{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:15:56Z","timestamp":1756383356699,"version":"3.40.5"},"reference-count":10,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,9,1]],"date-time":"2020-09-01T00:00:00Z","timestamp":1598918400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Science and Technology Major Project of China","award":["2018ZX03001010-005"],"award-info":[{"award-number":["2018ZX03001010-005"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Wireless Communications and Mobile Computing"],"published-print":{"date-parts":[[2020,9,1]]},"abstract":"<jats:p>We present a novel attack named \u201cAuthenticator Rebinding Attack,\u201d which aims at the Fast IDentity Online (FIDO) Universal Authentication Framework (UAF) protocol implemented on mobile devices. The presented Authenticator Rebinding Attack rebinds the victim\u2019s identity to the attacker\u2019s authenticator rather than the victim\u2019s authenticator being verified by the service in the UAF protocol, allowing the attacker to bypass the UAF protocol local authentication mechanism by imitating the victim to perform sensitive operations such as transfer and payment. The lack of effective authentication between entities in the implementations of the UAF protocol used in the actual system causes the vulnerability to the Authenticator Rebinding Attack. In this paper, we implement this attack on the Android platform and evaluate its implementability, where results show that the proposed attack is implementable in the actual system and Android applications using the UAF protocol are prone to such attack. We also discuss the possible countermeasures against the threats posed by Authenticator Rebinding Attack for different stakeholders implementing UAF on the Android platform.<\/jats:p>","DOI":"10.1155\/2020\/8819790","type":"journal-article","created":{"date-parts":[[2020,9,1]],"date-time":"2020-09-01T23:33:57Z","timestamp":1599003237000},"page":"1-14","source":"Crossref","is-referenced-by-count":4,"title":["Authenticator Rebinding Attack of the UAF Protocol on Mobile Devices"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3629-0233","authenticated-orcid":true,"given":"Hui","family":"Li","sequence":"first","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7658-483X","authenticated-orcid":true,"given":"Xuesong","family":"Pan","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"given":"Xinluo","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"given":"Haonan","family":"Feng","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"given":"Chengjie","family":"Shi","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100195, China"}]}],"member":"311","reference":[{"year":"2017","key":"1"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/CC.2016.7897543"},{"year":"2017","key":"4"},{"year":"2015","key":"5"},{"year":"2017","key":"14"},{"year":"2020","key":"18"},{"year":"2020","key":"19"},{"year":"2018","key":"21"},{"year":"2017","key":"25"},{"year":"2015","key":"28"}],"container-title":["Wireless Communications and Mobile Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8819790.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8819790.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8819790.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,1]],"date-time":"2020-09-01T23:33:59Z","timestamp":1599003239000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/wcmc\/2020\/8819790\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,1]]},"references-count":10,"alternative-id":["8819790","8819790"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8819790","relation":{},"ISSN":["1530-8669","1530-8677"],"issn-type":[{"type":"print","value":"1530-8669"},{"type":"electronic","value":"1530-8677"}],"subject":[],"published":{"date-parts":[[2020,9,1]]}}}