Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

Fireguard - A Secure Browser with Reduced Forensic Footprint

Fireguard is a secure portable browser designed to reduce both data leakage from browser data remnants and cyber attacks from malicious code exploiting vulnerabilites in browser plug-ins, extensions and software updates. A browser can leave data remnants on a host PC hard disk drive, often unbeknown to a user, in the form of cookies, histories, saved passwords, cached web pages and downloaded objects. Forensic analysis, using freely available computer forensic tools, may reveal sensitive and confidential information. A browser’s capability to increase its features through plug-ins and extensions and perform patch management or upgrade to a new release via a software update provides an opportunity for an attacker to embed malicious software and subsequently launch a cyber attack. Fireguard has been implemented using both Mozilla Firefox and the storage and protection capabilities of the Mini-SDV, a secure Portable Execution and Storage Environment (PESE). In this paper the design and development of Fireguard is discussed. The requirement for a secure PESE and the functionality of the Mini-SDV is presented. An overview is given of the motivation for the development of Fireguard. The reasons Firefox was selected and the Firefox structure and security vulnerabilities are summarised. The implementation approach adopted is discussed and the results of an analysis of the Firefox implementation are presented. The Mini-SDV configuration for Fireguard and an outline of the concept of operation is given. The changes made to Firefox to implement Fireguard as a browser that reduces the opportunity for data leakage and cyber attack, and minimises its forensic footprint are discussed. The paper concludes by considering the strengths and limitations of the Fireguard implementation

Enhancing Web Browsing Security

Web browsing has become an integral part of our lives, and we use browsers to perform many important activities almost everyday and everywhere. However, due to the vulnerabilities in Web browsers and Web applications and also due to Web users\u27 lack of security knowledge, browser-based attacks are rampant over the Internet and have caused substantial damage to both Web users and service providers. Enhancing Web browsing security is therefore of great need and importance.;This dissertation concentrates on enhancing the Web browsing security through exploring and experimenting with new approaches and software systems. Specifically, we have systematically studied four challenging Web browsing security problems: HTTP cookie management, phishing, insecure JavaScript practices, and browsing on untrusted public computers. We have proposed new approaches to address these problems, and built unique systems to validate our approaches.;To manage HTTP cookies, we have proposed an approach to automatically validate the usefulness of HTTP cookies at the client-side on behalf of users. By automatically removing useless cookies, our approach helps a user to strike an appropriate balance between maximizing usability and minimizing security risks. to protect against phishing attacks, we have proposed an approach to transparently feed a relatively large number of bogus credentials into a suspected phishing site. Using those bogus credentials, our approach conceals victims\u27 real credentials and enables a legitimate website to identify stolen credentials in a timely manner. to identify insecure JavaScript practices, we have proposed an execution-based measurement approach and performed a large-scale measurement study. Our work sheds light on the insecure JavaScript practices and especially reveals the severity and nature of insecure JavaScript inclusion and dynamic generation practices on the Web. to achieve secure and convenient Web browsing on untrusted public computers, we have proposed a simple approach that enables an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer

A framework for World Wide Web client-authentication protocols

Existing client-authentication protocols deployed on the World Wide Web today are based on conventional distributed systems and fail to address the problems specific to the application domain. Some of the protocols restrict the mobility of the client by equating user identity to a machine or network address, others depend on sound password management strategies, and yet others compromise the privacy of the user by transmitting personal information for authentication. We introduce a new framework for client-authentication by separating two goals that current protocols achieve simultaneously: 1. Maintain persistent sense of identity across different sessions. 2. Prove facts about the user to the site. These problems are independent, in the sense that any protocol for solving the first problem can be combined with any protocol for solving the second. Separation of the two purposes opens up the possibility of designing systems which balance two conflicting goals, authentication and anonymity. We propose a solution to the first problem, based on the Digital Signature Standard. The implications of this framework from the point of view of user privacy are examined. The paper is concluded with suggestions for integrating the proposed scheme into the existing WWW architecture

Key-Based Cookie-Less Session Management Framework for Application Layer Security

The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors

Sub-session hijacking on the web: Root causes and prevention

Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to session hijacking attacks, where the browser run by a given user sends requests associated to the identity of another user. When n > 1 cookies are used to implement a session, there might actually be n sub-sessions running at the same website, where each cookie is used to retrieve part of the state information related to the session. Sub-session hijacking breaks the ideal view of the existence of a unique user session by selectively hijacking m sub-sessions, with m < n. This may reduce the security of the session to the security of its weakest sub-session. In this paper, we take a systematic look at the root causes of sub-session hijacking attacks and we introduce sub-session linking as a possible defense mechanism. Out of two flavors of sub-session linking desirable for security, which we call intra-scope and inter-scope sub-session linking respectively, only the former is relatively smooth to implement. Luckily, we also identify programming practices to void the need for inter-scope sub-session linking. We finally present Warden, a server-side proxy which automatically enforces intra-scope sub-session linking on incoming HTTP(S) requests, and we evaluate it in terms of protection, performances, backward compatibility and ease of deployment