情報學視域下的網(wǎng)站“第三方授權登錄”安全研究
發(fā)布時間:2018-09-06 16:03
【摘要】:在互聯(lián)網(wǎng)飛速發(fā)展和Web概念快速迭代的今天,賬戶信息安全一直都是廣大網(wǎng)絡用戶所關注的熱點問題。在安全、便捷等多種主客觀需求的驅(qū)動下,開發(fā)者制作了各種獨特的應用來滿足用戶需求。其中,以OAuth2.0協(xié)議為基礎的“第三方授權登錄”憑借著其便捷、安全等特性逐漸取代了傳統(tǒng)賬密登錄而得到廣泛應用,且趨勢越來越明顯。“第三方授權登錄”在網(wǎng)絡用戶信息組織和用戶登錄行為方面也帶來了巨大的變化,它使得用戶個人信息組織更加趨于集中,也為用戶登錄行為帶來了更多的不安全因素。為了揭示“第三方授權登錄”為用戶帶來的安全變化,本文運用了情報學和相關學科概念來揭示其運行機制及特點。本文調(diào)查了國內(nèi)社交類和電商類100多家網(wǎng)站的授權登錄選項,將收集到的數(shù)據(jù)利用社會網(wǎng)絡分析法對“第三方授權登錄”網(wǎng)站之間的關系進行分析并通過可視化方法展示出來。分析發(fā)現(xiàn),國內(nèi)“第三方授權登錄”分布廣、集中性較強。這一功能為用戶的使用提供了客觀的便利環(huán)境,但是“第三方授權登錄”的特性也使用戶個人信息存在安全結構洞,使得用戶在賬戶內(nèi)的信息變得更不安全。除此之外,本文以用戶的主觀安全意識及用戶信息行為研究對象,以發(fā)放問卷的形式調(diào)查收集用戶使用“第三方授權登錄”過程中的用戶信息行為與安全意識來進行分析。經(jīng)過分析發(fā)現(xiàn),網(wǎng)絡用戶信息安全意識有所提高。在調(diào)查中,絕大多數(shù)用戶使用過此項功能,但其中的大部分用戶并不了解“第三方授權登錄”,能充分使用“第三方授權登錄”各項功能并有意識借此保護自己信息安全的用戶也占少數(shù)。通過分析用戶使用“第三方授權登錄”的信息行為,本文發(fā)現(xiàn)了用戶的主觀安全意識問題。本文希望通過分析“第三方授權登錄”的安全問題來引起學界對現(xiàn)代網(wǎng)絡技術發(fā)展帶來的新的賬戶信息安全問題的重視。本文的研究成果將有助于拓展現(xiàn)有信息安全領域,發(fā)現(xiàn)新網(wǎng)絡環(huán)境下的用戶信息行為。最后,根據(jù)分析結果,從網(wǎng)站和用戶的角度分別給出適當?shù)慕ㄗh,來幫助用戶最大限度降低賬戶的安全風險。
[Abstract]:With the rapid development of the Internet and the rapid iteration of Web concepts, account information security has always been a hot issue for network users. Driven by various subjective and objective requirements such as security, convenience and so on, developers have developed a variety of unique applications to meet user needs. Login has been widely used because of its convenience, security and other characteristics, and the trend is becoming more and more obvious. Recording behavior brings more insecurity. In order to reveal the security changes brought about by "third party authorized login", this paper uses the concepts of information science and related disciplines to reveal its operating mechanism and characteristics. This paper investigates the authorized login options of more than 100 websites in China, including social and e-commerce, and uses the collected data. The social network analysis method analyzes the relationship between the "third-party authorized login" websites and displays it through visualization. The analysis shows that the "third-party authorized login" is widely distributed and highly centralized in China. This function provides an objective and convenient environment for users to use, but the "third-party authorized login" features are also. In addition, this paper investigates user information behavior and security awareness in the process of collecting user's "third party authorized login" by sending out questionnaires based on user's subjective security awareness and user information behavior. In the survey, most users have used this function, but most of them do not understand the "third party authorized login" and can fully use the "third party authorized login" functions and consciously protect their own information security. Users are also in the minority. By analyzing the information behavior of users using "third party authorized login", this paper finds out the subjective security consciousness of users. This paper hopes to arouse the attention of academia to the new account information security problem brought by the development of modern network technology by analyzing the security problem of "third party authorized login". Finally, according to the analysis results, some suggestions are given from the website and the user's point of view to help users minimize the account security risk.
