I know what you did last summer: New persistent tracking mechanisms in the wild

OAPA As the usage of the web increases, so do the threats an everyday user faces. One of the most pervasive threats a web user faces is tracking, which enables an entity to gain unauthorised access to the user’s personal data. Through the years many client storage technologies, such as cookies, have been used for this purpose and have been extensively studied in the literature. The focus of this work is on three newer client storage mechanisms, namely Web Storage, Web SQL Database and Indexed Database API. Initially, a large-scale analysis of their usage on the web is conducted to appraise their usage in the wild. Then, this work examines the extent they are used for tracking purposes. The results suggest that Web Storage is the most used among the three technologies. More importantly, to the best of our knowledge this work is the first to suggest web tracking as the main use case of these technologies. Motivated by these results, this work examines whether popular desktop and mobile browsers protect their users from tracking mechanisms that use Web Storage, Web SQL Database and Indexed Database. Our results uncover many cases where the relevant security controls are ineffective, thus making it virtually impossible for certain users to avoid tracking

Security considerations around the usage of client-side storage APIs

Web Storage, Indexed Database API and Web SQL Database are primitives that allow web browsers to store information in the client in a much more advanced way compared to other techniques such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. This work is divided in two parts. First, it quantifies the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The results highlight that code snippets belonging to those primitives can be found in tracking scripts at a surprising high rate, suggesting that user tracking is a major use case of these technologies. The second part reviews of the effectiveness of the removal of client-side storage data in modern browsers. A web application, built for specifically for this study, is used to highlight that it is often extremely hard, if not impossible, for users to remove personal data stored using the three primitives considered. This finding has significant implications, because those techniques are often uses as vector for cookie resurrection

Exiting the risk assessment maze: A meta-survey

Organizations are exposed to threats that increase the risk factor of their ICT systems. The assurance of their protection is crucial, as their reliance on information technology is a continuing challenge for both security experts and chief executives. As risk assessment could be a necessary process in an organization, one of its deliverables could be utilized in addressing threats and thus facilitate the development of a security strategy. Given the large number of heterogeneous methods and risk assessment tools that exist, comparison criteria can provide better understanding of their options and characteristics and facilitate the selection of a method that best fits an organization’s needs. This paper aims to address the problem of selecting an appropriate risk assessment method to assess and manage information security risks, by proposing a set of comparison criteria, grouped into 4 categories. Based upon them, it provides a comparison of the 10 popular risk assessment methods that could be utilized by organizations to determine the method that is more suitable for their needs. Finally, a case study is presented to demonstrate the selection of a method based on the proposed criteri

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio

You can run but you cannot hide from memory: Extracting IM evidence of Android apps

Smartphones have become a vital part of our business and everyday life, as they constitute the primary communication vector. Android dominates the smartphone market (86.2%) and has become pervasive, running in `smart' devices such as tablets, TV, watches, etc. Nowadays, instant messaging applications have become popular amongst smartphone users and since 2016 are the main way of messaging communication. Consequently, their inclusion in any forensics analysis is necessary as they constitute a source of valuable data, which might be used as (admissible) evidence. Often, their examination involves the extraction and analysis of the applications' databases that reside in the device's internal or external memory. The downfall of this method is the fact that databases can be tampered or erased, therefore the evidence might be accidentally or maliciously modified. In this paper, a methodology for retrieving instant messaging data from the volatile memory of Android smartphones is proposed, instead of the traditional database retrieval. The methodology is demonstrated with the use of a case study of four experiments, which provide insights regarding the behavior of such data in memory. Our experimental results show that a large amount of data can be retrieved from the memory, even if the device's battery is removed for a short time. In addition, the retrieved data are not only recent messages, but also messages sent a few months before data acquisition

