clickjacking phishing
play

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall - PowerPoint PPT Presentation

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm There is insufficient space in Iribe Virtually no student group space No TA space Extra space is going to non-CS UMIACS


  1. 
 Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Authority The owner of is indeed BoA Certificate

  2. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Authority Certificate

  3. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Certificate Authority

  4. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Certificate Authority

  5. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Certificate Certificate Authority

  6. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Certificate Certificate Authority

  7. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? Browser Website Certificate Certificate Certificate Authority

  8. Public Key Infrastructures (PKIs) How can users truly know with whom they are communicating? ✓ Browser Website Certificate Certificate Certificate Authority

  9. MAKING AN OBSERVATION amazon.com-deals.com Me

  10. MAKING AN OBSERVATION amazon.com-deals.com What does this mean to you? Me

  11. MAKING AN OBSERVATION Somehow, com-deals.com got a certificate 
 that looks like amazon.com amazon.com-deals.com What does this mean to you? Me

  12. MAKING AN OBSERVATION This appears to be prevalent

  13. MAKING AN OBSERVATION This appears to be prevalent

  14. MAKING AN OBSERVATION This appears to be prevalent…like really prevalent

  15. MAKING AN OBSERVATION This appears to be prevalent…like really prevalent

  16. The actual website amazon.com-deals.com The apparent website

  17. The actual website amazon.com-deals.com The apparent website ASKING A QUESTION

  18. The actual website amazon.com-deals.com The apparent website ASKING A QUESTION WHAT DO YOU THINK ARE SOME GOOD QUESTIONS WE COULD ASK?

  19. ASKING SOME QUESTIONS

  20. ASKING SOME QUESTIONS How often does this happen?

  21. ASKING SOME QUESTIONS How often does this happen? Who is giving these attackers certificates?

  22. ASKING SOME QUESTIONS How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates?

  23. ASKING SOME QUESTIONS How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates? What can we do to stop this kind of attack?

  24. HOW DO WE ANSWER THESE QUESTIONS? How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates? What can we do to stop this kind of attack?

  25. HOW DO WE ANSWER THESE QUESTIONS? How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates? What can we do to stop this kind of attack? WE NEED A DATASET

  26. HOW DO WE ANSWER THESE QUESTIONS? How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates? What can we do to stop this kind of attack? WE NEED A DATASET GET *ALL* OF THE CERTIFICATES!

  27. RESEARCH DATASETS If it doesn’t exist, collect it If it does exist, download it If you do something new with the data, share it

  28. RESEARCH DATASETS If it doesn’t exist, collect it If it does exist, download it If you do something new with the data, share it PART OF BEING A GOOD RESEARCHER IS KNOWING WHAT DATA IS OUT THERE (EXPERIENCE WITH TIME)

  29. RESEARCH DATASETS If it doesn’t exist, collect it If it does exist, download it If you do something new with the data, share it PART OF BEING A GOOD RESEARCHER IS KNOWING WHAT DATA IS OUT THERE (EXPERIENCE WITH TIME) YOUR ADVISOR WILL HELP WITH THIS

  30. CERTIFICATE DATASETS IT IS NOW POSSIBLE TO DOWNLOAD 
 ALL KNOWN CERTIFICATES ON THE WEB!

  31. DEVISING A SOLUTION

  32. DEVISING A SOLUTION Certificate dataset C Each certificate has ≥ 1 domain name 315,284,603 total domain names amazon.com-deals.com

  33. DEVISING A SOLUTION Certificate dataset C Each certificate has ≥ 1 domain name 315,284,603 total domain names Website popularity dataset P Alexa top- 10,000 most popular websites google.com youtube.com amazon.com-deals.com amazon.com

  34. DEVISING A SOLUTION Certificate dataset C Each certificate has ≥ 1 domain name 315,284,603 total domain names Website popularity dataset P Alexa top- 10,000 most popular websites We need an algorithm Search in each certificate in C for a popular website from P google.com youtube.com amazon.com-deals.com amazon.com

  35. DEVISING A SOLUTION Certificate dataset C Each certificate has ≥ 1 domain name 315,284,603 total domain names Website popularity dataset P Alexa top- 10,000 most popular websites We need an algorithm Search in each certificate in C for a popular website from P ⨯ google.com ⨯ youtube.com amazon.com-deals.com amazon.com ✔

  36. DEVISING A SOLUTION Certificate dataset C Each certificate has ≥ 1 domain name Naive algorithm 
 315,284,603 total domain names 3.15 Trillion checks! Website popularity dataset P Alexa top- 10,000 most popular websites We need an algorithm Search in each certificate in C for a popular website from P ⨯ google.com ⨯ youtube.com amazon.com-deals.com amazon.com ✔

  37. ANALYZING A DATASET How often does this happen? When it happens, does it tend to be malicious? Who is giving these attackers certificates? What can we do to stop this kind of attack? As you analyze a dataset, it is important to 
 really understand the results and the outliers

  38. WHO IS BEING IMPERSONATED?

  39. WHO IS BEING IMPERSONATED?

  40. WHAT TLD’S ARE ATTACKERS USING?

  41. WHO GIVES OUT THESE CERTIFICATES? Largely free domains

  42. WHERE ARE THEY HOSTING THESE DOMAINS? Largely free hosting providers

  43. QUESTIONS YIELD NEW QUESTIONS… informationen.support.cgi.log.ssl.cembra.ch.aktualisieren.amerbay.com (Swiss bank) Why is this domain name so long?!?

  44. QUESTIONS YIELD NEW QUESTIONS… informationen.support.cgi.log.ssl.cembra.ch.aktualisieren.amerbay.com (Swiss bank) Why is this domain name so long?!? Safari on iPhones left-justify in Safari informationen.support.cgi.log.ssl.cem

  45. QUESTIONS YIELD NEW QUESTIONS… informationen.support.cgi.log.ssl.cembra.ch.aktualisieren.amerbay.com (Swiss bank) Why is this domain name so long?!? Safari on iPhones left-justify in Safari informationen.support.cgi.log.ssl.cem Chrome on Android right-justifies cembra.ch.aktualisieren.amerbay.com

Recommend


More recommend