【學位授予單位】:廣西民族大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.092
本文編號:2226850
[Abstract]:With the rapid development of the Internet and the rapid iteration of Web concepts, account information security has always been a hot issue for network users. Driven by various subjective and objective requirements such as security, convenience and so on, developers have developed a variety of unique applications to meet user needs. Login has been widely used because of its convenience, security and other characteristics, and the trend is becoming more and more obvious. Recording behavior brings more insecurity. In order to reveal the security changes brought about by "third party authorized login", this paper uses the concepts of information science and related disciplines to reveal its operating mechanism and characteristics. This paper investigates the authorized login options of more than 100 websites in China, including social and e-commerce, and uses the collected data. The social network analysis method analyzes the relationship between the "third-party authorized login" websites and displays it through visualization. The analysis shows that the "third-party authorized login" is widely distributed and highly centralized in China. This function provides an objective and convenient environment for users to use, but the "third-party authorized login" features are also. In addition, this paper investigates user information behavior and security awareness in the process of collecting user's "third party authorized login" by sending out questionnaires based on user's subjective security awareness and user information behavior. In the survey, most users have used this function, but most of them do not understand the "third party authorized login" and can fully use the "third party authorized login" functions and consciously protect their own information security. Users are also in the minority. By analyzing the information behavior of users using "third party authorized login", this paper finds out the subjective security consciousness of users. This paper hopes to arouse the attention of academia to the new account information security problem brought by the development of modern network technology by analyzing the security problem of "third party authorized login". Finally, according to the analysis results, some suggestions are given from the website and the user's point of view to help users minimize the account security risk.
【學位授予單位】:廣西民族大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.092
【參考文獻】
相關期刊論文 前10條
1 張曉娟;李貞貞;;智能手機用戶信息安全意識與行為研究[J];圖書館學研究;2017年02期
2 吳文曉;武濤;;我國社會網(wǎng)絡領域知識圖譜研究[J];情報工程;2016年06期
3 張瀘月;;高校移動閱讀推廣活動中讀者互動行為研究——基于社會網(wǎng)絡分析視角[J];圖書情報知識;2016年03期
4 張曉娟;劉霽;李貞貞;;移動互聯(lián)時代智能手機使用中的個人信息安全問題研究——大學生手機使用行為調(diào)查與分析[J];大學圖書情報學刊;2016年02期
5 車堯;李雪夢;璐羽;;社會網(wǎng)絡視角下戰(zhàn)略性新興產(chǎn)業(yè)的專利情報研究[J];情報科學;2015年07期
6 李力;丁寧;;國內(nèi)外移動社交類應用用戶信息行為研究進展[J];圖書情報工作;2015年10期
7 畢強;趙夷平;貫君;;基于社會網(wǎng)絡分析視角的微博學術信息交流實證分析[J];圖書館學研究;2015年09期
8 王娜;許大辰;;移動社交網(wǎng)絡中個人信息保護現(xiàn)狀的調(diào)查與分析——從用戶行為習慣視角出發(fā)[J];情報雜志;2015年01期
9 費琳;;國外圖情領域信息行為研究進展[J];情報科學;2014年12期
10 張小敏;;移動互聯(lián)網(wǎng)環(huán)境下用戶信息行為研究綜述[J];圖書館學刊;2014年10期
,本文編號:2226850
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2226850.html
最近更新
教材專著
