English  |  正體中文  |  简体中文  |  Items with full text/Total items : 75369/75369 (100%)
Visitors : 24799463      Online Users : 609
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/88340

    Title: BSET: Android 行動支付之生物辨識功能驗證工具;BSET: A Biometric Security Evaluation Tool for Android Mobile Payment
    Authors: 郭峻安;Kuo, Chun-An
    Contributors: 資訊工程學系在職專班
    Keywords: 行動支付應用程式;Android;生物辨識;Frida;Mobile Payment apps;Android;Biometric;Frida
    Date: 2022-06-14
    Issue Date: 2022-07-13 23:04:27 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著科技發展,行動裝置逐漸普及,而數位經濟時代的來臨使得行動支付成為未來發展的趨勢,加上行動裝置上大多已經裝載生物辨識功能,進一步提升了行動支付的便利性。現有大多行動支付應用程式因便利性大多支援生物辨識功能,而行動支付應用程式中生物辨識功能的安全性會取決於開發人員編寫程式碼的方式。
    本研究使用Android生物辨識功能驗證工具來驗證台灣常用的9款Android行動支付應用程式,利用Frida注入生物辨識繞過腳本,再透過靜態與動態分析瞭解程式運作邏輯,發現大多數行動支付應用程式沒有使用安全的方式撰寫生物辨識功能,導致生物辨識功能可以被惡意的第三方繞過。後續我們將這些漏洞透過Google Play商店上的開發者信箱進行通報,協助提升整體行動支付應用程式的安全性。;With the development of technology, mobile devices are gradually becoming more and more popular, and the advent of the digital economy has made mobile payment a trend for the future, and most mobile devices are already equipped with biometric functions, further enhancing the convenience of mobile payment apps. Most existing mobile payment apps support biometric features for convenience, and the security of biometric features in mobile payment apps will depend on the way the code is written by the developer.
    This study uses the Android biometric verification tool to verify 9 popular Android mobile payment apps in Taiwan, using Frida to inject biometric bypass scripts, and then using static and dynamic analysis to understand the logic of the program′s operation, and found that most of the mobile payment apps did not use a secure way to write biometric functions, resulting in biometric results that can be bypassed by malicious third parties. These vulnerabilities are subsequently reported through the developer mailbox on the Google Play Store to help improve the overall security of mobile payment apps.
    Appears in Collections:[資訊工程學系碩士在職專班 ] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明