Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unicode Security Mark Davis. The Unicode Consortium Software globalization standards: define properties and behavior for every character in every script.

Published byBrianna Johnson Modified over 10 years ago

Similar presentations

Presentation on theme: "Unicode Security Mark Davis. The Unicode Consortium Software globalization standards: define properties and behavior for every character in every script."— Presentation transcript:

1 Unicode Security Mark Davis

2 The Unicode Consortium Software globalization standards: define properties and behavior for every character in every script Unicode Standard: a unique code for every character Common Locale Data Repository: LDML format plus repository for required locale data Collation, line breaking, regex, charset mapping, … Used by every major modern operating system, browser, office software, email client,… Core of XML, HTML, Java, C#, C (with ICU), Javascript, …

3 Key issue: Identity A thinks: X = x B thinks: X x

4 IDN Example You get an email about your paypal.com account, click on the link… You carefully examine your browser's address box to make sure that it is actually going to http://paypal.com/ … http://paypal.com/ But actually it is going to a spoof site: paypal.com with the Cyrillic letter p. You (System A) think that they are the same DNS (System B) thinks they are different

5 Examples: Visual Confusables Cross-Script p in Latin vs p in Cyrillic In-Script rn may appear at display sizes like m + typically looks identical to so̷s looks like søs Rendering Support ä with two umlauts may look the same as ä with one el ̣ is actually e + l ̣

6 The answer to the ultimate question of the Universe: ! Thus = 42 Western 0123456789 Bengali Oriya

7 Malicious Rendering Font technologies such as TrueType/OpenType are extremely powerful. A glyph in such a font actually may use a small program to deform the shape radically according to resolution, platform, or language. Powerful enough to change the appearance of $100.00 on the screen to $200.00 when printed.

8 Syntax Spoofing http://example.org/1234/not.mydomain.com / = fraction-slash Also possible without Unicode: http://example.org--long-and-obscure-list-of- characters.mydomain.com

9 Non-Visual Attacks Exploiting Expectations Collation:X < Y, so X + H < Y + Hwrong Encoding:/ is always represented by 2F 16 wrong Casing:len(X) = len(toUpper(X)) wrong Norm.:NFC(x + y) = NFC(x) + NFC(y)wrong Buffer overflows & identity mismatches

10 Casing: Buffer Overflows OperationUTFFactorSample Lower 81.5X U+023A 16, 321XA U+0041 Upper / Title / Fold8, 16, 323X ΐ U+0390

11 Comparison Vulnerability: Example LDAP doesnt specify comparison operation Two different implementations can use different mechanisms, thus: Malfunction: The user with valid access rights to a certain resource actually cannot access it, because the binary representation of user ID used for the user registry counts as different from the one specified in the access control list. Security Hole: a new user whose ID is equivalent to another user's in the directory system can get the access right to a protected resource.

12 Comparison Issues Two binary Unicode orders: code point/UTF-8/UTF-32 vs UTF16 order. Case-Sensitive vs Insensitive Language-Sensitive vs Insensitive Normalized vs Not Vendor Differences Regex matching: where important for security, ensure that: conforms to the requirements of [UTS18], andUTS18 uses an up-to-date version of the Unicode Standard for its properties. See Proposed Collation Registry

13 Other Problems Charset Issues IANA / MIME charset names are ill-defined: vendors often convert the same charset different ways. http://www.w3.org/TR/japanese-xml/http://www.w3.org/TR/japanese-xml/ When converting charsets, dont simply omit characters that cannot be converted. Never use Private Use characters, unassigned characters. Always tag data! Example: tag currencies with an explicit currency ID (from ISO 4217); a "naked" amount may be misinterpreted as the wrong currency. Dont assume currencies, timezones, etc can be derived from locales (but ok to default and then confirm) See Globalization Gotchas

14 UAX #31: Identifier & Pattern Syntax For identification of entities programming variables, resources, domain names,... Appropriate characters -- stable across versions Not all natural language words: cant U.S.A. Provides foundation: specifications can tailor it for different environments: adding or removing characters.

