The 2011 IDN Homograph Attack Mitigation Survey

The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successful mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifying areas of weakness that allow for homograph attacks. As well as examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and requests for locational data access

Antyscam – practical web spam classifier

To avoid of manipulating search engines results by web spam, anti spam system use machine learning techniques to detect spam. However, if the learning set for the system is out of date the quality of classification falls rapidly. We present the web spam recognition system that periodically refreshes the learning set to create an adequate classifier. A new classifier is trained exclusively on data collected during the last period. We have proved that such strategy is better than an incrementation of the learning set. The system solves the starting–up issues of lacks in learning set by minimisation of learning examples and utilization of external data sets. The system was tested on real data from the spam traps and common known web services: Quora, Reddit, and Stack Overflow. The test performed among ten months shows stability of the system and improvement of the results up to 60 percent at the end of the examined period.

Revision 2 Summary

Versio

Is DNS Ready for Ubiquitous Internet of Things?

The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment

Evaluation of domain name service on ITIL-framework

Nimipalvelut ja niihin liittyvät verkkotunnukset ovat olennainen osa Internetin toimintaa. Niiden ympärille on muodostunut myös merkittävää palveluliiketoimintaa. Palvelun käyttäjä odottaa saavansa vastinetta palveluun käyttämälleen rahalle ja tähän vastatakseen palveluntarjoaja hallinnoi palveluja prosessiensa mukaisesti. Palvelunhallinnan merkitys korostuu palvelujen muuttuessa. ITIL (Information Technology Infrastructure Library) on kokoelma parhaita käytäntöjä palvelunhallinnan järjestelemiseen palveluiden koko elinkaaren ajan. Diplomityössä esitellään nimipalveluiden teknistä toimintaa ja verkkotunnusjärjestelmän rakennetta yleisellä tasolla. Samalla käydään läpi verkkotunnuksien rekisteröintiin ja muuhun hallinnollisiin toimenpiteisiin liittyviä osapuolia. Tietoturvakysymykset kulkevat tietoteknisten palvelujen kanssa käsi kädessä. Diplomityön yhtenä lähtökohtana on suomalaiseen fi-verkkotunnukseen ja sen taustalla olevaan lainsäädäntöön tehty uudistus, jossa korostetaan tietoturva-asioita merkittävissä määrin. Tämän myötä käsitellään myös nimipalvelun tietoturvaan liittyviä näkökulmia. Diplomityön tarkoituksena on verrata DNA Oyj:n verkkotunnustuotteeseen liittyvän muutosprojektin kulkua ITIL-viitekehykseen ja etsiä kehityskohteita palvelunhallinnan parantamiseksi. Muutosprojektin eri vaiheita verrataan ITIL-viitekehyksen elinkaarimalliin. Koska ITIL-viitekehys on kokoelma parhaita käytäntöjä, on luonnollista, että monet osa-alueet projektimallissa ovat rinnasteisia ITIL-prosesseihin. Vertailussa voidaan kuitenkin havaita kohteita, joissa palvelunhallintaa voisi nykyisestään kehittää. Muutosprojektin tarkastelussa havaitaan, että projektin resursseja käytetään siihen suoraan kuulumattomien tehtävien tekemiseen. Erityisesti tietoturvaan liittyvät asiat osoittautuvat raskaaksi projektimallille. ITIL-viitekehyksen mukaisesti järjestelty palvelunhallinta siirtäisi hallinnollisia tehtäviä pois projektin vastuulta ja mahdollistaisi keskittymisen kohteena olevaan palveluun.Name services and domain names are integral part of the Internet functionality. There is also significant business activity related to domain name services. Customers using a service expect to have value for their money. To accommodate this, service provider manages its services according to set of processes. Value of service management is emphasized when the services are subject to change. This thesis presents the technical functionality of the name services as well as the structure of domain name system in general. Parties that are involved in registration and other administrative aspects are also introduced. Security is tightly integrated with IT services. One of the starting points for this thesis is the change made to the Finnish top level domain and the legislation behind it. IT security matters are highly emphasized in the new model and, therefore, also reflect to this thesis as well. The purpose of this thesis is to compare a domain name related product development project carried out within DNA Plc to ITIL-framework and search for ways enhance service management. Project phases are compared to ITIL life cycle model. As ITIL is collection of best industry practices, it's obvious that many aspects of project model are in parallel with ITIL processes. Comparison reveals some areas of service management that could benefit from applying ITIL processes. The evaluation of the project reveals that resources are used on tasks that are not directly related to the project. Security related aspects especially prove to burden the project unnecessarily. IT service management according to ITIL framework would shift the administrative work off from the project and let it concentrate on the service in question