1,202 research outputs found
Investigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications
Fingerprinting of browsers has been thoroughly investigated. In contrast, mobile phone applications offer a far wider array of attributes for profiling, yet fingerprinting practices on this platform have hardly received attention. In this paper, we present the first (to our knowledge) investigation of Android libraries by commercial fingerprinters. Interestingly enough, there is a marked difference with fingerprinting desktop browsers. We did not find evidence of typical fingerprinting techniques such as canvas fingerprinting. Secondly, we searched for behaviour resembling that of commercial fingerprinters. We performed a detailed analysis of six similar libraries. Thirdly, we investigated ∼ 30,000 apps and found that roughly 19% of these apps is using one of the these libraries. Finally, we checked how often these libraries were used by apps subject to the Children’s Online Privacy Protection Act (i.e. apps targeted explicitly at children), and found that these libraries were included 21 times
Device fingerprinting identification and authentication: A two-fold use in multi-factor access control schemes
Network security has always had an issue with secure authentication and identification. In the current mixed device network of today, the number of nodes on a network has expanded but these nodes are often unmanaged from a network security perspective. The solution proposed requires a paradigm shift, a recognition of what has already happened, identity is for sale across the internet. That identity is the users’ network ID, their behavior, and even their behavior in using the networks. Secondly a majority of the devices on the Internet have been fingerprinted. Use of device fingerprinting can help secure a network if properly understood and properly executed. The research into this area suggests a solution. Which is the use of device fingerprints including clock skews to identify the devices and a dual- authentication process targeted at authenticating the device and the user. Not only authenticating the identity presented but also combining them into a unified entity so failure to authenticate part of the entity means the whole is denied access to the network and its resources
The (Im)possibility of "Standard Technical Measures" for UGC Websites
In today's highly litigious legal landscape, one might doubt that there could ever be an "open, fair, voluntary" agreement between copyright owners and service providers to police infringement. Congress nevertheless envisioned such a consensus when it developed § (i) of the Digital Millennium Copyright Act (DMCA): "Conditions for [Safe Harbor] Eligibility." An often-overlooked provision of the DMCA, § 512(i) directs right holders and Internet service providers to work together and agree on "standard technical measures" to "identify or protect copyrighted works." In addition to being the product of consensus, these measures must be "available . . . on reasonable and nondiscriminatory terms" and also "not impose substantial costs . . . or substantial burdens." Although ostensibly thorough, these guidelines are too imprecise and elusive to actually guide service providers and right holders toward a consensus; the term "standard technical measures" remains undefined and possibly undefinable more than a decade after passage
Forensic Box for Quick Network-Based Security Assessments
Network security assessments are seen as important, yet cumbersome and time consuming tasks,
mostly due to the use of different and manually operated tools. These are often very specialized
tools that need to be mastered and combined, besides requiring sometimes that a testing environment
is set up. Nonetheless, in many cases, it would be useful to obtain an audit in a swiftly
and on-demand manner, even if with less detail. In such cases, these audits could be used as
an initial step for a more detailed evaluation of the network security, as a complement to other
audits, or aid in preventing major data leaks and system failures due to common configuration,
management or implementation issues.
This dissertation describes the work towards the design and development of a portable system
for quick network security assessments and the research on the automation of many tasks (and
associated tools) composing that process. An embodiment of such system was built using a Raspberry
Pi 2, several well known open source tools, whose functions vary from network discovery,
service identification, Operating System (OS) fingerprinting, network sniffing and vulnerability
discovery, and custom scripts and programs for connecting all the different parts that comprise
the system. The tools are integrated in a seamless manner with the system, to allow deployment
in wired or wireless network environments, where the device carries out a mostly automated
and thorough analysis. The device is near plug-and-play and produces a structured report at
the end of the assessment. Several simple functions, such as re-scanning the network or doing
Address Resolution Protocol (ARP) poisoning on the network are readily available through a small
LCD display mounted on top of the device. It offers a web based interface for finer configuration
of the several tools and viewing the report, aso developed within the scope of this work. Other
specific outputs, such as PCAP files with collected traffic, are available for further analysis.
The system was operated in controlled and real networks, so as to verify the quality of its
assessments. The obtained results were compared with the results obtained through manually
auditing the same networks. The achieved results showed that the device was able to detect
many of the issues that the human auditor detected, but showed some shortcomings in terms
of some specific vulnerabilities, mainly Structured Query Language (SQL) injections.
The image of the OS with the pre-configured tools, automation scripts and programs is available
for download from [Ber16b]. It comprises one of the main outputs of this work.As avaliações de segurança de uma rede (e dos seus dispositivos) são vistas como tarefas importantes,
mas pesadas e que consomem bastante tempo, devido à utilização de diferentes
ferramentas manuais. Normalmente, estas ferramentas são bastante especializadas e exigem
conhecimento prévio e habituação, e muitas vezes a necessidade de criar um ambiente de teste.
No entanto, em muitos casos, seria útil obter uma auditoria rápida e de forma mais direta, ainda
que pouco profunda. Nesses moldes, poderia servir como passo inicial para uma avaliação mais
detalhada, complementar outra auditoria, ou ainda ajudar a prevenir fugas de dados e falhas de
sistemas devido a problemas comuns de configuração, gestão ou implementação dos sistemas.
Esta dissertação descreve o trabalho efetuado com o objetivo de desenhar e desenvolver um
sistema portátil para avaliações de segurança de uma rede de forma rápida, e também a investigação
efetuada com vista à automação de várias tarefas (e ferramentas associadas) que
compõem o processo de auditoria. Uma concretização do sistema foi criada utilizando um Raspberry
Pi 2, várias ferramentas conhecidas e de código aberto, cujas funcionalidades variam
entre descoberta da rede, identificação de sistema operativo, descoberta de vulnerabilidades a
captura de tráfego na rede, e scripts e programas personalizados que interligam as várias partes
que compõem o sistema. As ferramentas são integradas de forma transparente no sistema,
que permite ser lançado em ambientes cablados ou wireless, onde o dispositivo executa uma
análise meticulosa e maioritariamente automatizada. O dispositivo é praticamente plug and
play e produz um relatório estruturado no final da avaliação. Várias funções simples, tais como
analisar novamente a rede ou efetuar ataques de envenenamento da cache Address Resolution
Protocol (ARP) na rede estão disponíveis através de um pequeno ecrã LCD montado no topo do
dispositivo. Este oferece ainda uma interface web, também desenvolvida no contexto do trabalho,
para configuração mais específica das várias ferramentas e para obter acesso ao relatório
da avaliação. Outros outputs mais específicos, como ficheiros com tráfego capturado, estão
disponíveis a partir desta interface.
O sistema foi utilizado em redes controladas e reais, de forma a verificar a qualidade das suas
avaliações. Os resultados obtidos foram comparados com aqueles obtidos através de auditoria
manual efetuada às mesmas redes. Os resultados obtidos mostraram que o dispositivo deteta a
maioria dos problemas que um auditor detetou manualmente, mas mostrou algumas falhas na
deteção de algumas vulnerabilidades específicas, maioritariamente injeções Structured Query
Language (SQL).
A imagem do Sistema Operativo com as ferramentas pré-configuradas, scripts de automação
e programas está disponível para download de [Ber16b]. Esta imagem corresponde a um dos principais resultados deste trabalho
- …