15 StringPrep Processing Map Normalize Prohibit Aa c + ¸ç + f + i & /., …

16 UAX #15: Unicode Normalization Forms Normalizes most visually confusable sequences to unique form c + ¸ ç + f + i Core part of StringPrep, other Identifier Profiles

17 Domain Names StringUTF-16Internal - IDNA 1a ät.com 0061 0308 0074 002E 0063 006F 006D xn--t-zfa.com 1b ät.com 00E4 0074 002E 0063 006F 006D xn--t-zfa.com 2a tοp.com 0074 03BF 0070 002E 0063 006F 006D xn--tp-jbc.com 2b tοp.com 0074 006F 0070 002E 0063 006F 006D top.com 4a so̷s.com 0073 006F 0337 0073 002E 0063 006F 006D xn--sos-rjc.com 4b søs.com 0073 00F8 0073 002E 0063 006F 006D xn--ss-lka.com

18 UTR #36: Security Recommendations General Security Issues (not just IDN) V1 approved mid-2005; V2 in progress http://unicode.org/draft/reports/tr36/tr36.html Describes the problems, recommends best practices Users Programmers User-Agents (browsers, email, office apps) Registries Registrars

19 UTS #39: Security Mechanisms Supplies data /algorithms for implementations Restricted character repertoire: Based on Unicode Identifier Profile Intersect with current NamePrep Characters scripts, confusable characters Originally in UTR #36 Version 1; split out for clarity http://www.unicode.org/draft/reports/tr39/tr39.html

20 Current NamePrep Unicode Identifiers a œ и ש س 2 … § / … http ://unicode.org/reports/tr36/idn-chars.html U3.2 Symbols (2,974) Non-Mod. (52,842) U3.2 Alphanum* (37,200) … U5.0 Alphanum* (+2,810)

21 Restriction Levels* Highly Restrictive Single script, or from limited combinations: Han + Hiragana + Katakana Only Identifier Profile: Letters, Numbers; no Symbols, Punctuation,… Moderately Restrictive: Allow Latin with others except Cyrillic, Greek, Cherokee: ip-.co.jpx خدمة rss.eg Minimally Restrictive: Allow arbitrary mixtures of scripts: sony-βίντεο.grигро-shop.com Subject also to restrictions on confusables

22 Q & A

23 Backup Slides

24 Agenda Unicode Background Security Issues

25 ICANN Guidelines v2 http://icann.org/general/idn-guidelines-14nov05.htm http://icann.org/general/idn-guidelines-14nov05.htm Improvement on v1,… but needs new revision: Procedurally Insufficient time for thorough review The disposition (with rationale) of comments not available Only single cycle of public review Technically Any specification needs a much clearer structure – the exact implications of a claim to adhere to the guidelines are currently impossible to measure, and useless for security #3 (script/language limitations) has far too many loopholes. #4 (symbols) is too permissive, and not well-defined #5 (registration) should use the post-namepreped form

26 Guideline 3 (lang./script limitations) a)Associate with script except with language and script, or except with set of languages, or except with more than one designator b)Publish set of code points, define variant code points; indicate script/language. Why language? (too fuzzy to be testable) Why script? (derivable from characters) c)Single script in label, except when language requires, except with mixed-script confusables, except with policy & table defined. Who decides when required? Allows single-script confusables. d)All registry policies documented and publicly available, with table for each set of code points Machine readable? Discursive description?

27 Guideline 4 (disallowed symbols) a)Line symbol-drawing characters (as those in the Unicode Box Drawing block) One small set of the many symbols b)Symbols and icons that are neither alphanumeric nor ideographic language characters, Numbers? Combining Marks? Letter modifiers? Kana length mark? Ill-defined, untestable. c)Characters with well-established functions as protocol elements / is confusable with a protocol element but isnt one. Ill-defined, untestable. d)Punctuation marks used solely to indicate the structure of sentences Em-dash? Who decides? Ill-defined, untestable. e)Punctuation marks that are used within words except essential to the language & associated with explicit prescriptive rules Ill-defined, untestable. f)Except under corresponding conditions, a single specified character may be used as a separator within a label, … by designating a functionally equivalent punctuation mark from within the script. Ill-defined, untestable.

28 Guideline 5 (registration) A registry will define an IDN registration in terms of both its Unicode and ASCII-encoded representations. Should use output Unicode representation (after mapping and normalization): otherwise many more visually confusable characters are present Should say ACE, not ASCII.

29 Unicode Recommendations Precise Specification, Mechanically Testable: Guideline 3 (script/language limitations) Publicly document the Restriction Level being enforced ( Level 4) Publicly document the enforcement policy on confusables: whether any two domain names are allowed to be whole-script or mixed script confusables according to [UTR39].UTR39 Guideline 4 (symbols) Only characters in IDN Security Profiles for Identifiers [UTR39].UTR39 Guideline 5 (registration) Define an IDN registration in terms of its: Nameprep-Normalized Unicode representation (output format) ACE representation Work with IETF to update NamePrep to Unicode 5.0

Download ppt "Unicode Security Mark Davis. The Unicode Consortium Software globalization standards: define properties and behavior for every character in every script."

