MijnID - Security for an Android Application
作者: T.P. Van Helden , A. Ten Napel , A. Narwade
DOI:
关键词:
摘要: This document reports the development of a proof concept for MijnID Android mobile application. Identity theft and identity fraud are serious problems, leaving thousands Dutch citizens with debts damages each year. aims to improve detection by providing users insight on what is happening their personal details as they stored in government databases. early key mitigate damages. In this report we discuss problem, project aims, outcome further development. The core functional features app consist verifying user DigiD, logging application PIN, viewing data safely reporting changes database user. focuses security privacy during transport it shown We use scrum test-driven guide process. Unfortunately will be target numerous types attackers attacks. map these attacks, define scope base requirements threats within that scope. Functional derived from wishes various parties involved. design process one constant adjustment changing limited experience play large role. implement well dummy environment, which consists server database. environment mimics behaviour real function. Furthermore, interact testing DigiD. Automated manual test outcomes used evaluate requirements. manage meet 80% all over 85% Challenges team faced discussed well. These challenges range implementation issues ethical considerations. Several recommendations provided deal open continue future.
tudelft.nl参考文章(34)
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Sean Whalen, Sophie Engle, Dominic Romeo, AN INTRODUCTION TO ARP SPOOFING ,(2001)
Theo de Raadt, Angelos D. Keromytis, Niels Provos, Niklas Hallqvist, Artur Grabowski, Cryptography in OpenBSD: an overview usenix annual technical conference. pp. 33- 33 ,(1999)
Fabrizio Valpreda, GUI Graphical User Interface Istituto della Enciclopedia Italiana G. Treccani. ,vol. 1, pp. 498- 498 ,(2012)
Han-Chieh Chao, Jean-Pierre Seifert, Shiguo Lian, Liang Zhou, Editorial: Dependable multimedia communications: Systems, services, and applications Journal of Network and Computer Applications. ,vol. 34, pp. 1447- 1448 ,(2011) , 10.1016/J.JNCA.2011.07.001
Hugo Krawczyk, Perfect Forward Secrecy. Encyclopedia of Cryptography and Security (2nd Ed.). pp. 921- 922 ,(2005)
Wayne C. Summers, Edward Bosworth, Password policy: the good, the bad, and the ugly Proceedings of the winter international synposium on Information and communication technologies. pp. 1- 6 ,(2004) , 10.5555/984720.984724
David Mazières, Niels Provos, A future-adaptive password scheme usenix annual technical conference. pp. 32- 32 ,(1999)
Mike Beedle, Ken Schwaber, Agile Software Development with SCRUM ,(2001)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)