Presentation is loading. Please wait.

Presentation is loading. Please wait.

No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15.

Published byCharlotte Allen Modified over 8 years ago

Similar presentations

Presentation on theme: "No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15."— Presentation transcript:

1 No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15

2 Introduction Augmented reality (AR) browsers add interactive virtual objects to the user’s view of the physical world Popular AR browsers are Junaio, Layar, Wikitude

3 AR applications have three stages - –access sensors on mobile device (GPS, camera) –create and manipulate a variety of 2D and 3D interactive virtual objects –display virtual objects on top of the camera feed

4 Architecture of AR Service Users access third-party AR content through dedicated AR servers. AR content providers host it in their servers and register their content with AR service-providers AR content are channels

5 AR functional requirements Access to native resources on the user's device –access to onboard camera and GPS location Support of interactive AR content –channels include service specific XML or JSON Image-triggered code execution –automatically recognize picture and launch channels Outsourced image processing –send images from phone's camera to provider for processing Visual composition of AR conent Indirect retrieval of AR content

6 Components of AR services AR browsers AR channels –specify AR content for display and how to display it –specify actions to take AR servers

7 Specific AR browers

8 Threat model AR attackers –controls malacious contents and trick users into visiting them Ad attackers –tricks AR channels into incorporating malacious content Web attackers –controls own website and lure users to it via ads Curious AR services –privacy risks caused by user-specific visual data Network attackers –man-in-the-middle attacks

9 Out-of-sandbox Native access Access network device resources Can be accessed by any web content regardless of origin Launching AR browsers through custom URLs execute native commands directly without user permission.

10 Risks Conventional Web content breaking out of the sandbox. Malicious ads breaking out of the sandbox Malicious AR content abusing native access

11 How to do it right Interfaces to native resources must be prtected by origin- based access control AR browsers should be re-designed to support native- access permissions users should be asked for permission whenever AR browser is invoked automatically

12 Support for Non-HTML AR content AR objects such as 2D, 3D models, animations cannot be described in HTML alone and hence AR browsers rely on XML or JSON definitions AR browsers may combine contents from different origins Conventional web browsers follow same-origin policy (SOP) Difficult to implement as objects must be described in XML or JSON which are not governed by SOP

13 Doing it wrong AR objects defined in XML Transperant overlay provides GUI functionality overlay may belong to a different origin

14 Risks Cross-site scripting –A malacious channel can specify any origin for the transparent page and associate arbitrary script with button –Clicking this button allows unrestricted access to all contents from page's origin

15 Risks Universal cross-site scripting –Malacious Java-script hidden in ad can change script associated with pop- up –change URL of the transperant overlay

16 How to do it right Quick patches –Ensure that the origin of the HTML is same –sanitize XML so that it does not contain scripts Principled solutions –AR browsers must use custom mechanisms to enable HTML content to control these objects –Extend same origin policy to AR tags

17 Image-Triggered Code Execution AR service continuously analyze camera feed On recognizing an image associated with a channel it automatically launches channel conent User cannot preview the URL or any other information

18 Risks Fully automated, stealthy, large-scale tracking –used for automated stalking and tracking Automatically launching malicious content –attacker registers an image trigger similar to that of a trusted channel –AR browser may be tricked into automatically launching the malicious channel –same picture may be asssociated with multiple channels

19 How to do it right Filter out images during channel registration but requires deep semantic analysis of submitted image AR browser should inform the user about the origin of AR content image triggered code execution should be used only with trusted channels

20 Outsourced image processing AR browsers do not process the cptured image on the device and send them to AR servers –to inject ads, charging content providers –to facilitate image based channel launching, recognition of triggered images –computationally intensive and hence unsuitable for execution in low-powered mobile devices

21 Risks network attackers who observe network traffic device and the provider's AR –raw images are sent over unencrypted HTTP –combining images and location data is a serious privacy concern AR services –tremendous amount of raw data collected (screens, credit cards, license plates etc) –user has no way to learn which data is sent

22 How to do it right A secure protocol to prevent accidental leakage of irrelevant information If a server is attempting to recognize a channel trigger on a magazine page there is no need to see physical objects surrounding the page –difficult to implement –Some prototype systems available in the domain of computer vision which can be directly used

23 Visual decomposition To render 2D and 3D images and HTML content from multiple origins AR browsers mantain complex visual stacks AR browsers have to deal with both HTML and non- HTML content –conventional defence based on framebusting does not work –maicious AR channel can overlay content from other origin on top of itself.

24 Risks By cleaverly overlaying HTML widgets from different origins a malicious channel can hijack user's clicks

25 How to do it right A whole-browser equivalent of X-Frame-Option Layar already prevents non-widget objects from covering widgets using conventional browsers to render AR content is dangerous A principled solution should involve a clean-slate redesign of user interfaces

26 Indirect retrieval of AR content Content requests must pass through the AR provider's own server Some AR browsers enable third-party channels to authenticate users or keep track of preferences When the browser first loads the channel, the cookies are set by the channel’s authentication page and thus correctly bound to the channel’s origin at that time If the origin changes, the server notes the change and forwards requests accordingly server does not notify the browser of the change

27 User authentication

28 Risks AR attackers lie about their channel's URL By “desynchronizing” the Layar browser’s and the Layar server’s understanding of the channel’s origin, a malicious channel can steal cookies from any origin

29 How to do it right Avoid replicating the state of the browser on the Layar server. Layar server to ensure that it agrees with the browser about the channel server’s URL use an authentication protocol that supports delegation

Download ppt "No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15."

Similar presentations

HTML Forms. collect information for passing to server- side processes built up from standard widgets –text-input, radio buttons, check boxes, option lists,

HTML Forms. collect information for passing to server- side processes built up from standard widgets –text-input, radio buttons, check boxes, option lists,
1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Web App Development with ASP.NET. Introduction In this chapter, we introduce web-app development with Microsoft’s ASP.NET technology. Web-based apps create.

Web App Development with ASP.NET. Introduction In this chapter, we introduce web-app development with Microsoft’s ASP.NET technology. Web-based apps create.
1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.

1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,
Web Services & Widgets Godmar Back. Mash-Ups Applications that combine information from different sources in one web page Different architectural choices.

Web Services & Widgets Godmar Back. Mash-Ups Applications that combine information from different sources in one web page Different architectural choices.

Similar presentations

Ads by Google