones. We assume that the intention of the Code Memo designers was to provide an ideal cipher system according to Shannon's classification, i.e., it leaves an adversary with uncertainty w.r.t. the correct decryption key. In this paper we show how to break Code Memo. For our attack, we have identified feedback channels in Code Memo that can be exploited for distinguishing correct master passwords from incorrect ones, and thereby, sieving candidates of master passwords. This weakness allows attackers in a realistic setting to identify the correct master password, and thus, to obtain all the stored passwords and PINs.

References

[1]

P. Ducklin. Simple advice for more sensible password use. http://www.sophos.com, Apr. 2006.

Google Scholar

[2]

W. Harrison. Passwords and Passion. IEEE Software, 23(4), July/August 2006.

Digital Library

Google Scholar

[3]

G. Hayday. IT users in password hell. ZDNet UK News, Dec. 2002.

Google Scholar

[4]

G. Hayday. Counting the costs of forgotten passwords. ZDNet UK News, Jan. 2003.

Google Scholar

[5]

SafeNet. 2004 Annual Password Survey Results. SafeNet (Inc.), http://www.safenet-inc.com, 2004.

Google Scholar

[6]

C. Shannon. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28(4), 1949.

Google Scholar

[7]

Sophos. Employee password choices put business at risk. http://www.sophos.com, Apr. 2006.

Google Scholar

[8]

J. VanAuken. Review: Password Management: Grief Relief. Information Week, http://www.informationweek.com, Jan. 2006.

Google Scholar

Index Terms

A note on the security of code memo

Recommendations

Security analysis of an identity-based strongly unforgeable signature scheme

Identity-based signature (IBS) is a specific type of public-key signature (PKS) where any identity string ID can be used for the public key of a user. Although an IBS scheme can be constructed from any PKS scheme by using the certificate paradigm, it is ...
Security analysis and improvement of a double-trapdoor encryption scheme

At Asia Crypt'03, Bresson et al. proposed a probabilistic public-key encryption scheme with a double-trapdoor decryption mechanism. In this paper, we provide security analysis of it, and point out three insecurities of the encryption scheme. It suffers ...
On the security of a strong provably secure identity-based encryption scheme without bilinear pairing

The identity-based encryption scheme enables a sender to generate the ciphertext using a receiver's identity and system's parameters. Because of its convenience, the identity-based encryption scheme has been widely used in many practical applications. ...

Comments

Information & Contributors

Information

Published In

Mobility '07: Proceedings of the 4th international conference on mobile technology, applications, and systems and the 1st international symposium on Computer human interaction in mobile technology

September 2007

702 pages

ISBN:9781595938190

DOI:10.1145/1378063

General Chairs:
Peter H. J. Chong
Nanyang Technological University, Singapore
,
Adrian David Cheok
National University of Singapore, Singapore

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 September 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MC07

Sponsor:

SIGMOBILE

MC07: 4th Mobility Conference: International Conference on Mobile Technology, Application & Systems

September 10 - 12, 2007

Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
170
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Index Terms

Recommendations

Security analysis of an identity-based strongly unforgeable signature scheme

Security analysis and improvement of a double-trapdoor encryption scheme

On the security of a strong provably secure identity-based encryption scheme without bilinear pairing

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations