USBKey远程劫持技术分析

USBKey Remote Hijacking Technical Analysis

身份认证技术对于开放环境中的信息系统具有极其重要的作用,因此人们在实际应用中不断探索,研发了一系列身份认证技术。伴随密码学,智能卡等技术的发展和成熟,一种结合现代密码学、智能芯片、USB技术的认证方式终于出现在我们面前,这就是基于PKI(公共密钥基础设施)的USBKey认证方式。寻求一种基于API Hook的认证安全检测技术,用于验证基于USBKey的身份认证是否存在缺陷,并且提出相应的改进方案。

Authentication technology plays an important role in the open environment for information system, so people continue to explore practical applications, to find a series of authentication technology. With cryptography, smart card technology developing and maturing, a combination of modern cryptography, smart chip, USB authentication technology has finally appeared in front of us. In this paper we find a detection technique based on API Hook, used to verify the identity authentication based on USBKey.