Showing papers on "Internet security published in 2009"

Man-in-the-Middle Attack to the HTTPS Protocol

Abstract: Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over the Web.

Using web security scanners to detect vulnerabilities in web services

Abstract: Although web services are becoming business-critical components, they are often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow detecting security vulnerabilities in web services by stressing the service from the point of view of an attacker. However, research and practice show that different scanners have different performance on vulnerabilities detection. In this paper we present an experimental evaluation of security vulnerabilities in 300 publicly available web services. Four well known vulnerability scanners have been used to identify security flaws in web services implementations. A large number of vulnerabilities has been observed, which confirms that many services are deployed without proper security testing. Additionally, the differences in the vulnerabilities detected and the high number of false-positives (35% and 40% in two cases) and low coverage (less than 20% for two of the scanners) observed highlight the limitations of web vulnerability scanners on detecting security vulnerabilities in web services.

Analyzing Information Flow in JavaScript-Based Browser Extensions

Abstract: JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScript code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system. Even if a JSE is not overtly malicious, vulnerabilities in the JSE and the browser may allow a remote attacker to compromise browser security. We present Sabre (Security Architecture for Browser Extensions), a system that uses in-browser information-flow tracking to analyze JSEs. Sabre associates a label with each in-memory JavaScript object in the browser, which determines whether the object contains sensitive information. Sabre propagates labels as objects are modified by the JSE and passed between browser subsystems. Sabre raises an alert if an object containing sensitive information is accessed in an unsafe way, e.g., if a JSE attempts to send the object over the network or write it to a file. We implemented Sabre by modifying the Firefox browser and evaluated it using both malicious JSEs as well as benign ones that contained exploitable vulnerabilities. Our experiments show that Sabre can precisely identify potential information flow violations by JSEs.

Integrating wireless sensor networks and the internet: a security analysis

Abstract: Purpose – This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.Design/methodology/approach – The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.Findings – By providing the services of the network through a front‐end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.Research limitations/implications – The complete integration of sensor networks and the internet still remains as an open issue.Practical implications – With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certai...

The Application on Intrusion Detection Based on K-means Cluster Algorithm

Abstract: Internet security has been one of the most important problems in the world. Anomaly detection is the basic method to defend new attack in Intrusion Detection. Network intrusion detection is the process of monitoring the events occurring in a computing system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality. A wide variety of data mining techniques have been applied to intrusion detections. In data mining, clustering is the most important unsupervised learning process used to find the structures or patterns in a collection of unlabeled data. We use the K-means algorithm to cluster and analyze the data in this paper. Computer simulations show that this method can detect unknown intrusions efficiently in the real network connections.

Passwords: If We're So Smart, Why Are We Still Using Them?

Abstract: While a lot has changed in Internet security in the last 10 years, a lot has stayed the same --- such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to password forgetting and theft. In fact, despite large numbers of proposed alternatives, we must remember more passwords than ever before. Why is this? Will alphanumeric passwords still be ubiquitous in 2019, or will adoption of alternative proposals be commonplace? What must happen in order to move beyond passwords? This note pursues these questions, following a panel discussion at Financial Cryptography and Data Security 2009.

Data path security processing

Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.

BotGAD: detecting botnets by capturing group activities in network traffic

Abstract: Recent malicious attempts are intended to obtain financial benefits using a botnet which has become one of the major Internet security problems. Botnets can cause severe Internet threats such as DDoS attacks, identity theft, spamming, click fraud. In this paper, we define a group activity as an inherent property of the botnet. Based on the group activity model and metric, we develop a botnet detection mechanism, called BotGAD (Botnet Group Activity Detector). BotGAD enables to detect unknown botnets from large scale networks in real-time. Botnets frequently use DNS to rally infected hosts, launch attacks and update their codes. We implemented BotGAD using DNS traffic and showed the effectiveness by experiments on real-life network traces. BotGAD captured 20 unknown and 10 known botnets from two day campus network traces.

Security and Privacy Challenges in the Internet of Things

Abstract: The future Internet of Things as an intelligent collaboration of miniaturized sensors poses new challenges to security and end-user privacy. The ITU has identified that the protection of data and privacy of users is one of the key challenges in the Internet of Things [Int05]: lack of confidence about privacy will result in decreased adoption among users and therefore is one of the driving factors in the success of the Internet of Things. This paper gives an overview, categorization, and analysis of security and privacy challenges in the Internet of Things.

Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection

Abstract: A cross site request forgery (CSRF) attack occurs when a user's web browser is instructed by a malicious webpage to send a request to a vulnerable web site, resulting in the vulnerable web site performing actions not intended by the user. CSRF vulnerabilities are very common, and consequences of such attacks are most serious with financial websites. We recognize that CSRF attacks are an example of the confused deputy problem, in which the browser is viewed by websites as the deputy of the user, but may be tricked into sending requests that violate the user's intention. We propose Browser-Enforced Authenticity Protection (BEAP), a browser-based mechanism to defend against CSRF attacks. BEAP infers whether a request reflects the user's intention and whether an authentication token is sensitive, and strips sensitive authentication tokens from any request that may not reflect the user's intention. The inference is based on the information about the request (e.g., how the request is triggered and crafted) and heuristics derived from analyzing real-world web applications. We have implemented BEAP as a Firefox browser extension, and show that BEAP can effectively defend against the CSRF attacks and does not break the existing web applications.