Similar presentations

New in Unicode Mark Davis, John Jenkins. Agenda Unicode 4.1.0 UCA 4.1.0 Regular Expressions Security Considerations Character Mapping Common Locale Data.

New in Unicode Mark Davis, John Jenkins. Agenda Unicode UCA Regular Expressions Security Considerations Character Mapping Common Locale Data.
Unicode/IDN Security Mark Davis President, Unicode Consortium Chief SW Globalization Arch., IBM.

Unicode/IDN Security Mark Davis President, Unicode Consortium Chief SW Globalization Arch., IBM.
Globalization Gotchas

Globalization Gotchas
Whats New in Globalization Mark Davis. Unicode Character Database: UCD 5.0 Schedule Currently in β2 Due June, 2006 Major part of the Unicode Standard.

Whats New in Globalization Mark Davis. Unicode Character Database: UCD 5.0 Schedule Currently in β2 Due June, 2006 Major part of the Unicode Standard.
Unicode Mark Davis Unicode Consortium President IBM Chief SW Globalization Architect 2003-09-24.

Unicode Mark Davis Unicode Consortium President IBM Chief SW Globalization Architect
Unicode Normalization Mark Davis www.macchiato.com.

Unicode Normalization Mark Davis
Mark Davis President, Unicode Consortium

Mark Davis President, Unicode Consortium
Unicode Mark Davis Unicode Consortium President IBM Chief SW Globalization Architect.

Unicode Mark Davis Unicode Consortium President IBM Chief SW Globalization Architect.
CSCI N241: Fundamentals of Web Design Copyright ©2004 Department of Computer & Information Science Introducing XHTML: Module B: HTML to XHTML.

CSCI N241: Fundamentals of Web Design Copyright ©2004 Department of Computer & Information Science Introducing XHTML: Module B: HTML to XHTML.
Internationalizing WHOIS Preliminary Approaches for Discussion Internationalized Registration Data Working Group ICANN Meeting, Brussels, Belgium Jeremy.

Internationalizing WHOIS Preliminary Approaches for Discussion Internationalized Registration Data Working Group ICANN Meeting, Brussels, Belgium Jeremy.
ICANN Rio Meeting IDN Authorization for TLDs with ICANN agreements 26 March, 2003 Andrew McLaughlin.

ICANN Rio Meeting IDN Authorization for TLDs with ICANN agreements 26 March, 2003 Andrew McLaughlin.
Internationalized Domain Names Introduction & Update MENOG 1 Bahrain April 3-5, 2007 By: Baher Esmat Middle East Liaison.

Internationalized Domain Names Introduction & Update MENOG 1 Bahrain April 3-5, 2007 By: Baher Esmat Middle East Liaison.
IDN Variant Issues Project (VIP) Project Update and Next Steps 11 April 2012.

IDN Variant Issues Project (VIP) Project Update and Next Steps 11 April 2012.
DC Architecture WG meeting Monday Sept 12 Slot 1: 15.30 - 17.00 Slot 2: 17.30 - 19.00 Location: Seminar Room 4.1.E01.

DC Architecture WG meeting Monday Sept 12 Slot 1: Slot 2: Location: Seminar Room 4.1.E01.
Worldwide typography (and how to apply JIS-X-4051-1995 to Unicode) Michel Suignard Microsoft Corporation.

Worldwide typography (and how to apply JIS-X to Unicode) Michel Suignard Microsoft Corporation.
Global Registry Services 1 INTERNATIONALIZED Domain Names Testbed presented to ITU/WIPO Joint Symposium Geneva 6-7 Dec. 2001 An Overview On VeriSign Global.

Global Registry Services 1 INTERNATIONALIZED Domain Names Testbed presented to ITU/WIPO Joint Symposium Geneva 6-7 Dec An Overview On VeriSign Global.
4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I

4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I
1 Character Conversions and Mapping Tables Presented By: Markus Scherer George Rhoten Raghuram (Ram) Viswanadha.

1 Character Conversions and Mapping Tables Presented By: Markus Scherer George Rhoten Raghuram (Ram) Viswanadha.
Internationalization Status and Directions: IETF, JET, and ICANN John C Klensin October 2002 © 2002 John C Klensin.

Internationalization Status and Directions: IETF, JET, and ICANN John C Klensin October 2002 © 2002 John C Klensin.
CGI & HTML forms -05-. CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.

CGI & HTML forms CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.

Similar presentations

Ads by Google