Failures of security APIs: a new case

Abdalnaser Algwil; Jeff Yan

doi:10.1007/978-3-662-54970-4_17

Failures of security APIs: a new case

Abdalnaser Algwil, Jeff Yan^*

^*Corresponding author for this work

Computer And Information Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution book

Abstract

We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.

Original language	English
Title of host publication	Financial Cryptography and Data Security
Subtitle of host publication	20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers
Editors	Jens Grossklags, Bart Preneel
Place of Publication	Cham, Switzerland
Publisher	Springer
Pages	283-298
Number of pages	16
ISBN (Print)	9783662549698
DOIs	https://doi.org/10.1007/978-3-662-54970-4_17
Publication status	Published - 17 May 2017
Event	20th International Conference on Financial Cryptography and Data Security, FC 2016 - Christ Church, Barbados Duration: 22 Feb 2016 → 26 Feb 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9603 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	20th International Conference on Financial Cryptography and Data Security, FC 2016
Country/Territory	Barbados
City	Christ Church
Period	22/02/16 → 26/02/16

Keywords

API attacks
architecture analysis for security
CAPTCHA
web security

Access to Document

10.1007/978-3-662-54970-4_17

Cite this

Algwil, A., & Yan, J. (2017). Failures of security APIs: a new case. In J. Grossklags, & B. Preneel (Eds.), Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers (pp. 283-298). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9603 LNCS). Springer. https://doi.org/10.1007/978-3-662-54970-4_17

Algwil, Abdalnaser ; Yan, Jeff. / Failures of security APIs : a new case. Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers. editor / Jens Grossklags ; Bart Preneel. Cham, Switzerland : Springer, 2017. pp. 283-298 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{689a2db0a0eb41df9b3b86eba203870e,

title = "Failures of security APIs: a new case",

abstract = "We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.",

keywords = "API attacks, architecture analysis for security, CAPTCHA, web security",

author = "Abdalnaser Algwil and Jeff Yan",

year = "2017",

month = may,

day = "17",

doi = "10.1007/978-3-662-54970-4\_17",

language = "English",

isbn = "9783662549698",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "283--298",

editor = "Jens Grossklags and Bart Preneel",

booktitle = "Financial Cryptography and Data Security",

note = "20th International Conference on Financial Cryptography and Data Security, FC 2016 ; Conference date: 22-02-2016 Through 26-02-2016",

}

Algwil, A & Yan, J 2017, Failures of security APIs: a new case. in J Grossklags & B Preneel (eds), Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9603 LNCS, Springer, Cham, Switzerland, pp. 283-298, 20th International Conference on Financial Cryptography and Data Security, FC 2016, Christ Church, Barbados, 22/02/16. https://doi.org/10.1007/978-3-662-54970-4_17

Failures of security APIs: a new case. / Algwil, Abdalnaser; Yan, Jeff.
Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers. ed. / Jens Grossklags; Bart Preneel. Cham, Switzerland: Springer, 2017. p. 283-298 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9603 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution book

TY - GEN

T1 - Failures of security APIs

T2 - 20th International Conference on Financial Cryptography and Data Security, FC 2016

AU - Algwil, Abdalnaser

AU - Yan, Jeff

PY - 2017/5/17

Y1 - 2017/5/17

N2 - We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.

AB - We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.

KW - API attacks

KW - architecture analysis for security

KW - CAPTCHA

KW - web security

UR - https://www.scopus.com/pages/publications/85019761873

U2 - 10.1007/978-3-662-54970-4_17

DO - 10.1007/978-3-662-54970-4_17

M3 - Conference contribution book

AN - SCOPUS:85019761873

SN - 9783662549698

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 283

EP - 298

BT - Financial Cryptography and Data Security

A2 - Grossklags, Jens

A2 - Preneel, Bart

PB - Springer

CY - Cham, Switzerland

Y2 - 22 February 2016 through 26 February 2016

ER -

Algwil A, Yan J. Failures of security APIs: a new case. In Grossklags J, Preneel B, editors, Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers. Cham, Switzerland: Springer. 2017. p. 283-298. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-662-54970-4_17

Failures of security APIs: a new case

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this