Future Internet = content + services + management

Abstract: While the term future Internet has gained a lot of interest recently, there is little agreement on what this term means or what the future Internet looks like. By taking the viewpoint of an Internet user who is interested in using Internet services and not so much in the protocols that move data around, we first describe some possible future Internet services. In a second step we derive some network and service management requirements, and discuss some of them in more detail.

Firewall Policy Queries

Abstract: Firewalls are crucial elements in network security, and have been widely deployed in most businesses and institutions for securing private networks. The function of a firewall is to examine each incoming and outgoing packet and decide whether to accept or to discard the packet based on its policy. Due to the lack of tools for analyzing firewall policies, most firewalls on the Internet have been plagued with policy errors. A firewall policy error either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. Because a firewall may have a large number of rules and the rules often conflict, understanding and analyzing the function of a firewall has been known to be notoriously difficult. An effective way to assist firewall administrators to understand and analyze the function of their firewalls is by issuing queries. An example of a firewall query is "Which computers in the private network can receive packets from a known malicious host in the outside Internet?rdquo Two problems need to be solved in order to make firewall queries practically useful: how to describe a firewall query and how to process a firewall query. In this paper, we first introduce a simple and effective SQL-like query language, called the Structured Firewall Query Language (SFQL), for describing firewall queries. Second, we give a theorem, called the Firewall Query Theorem, as the foundation for developing firewall query processing algorithms. Third, we present an efficient firewall query processing algorithm, which uses decision diagrams as its core data structure. Fourth, we propose methods for optimizing firewall query results. Finally, we present methods for performing the union, intersect, and minus operations on firewall query results. Our experimental results show that our firewall query processing algorithm is very efficient: it takes less than 10 milliseconds to process a query over a firewall that has up to 10,000 rules.

Web security via response injection

Abstract: System and methods for injecting content into a response for improving client-side security. The system includes a content injection service external to network edges of at least one system. The content injection service receives a request from a client within the at least one system and identifies or anticipates a potential threat associated with the response. The content injection service is configured to determine an appropriate counter for the identified or anticipated potential threat and in response injects content into the response according to the potential or anticipated threat identified.

Cyber Insurance as an Incentivefor Internet Security

Abstract: Managing security risks in the Internet has, so far, mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this chapter, we consider the problem of whether buying insurance to protect the Internet and its users from security risks makes sense, and if so, identifying specific benefits of insurance and designing appropriate insurance policies.

SSL and TLS: Theory and Practice

Abstract: SSL (secure socket layer) and TLS (Transport Layer Security) are widely deployed security protocols that are used in all kinds of web-based e-commerce and e-business applications and are part of most contemporary security systems available today. This practical book provides a comprehensive introduction to these protocols, offering you a solid understanding of their design. Practitioners find discussions on the advantages and disadvantages of using SSL/TLS protocols compared to other Internet security protocols. This authoritative resource shows how to properly employ SSL and TLS and configure security solutions that are based on the use of the SSL/TLS protocols.

System and a method for remote monitoring customer security systems

Abstract: There is provided a system for remote monitoring a plurality of security systems connected to the Internet, the security systems being assigned dynamic IP addresses, each of the security systems comprising a remote monitoring server module, the system comprising a central alarm monitoring service connected to the Internet for periodically communicating with the plurality of security systems and determining a status thereof to generate an alarm signal as a function of the status, the alarm monitoring service storing a current IP address of the plurality of security systems in an IP address database, and a remote monitoring gateway providing authenticated or unauthenticated dynamic domain name service (DDNS) server functionality to connect a given remote monitoring client to a desired one of the security systems, the gateway being connected to the IP address database and to the Internet. There is further provided a method of remote monitoring a security system.

Securing Timeout Instructions in Web Applications

Abstract: Timeout mechanisms are a useful feature for web applications. However, these mechanisms need to be used with care because, if used as-is, they are vulnerable to timing attacks. This paper focuses on internal timing attacks, a particularly dangerous class of timing attacks, where the attacker needs no access to a clock. In the context of client-side web application security, we present JavaScript-based exploits against the timeout mechanism of the DOM (document object model), supported by the modern browsers. Our experimental findings reveal rather liberal choices for the timeout semantics by different browsers and motivate the need for a general security solution. We propose a foundation for such a solution in the form of a runtime monitor. We illustrate for a simple language that, while being more permissive than a typical static analysis, the monitor enforces termination-insensitive noninterference.

