| Presentation | 2023-03-13 Evaluation and countermeasures of notification destination restoration attacks using password recovery functions of multiple web services Ryusei Ishikawa, Soramichi Akiyama, Atsuo Inomata, Tetsutaro Uehara, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Many web services with a login function using pair of ID and password have the password recovery function in case the user forgets his/her password. The password recovery function reveals a part of the email address which is to send the URL to recover the corresponding password. However, if the user has registered for multiple web services using the same ID, the attacker can easily guess the email address by aggregating the disclosed parts. In this paper, we discuss possible attack that reconstructs the email address using the password recovery function of multiple web services and evaluate its effectiveness. We also propose countermeasures against the attack that reconstructs email addresses. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Web / security / password recovery / email address / privacy |
| Paper # | ICSS2022-62 |
| Date of Issue | 2023-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2023/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Okinawaken Seinenkaikan |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Katsunari Yoshioka(Yokohama National Univ.) |
| Vice Chair | Takahiro Kasama(NICT) / Akira Yamada(KDDI labs.) |
| Secretary | Takahiro Kasama(Okayama Univ.) / Akira Yamada(Mitsubishi Electric) |
| Assistant | Takeshi Sugawara(Univ. of Electro-Comm.) / Yo Kanemoto(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluation and countermeasures of notification destination restoration attacks using password recovery functions of multiple web services |
| Sub Title (in English) | |
| Keyword(1) | Web |
| Keyword(2) | security |
| Keyword(3) | password recovery |
| Keyword(4) | email address |
| Keyword(5) | privacy |
| 1st Author's Name | Ryusei Ishikawa |
| 1st Author's Affiliation | Ritsumeikan University(Ritsumeikan Univ.) |
| 2nd Author's Name | Soramichi Akiyama |
| 2nd Author's Affiliation | Ritsumeikan University(Ritsumeikan Univ.) |
| 3rd Author's Name | Atsuo Inomata |
| 3rd Author's Affiliation | Ritsumeikan University, Osaka University(Ritsumeikan Univ., Osaka Univ.) |
| 4th Author's Name | Tetsutaro Uehara |
| 4th Author's Affiliation | Ritsumeikan University(Ritsumeikan Univ.) |
| Date | 2023-03-13 |
| Paper # | ICSS2022-62 |
| Volume (vol) | vol.122 |
| Number (no) | ICSS-422 |
| Page | pp.pp.85-90(ICSS), |
| #Pages | 6 |
| Date of Issue | 2023-03-06 (ICSS) |