Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Published byEsmond Park Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar."— Presentation transcript:

1 Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar

2 Overview Motivation Background Information – Attacks and Vulnerabilities Details Accomplishments Conclusion/Summary

3 Phishing

4 Pharming

5 Domain Name System Prior HOSTS.TXT file from SRI

6 Domain Name System

7 Vulnerabilities DNS Cache poisoning DNS Response forgery

8 Brief Aside Secure Sockets Layer (SSL) Uses X.509 certificate

9 Meh, idgaf

10 Same Origin Policy SOP – access control over web objects, one from A can’t access another from B Determining origin of A and B – Originating Host – Port – Protocol http://www.foo.com/index.html http://www.foo.com/other.html https://www.foo.com/secure.html http://www.xyz.com/index.html

11 Static vs. Dynamic Static - Consistently bogus query results Dynamic - Only sometimes bogus!

12 Dynamic Pharming Suppose A controls DNS queries for www.vanguard.com www.vanguard.com Suppose users authenticate to www.vanguard.com using client side SSLwww.vanguard.com Suppose user’s machine is initialized with certificates and vanguard knows pkeys 1) A initializes DNS entry to A’s IP address 6.6.6.6, sets TTL = 0 2)V visits https://www.vanguard.com/index.html to authenticatehttps://www.vanguard.com/index.html 3)Browser attempts SSL connection, requires A to present X.509 certificate

13 Meh, idgaf

14 Dynamic Pharming 4)If user blindly goes ahead… this Trojan document is returned

15 Dynamic Pharming

16 5) A will then update the DNS entry for www.vanguard.com to the legitimate server 1.2.3.4 www.vanguard.com 6) Browser then loads legitimate https://www.vanguard.com/index.html document into the iframe https://www.vanguard.com/index.html 7) Since over SSL legitimate server requests client authentication, which it does 8) Javascript in iframe has free access (bad)

17 Dynamic Pharming Does not care about authentication system Exploits browser enforcement of SOP Since even the URL matches meticulous users may still fall prey

18 Solutions? DNS pinning – Browser caches result of DNS query fixed period – Reject connections from victim forces DNS entry refresh – Round robin DNS Anti-Framing

19 Root of the problem Human stupidity – too difficult to address Browser SOP – If based on domain name -> fail – Try a locked same-origin policy

20 Locked Same-Origin Policy Locked web objects are only allowed to access other web objects originating from the same domain Doesn’t distinguish between spoofed domain names and real ones (ignoring certificate warnings) Simply augment SOP by tagging each web object with a validity bit – Allow access iff legacy SOP allows it – Validity bits match

21 Problems? Server A for xyz.com has a valid cert Server B for xyz.com does not – Why might this occur in practice Very low chance.05% in their study

22 Conclusions Due to DNS vulnerabilities pharming is a real concern The legacy SOP not currently equipped to adequately protect against pharming Locked same origin policy can “break the web” but rarely, and using the validity bit offers protection – Still susceptible however, how?

Download ppt "Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Indirect File Leaks in Mobile Applications Daoyuan Wu and Rocky K. C. Chang The Hong Kong Polytechnic University May 21, 2015 1 MoST’15, in conjunction.

Indirect File Leaks in Mobile Applications Daoyuan Wu and Rocky K. C. Chang The Hong Kong Polytechnic University May 21, MoST’15, in conjunction.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
IST346:  Web Services. Today’s Agenda  Learn the basics of how the Web works  Understand various web service architectures  Address scaling, security,

IST346:  Web Services. Today’s Agenda  Learn the basics of how the Web works  Understand various web service architectures  Address scaling, security,
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Security and JavaScript. Learning Objectives By the end of this lecture, you should be able to: – Describe what is meant by JavaScript’s same-origin security.

Security and JavaScript. Learning Objectives By the end of this lecture, you should be able to: – Describe what is meant by JavaScript’s same-origin security.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Similar presentations

Ads by Google