Study of Botnets and Their Threats to Internet Security

Abstract: Among all media of communications, Internet is most vulnerable to attacks owing to its public nature and virtually without centralized control. With the growing financial dealings and dependence of businesses on Internet, these attacks have even more increased. Whereas previously hackers would satisfy themselves by breaking into someone’s system, in today's world hackers' work under an organized crime plan to obtain illicit financial gains. Various attacks than include spamming, phishing, click fraud, distributed denial of services, hosting illegal material, key logging, etc. are being carried out by hackers using botnets. In this paper a detailed study of botnets vis-a-vis their creation, propagation, command and control techniques, communication protocols and relay mechanism is presented. The aim of this paper is to gain an insight of security threats that users of Internet are facing from hackers by the use of malicious botnets.

Energy-aware security in M-commerce and the internet of things

Abstract: Data privacy and security is a major concern for M-commerce and the Internet of Things. Security measures such as encryption may be implemented to protect confidentiality, integrity and availability. Limitations in processing power, battery life, communication bandwidth and memory constrain the applicability of existing cryptography standards for mobile devices. This paper describes an experiment to investigate the computational requirements for some of the most popular cryptographic algorithms with reference to power and resources consumption. Given reliable information on battery consumption, users can make informed decisions on which security schemes to use.

In-depth analysis of IPv6 security posture

Abstract: The version 6 of Internet Protocol (IPv6) is being gradually deployed worldwide. This paper analyzes the security of IPv6 protocol. is the analysis concludes that serious security vulnerabilities exist that are IPv6 specific. Therefore additional security measures are needed and more capable security management tools are required in IPv6 networks in order to achieve a security posture at parity with that of the IPv4 networks.

The Challenges of Effectively Anonymizing Network Data

Abstract: The uncertainties that currently exist about the efficacy of network data anonymization, from both technical and policy perspectives, leave the research community in a vulnerable position. Even as the field marches forward, it does so with little understanding of the implications of publishing anonymized network data on the privacy of the networks being monitored and the utility to researchers. Without that understanding, data publishers are left to wonder what fields must be anonymized to avoid legal fallout, while researchers question the confidence of results gained from the data. However, the extensive work done on micro- data anonymity provides the network research community with several useful insights about how to effectively apply anonymization to published data. At the same time, prior wisdom cannot be applied directly without first overcoming several challenges, including the development of appropriate privacy and utility definitions for the more complex case of network data. Addressing these challenges is essential, in our view, to ensure the continued, yet responsible, availability of network trace data to support security research.

Do You Trust Your Phone

Abstract: Despite the promising start, Electronic Commerce has not taken off mostly because of security issues with the communication infrastructures that are popping up threateningly undermining the perceived trustworthiness in Electronic Commerce. Some Internet security issues, like malware, phishing, pharming are well known to the Internet community. Such issues are being, however, transferred to the telephone networks thanks to the symbiotic relation between the two worlds. Such an interconnection is becoming so pervasive that we can really start thinking about a unique network, which, in this paper, we refer to as the Interphonet. The main goal of this paper is to analyze some of the Internet security issues that are being transferred to the Interphonet and also to identify new security issues of the Interphonet. In particular we will discuss about mobile phones malware and identity theft, phishing with SMS, telephone pharming, untraceability of phone calls that use VoIP and Caller ID spoofing. We will also briefly discuss about countermeasures.

Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model

Abstract: To evaluate the security of network information systems and perform active defense,this paper presents some models including defense graph model,attack-defense taxonomy and cost quantitative method,and Attack-Defense Game(ADG) model.Algorithms for selecting optimizing active defense strategy based on those models are proposed and analyzed in a representative network example.Results indicate that the models and methods are effective and efficient.

In-the-wire authentication: Protecting client-side critical data fields in secure network transactions

Abstract: Secure Internet services like online banking require a "trusted terminal" on the client-side. However, even where strong client-side security is employed, the client PC is often used for input and output of sensitive information like PINs/passwords, amounts, account numbers, etc. These transactions are therefore vulnerable to manipulation by malware. A method is presented here allowing web users to share small amounts of secret information including passwords and account numbers with a large number of existing Internet services by creating a cryptographically secure trusted path between the web user and the service. The trusted path is created with the support of a hand-held user terminal device "in-the-wire" between the user's PC and the service thus preventing malware on the user's PC from manipulating login and other sensitive data. A key feature is that the trusted terminal device can be retrofitted on the client-side and require no changes to the server-side. This creates a new class of client-centric communications security hardware allowing web users to protect their transactions using strong hardware security without relying on service providers. It offers the industry an alternative to the current service-centric approach which is often hamstrung by a chicken-and-egg problem of critical mass adoption.

Computer Security: Protecting Digital Resources

Abstract: Today, society is faced with numerous internet schemes, fraudulent scams, and identity theft that threaten our safety and our peace of mind. Computer Security: Protecting Digital Resources provides a broad approach to computer-related crime, electronic commerce, corporate networking, and internet security, topics that have become increasingly important as more and more threats are made on our internet environment. This book is oriented toward the average computer user, business professional, government worker, and the education community, with the expectation that the user can learn to use the network with some degree of safety and security. The author places emphasis on the numerous vulnerabilities and threats that are inherent in the Internet environment. Efforts are made to present techniques and suggestions to avoid identity theft and fraud. Readers will gain a clear insight into the many security issues facing the e-commerce networking, web, and internet environments and what you can do to keep your personal and business information secure.