Exploring the protection of private browsing in desktop browsers

Desktop browsers have introduced private browsing mode, a security control which aims to protect users’ data that are generated during a private browsing session, by not storing them in the file system. As the Internet becomes ubiquitous, the existence of this security control is beneficial to users,since privacy violations are increasing, while users tend to be more concerned about their privacy when browsing the web in a post-Snowden era. In this context, this work examines the protection that is offered by the private browsing mode of the most popular desktop browsers in Windows (i.e.,Chrome, Firefox, IE and Opera).Our experiments uncover occasions in which even if users browse the web with a private session,privacy violations exist contrary to what is documented by the browser.To raise the bar of privacy protection that is offered by web browsers,we propose the use of a virtual filesystem as the storage medium of browsers’ cache data. We demonstrate with a case study how this countermeasure protects users from the privacy violations, which are previously identified in this work

A Robust Dirichlet Reputation and Trust Evaluation of Nodes in Mobile Ad Hoc Networks

© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/)The distributed nature of mobile ad hoc networks (MANETs) presents security challenges and vulnerabilities which sometimes lead to several forms of attacks. To improve the security in MANETs, reputation and trust management systems (RTMS) have been developed to mitigate some attacks and threats arising from abnormal behaviours of nodes in networks. Generally, most reputation and trust systems in MANETs focus mainly on penalising uncooperative network nodes. It is a known fact that nodes in MANETs have limited energy resources and as such, the continuous collaboration of cooperative nodes will lead to energy exhaustion. This paper develops and evaluates a robust Dirichlet reputation and trust management system which measures and models the reputation and trust of nodes in the network, and it incorporates candour into the mode of operations of the RTMS without undermining network security. The proposed RTMS employs Dirichlet probability distribution in modelling the individual reputation of nodes and the trust of each node is computed based on the node’s actual network performance and the accuracy of the second-hand reputations it gives about other nodes. The paper also presents a novel candour two-dimensional trustworthiness evaluation technique that categorises the behaviours of nodes based on their evaluated total reputation and trust values. The evaluation and analyses of some of the simulated behaviours of nodes in the deployed MANETs show that the candour two-dimensional trustworthiness evaluation technique is an effective technique that encourages and caters to nodes that continuously contribute to the network despite the reduction in their energy levels.Peer reviewedFinal Published versio

TRAWL: Protection against rogue sites for the masses

The number of smartphones reached 3.4 billion in the third quarter of 2016 [1]. These devices facilitate our daily lives and have become the primary way of accessing the web. Although all desktop browsers filter rogue websites, their mobile counterparts often do not filter them at all, exposing their users to websites serving malware or hosting phishing attacks. In this paper we revisit the anti-phishing filtering mechanism which is offered in the most popular web browsers of Android, iOS and Windows Phone. Our results show that mobile users are still unprotected against phishing attacks, as most of the browsers are unable to filter phishing URLs. Thus, we implement and evaluate TRAWL (TRAnsparent Web protection for alL), as a cost effective security control that provides DNS and URL filtering using several blacklists

Using Human Factor Approaches to an Organisation’s Bring Your Own Device scheme

Bring Your Own Device (BYOD) is an emerging trend that is being adopted by an increasing number of organisations due to the benefits it provides in terms of cost efficiency, employee productivity, and staff morale. However, organisations who could benefit from implementing BYOD remain sceptical, due to the increasing threats and vulnerabilities introduced by mobile technolo- gy, which are amplified due to the human element (insider threats, non security savvy employees). In this context, this paper investigates the application of hu- man factor techniques to the BYOD scheme of an anonymised, real-life organi- sation (referred to as “Globex”). Questionnaires and Interactive Management are the two Human Factor methods used in this case study to help determine ar- eas for improvement. Results from the experiment highlight an issue with em- ployee satisfaction towards their employers’ BYOD scheme, which could nega- tively impact their organisational culture. The paper concludes with recommen- dations for additional information within the BYOD policy and the review of reimbursement eligibility and entitlements

Human-Centered Specification Exemplars for Critical Infrastructure Environments

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper present human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results developing and evaluating them