No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15.

Slides:

Advertisements

Similar presentations

HTML Forms. collect information for passing to server- side processes built up from standard widgets –text-input, radio buttons, check boxes, option lists,

Advertisements

1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

An Evaluation of the Google Chrome Extension Security Architecture

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

Web App Development with ASP.NET. Introduction In this chapter, we introduce web-app development with Microsoft’s ASP.NET technology. Web-based apps create.

1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

The Internet & The World Wide Web Notes

Chapter 6: Hostile Code Guide to Computer Network Security.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Web Services & Widgets Godmar Back. Mash-Ups Applications that combine information from different sources in one web page Different architectural choices.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Web 2.0: Concepts and Applications 2 Publishing Online.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Origins, Cookies and Security – Oh My! John Kemp, Nokia Mobile Solutions.

Prevent Cross-Site Scripting (XSS) attack

Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.

Lesson 2 — The Internet and the World Wide Web

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.

JavaScript, Fourth Edition

London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.

London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

HTML5 Communication. The Setup Somewhere on the web, a server makes a ”service” available, that we wish to use in a web application The service may offer.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Building Rich Web Applications with Ajax Linda Dailey Paulson IEEE – Computer, October 05 (Vol.38, No.10) Presented by Jingming Zhang.

1 MSCS 237 Overview of web technologies (A specific type of distributed systems)

An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.

Project: Keep in Mind We will be using geolocation markers. This may impact your project choice. Location detection inside buildings may not work. Keep.

Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.

CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Web Design and Development. World Wide Web  World Wide Web (WWW or W3), collection of globally distributed text and multimedia documents and files 

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

Chapter 11 Adding Media and Interactivity. Chapter 11 Lessons Introduction 1.Add and modify Flash objects 2.Add rollover images 3.Add behaviors 4.Add.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites Paper by Sooel Son and Vitaly Shmatikov, The University of Texas.

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Google’s Gruyere1 : An XSS Example Presented by: Terry Gregory

WWW and HTTP King Fahd University of Petroleum & Minerals

World Wide Web policy.

Auditing Etsy The Security of Etsy

Chapter 27 WWW and HTTP.

Model-View-Controller Patterns and Frameworks

HTTP GET vs POST SE-2840 Dr. Mark L. Hornick.

Exploring DOM-Based Cross Site Attacks

Cross-Site Scripting Attack (XSS)

Cross Site Request Forgery (CSRF)

Presentation transcript:

No Escape From Reality: Security and Privacy of Augmented Reality Browsers WWW '15

Introduction Augmented reality (AR) browsers add interactive virtual objects to the user’s view of the physical world Popular AR browsers are Junaio, Layar, Wikitude

AR applications have three stages - –access sensors on mobile device (GPS, camera) –create and manipulate a variety of 2D and 3D interactive virtual objects –display virtual objects on top of the camera feed

Architecture of AR Service Users access third-party AR content through dedicated AR servers. AR content providers host it in their servers and register their content with AR service-providers AR content are channels

AR functional requirements Access to native resources on the user's device –access to onboard camera and GPS location Support of interactive AR content –channels include service specific XML or JSON Image-triggered code execution –automatically recognize picture and launch channels Outsourced image processing –send images from phone's camera to provider for processing Visual composition of AR conent Indirect retrieval of AR content

Components of AR services AR browsers AR channels –specify AR content for display and how to display it –specify actions to take AR servers

Specific AR browers

Threat model AR attackers –controls malacious contents and trick users into visiting them Ad attackers –tricks AR channels into incorporating malacious content Web attackers –controls own website and lure users to it via ads Curious AR services –privacy risks caused by user-specific visual data Network attackers –man-in-the-middle attacks

Out-of-sandbox Native access Access network device resources Can be accessed by any web content regardless of origin Launching AR browsers through custom URLs execute native commands directly without user permission.

Risks Conventional Web content breaking out of the sandbox. Malicious ads breaking out of the sandbox Malicious AR content abusing native access

How to do it right Interfaces to native resources must be prtected by origin- based access control AR browsers should be re-designed to support native- access permissions users should be asked for permission whenever AR browser is invoked automatically

Support for Non-HTML AR content AR objects such as 2D, 3D models, animations cannot be described in HTML alone and hence AR browsers rely on XML or JSON definitions AR browsers may combine contents from different origins Conventional web browsers follow same-origin policy (SOP) Difficult to implement as objects must be described in XML or JSON which are not governed by SOP

Doing it wrong AR objects defined in XML Transperant overlay provides GUI functionality overlay may belong to a different origin

Risks Cross-site scripting –A malacious channel can specify any origin for the transparent page and associate arbitrary script with button –Clicking this button allows unrestricted access to all contents from page's origin

Risks Universal cross-site scripting –Malacious Java-script hidden in ad can change script associated with pop- up –change URL of the transperant overlay

How to do it right Quick patches –Ensure that the origin of the HTML is same –sanitize XML so that it does not contain scripts Principled solutions –AR browsers must use custom mechanisms to enable HTML content to control these objects –Extend same origin policy to AR tags

Image-Triggered Code Execution AR service continuously analyze camera feed On recognizing an image associated with a channel it automatically launches channel conent User cannot preview the URL or any other information

Risks Fully automated, stealthy, large-scale tracking –used for automated stalking and tracking Automatically launching malicious content –attacker registers an image trigger similar to that of a trusted channel –AR browser may be tricked into automatically launching the malicious channel –same picture may be asssociated with multiple channels

How to do it right Filter out images during channel registration but requires deep semantic analysis of submitted image AR browser should inform the user about the origin of AR content image triggered code execution should be used only with trusted channels

Outsourced image processing AR browsers do not process the cptured image on the device and send them to AR servers –to inject ads, charging content providers –to facilitate image based channel launching, recognition of triggered images –computationally intensive and hence unsuitable for execution in low-powered mobile devices

Risks network attackers who observe network traffic device and the provider's AR –raw images are sent over unencrypted HTTP –combining images and location data is a serious privacy concern AR services –tremendous amount of raw data collected (screens, credit cards, license plates etc) –user has no way to learn which data is sent

How to do it right A secure protocol to prevent accidental leakage of irrelevant information If a server is attempting to recognize a channel trigger on a magazine page there is no need to see physical objects surrounding the page –difficult to implement –Some prototype systems available in the domain of computer vision which can be directly used

Visual decomposition To render 2D and 3D images and HTML content from multiple origins AR browsers mantain complex visual stacks AR browsers have to deal with both HTML and non- HTML content –conventional defence based on framebusting does not work –maicious AR channel can overlay content from other origin on top of itself.

Risks By cleaverly overlaying HTML widgets from different origins a malicious channel can hijack user's clicks

How to do it right A whole-browser equivalent of X-Frame-Option Layar already prevents non-widget objects from covering widgets using conventional browsers to render AR content is dangerous A principled solution should involve a clean-slate redesign of user interfaces

Indirect retrieval of AR content Content requests must pass through the AR provider's own server Some AR browsers enable third-party channels to authenticate users or keep track of preferences When the browser first loads the channel, the cookies are set by the channel’s authentication page and thus correctly bound to the channel’s origin at that time If the origin changes, the server notes the change and forwards requests accordingly server does not notify the browser of the change

User authentication

Risks AR attackers lie about their channel's URL By “desynchronizing” the Layar browser’s and the Layar server’s understanding of the channel’s origin, a malicious channel can steal cookies from any origin

How to do it right Avoid replicating the state of the browser on the Layar server. Layar server to ensure that it agrees with the browser about the channel server’s URL use an authentication protocol that supports delegation