The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201

Architectural Style: Distortions for Deploying and Managing Deception Technologies in Software Systems

Deception technologies are software tools that simulate/dissimulate information as security measures in software systems. Such tools can help prevent, detect, and correct security threats in the systems they are integrated with. Despite the continued existence and use of these technologies (~20+ years) the process for integrating them into software systems remains undocumented. This is due to deception technologies varying greatly from one another in a number of different ways. To begin the process of documentation, I have proposed an architectural style that describes one possible way deception technologies may be integrated into software systems. To develop this architectural style, I performed a literature review on deception technologies and the art of deception as a discipline. I break down how deception technologies work according to the art of deception through the simulation and dissimulation of software components. I then examined existing deception technologies and categorize them according to their simulations/dissimulations. The documented and proposed architectural style describes how software systems deploy and manage deceptions. Afterwards, I propose a number of future research opportunities surrounding this subject

Honey-copy : a concept and prototype of a generic honeypot system

In this paper, we present Honey-Copy, a concept and prototype for a honeypot system that can pinpoint modifications caused by attacks or intrusion for any honeypot. To achieve this, we track modifications without having to install any additional tools on them. We make use of cloning to identify whether or not a modification has been caused by the honeypot itself or an attacker or intruder. We briefly present our initial prototype and discuss the challenges to be solved toward a more complete and feature rich version of our prototype

Analysis of THUG: a low-interaction client honeypot to identify malicious websites and malwares

Cybersecurity is becoming more relevant throughout time. As information and technologies expand, so does the potential for it to be exploited. Computer and media have become more widespread in every modern country in the world. Unfortunately, certain community uses this opportunity to exploit the vulnerabilities that these computers left behind. Black hat, which is more identified as hackers and exploiters, uses the networks and servers that are commonly used to gain unauthorized information and data on the innocent victim. This work analyzes several honeypots and makes comparisons between them. Analysis has been done on the results to figure the disadvantages between each honeypot and try to improve one of the honeypots based on programming. The honeypot is deployed to simulate its effectiveness in combating cybercrime by detecting and collecting the information captured on the web browsers