The Experts below are selected from a list of 177 Experts worldwide ranked by ideXlab platform
Nael Abu-ghazaleh - One of the best experts on this subject based on the ideXlab platform.
-
INFOCOM - Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019Co-Authors: Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-ghazalehAbstract:DNS Poisoning Attacks inject malicious entries into the DNS resolution system, allowing an Attacker to redirect clients to malicious servers. These Attacks typically target a DNS resolver allowing Attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses can effectively protect resolvers rendering classical DNS Poisoning Attacks ineffective. In this paper, we present a new class of DNS Poisoning Attacks targeting the client-side DNS Cache. The Attack initiates DNS Poisoning on the client Cache, which is used in all main stream operating systems to improve DNS performance, circumventing defenses targeting resolvers. Our Attack allows an off-path Attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS Cache on a client machine. We developed the Attack on Windows, Mac OS, and Ubuntu Linux. Interestingly, the behaviors of the three operating systems are distinct and the vulnerabilities require different strategies to exploit. We also generalize the Attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. Finally, we propose a defense against this type of Poisoning Attacks.
-
Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019Co-Authors: Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-ghazalehAbstract:DNS Poisoning Attacks inject malicious entries into the DNS resolution system, allowing an Attacker to redirect clients to malicious servers. These Attacks typically target a DNS resolver allowing Attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses can effectively protect resolvers rendering classical DNS Poisoning Attacks ineffective. In this paper, we present a new class of DNS Poisoning Attacks targeting the client-side DNS Cache. The Attack initiates DNS Poisoning on the client Cache, which is used in all main stream operating systems to improve DNS performance, circumventing defenses targeting resolvers. Our Attack allows an off-path Attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS Cache on a client machine. We developed the Attack on Windows, Mac OS, and Ubuntu Linux. Interestingly, the behaviors of the three operating systems are distinct and the vulnerabilities require different strategies to exploit. We also generalize the Attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. Finally, we propose a defense against this type of Poisoning Attacks.
Toru Fujiwara - One of the best experts on this subject based on the ideXlab platform.
-
ISITA - Web security model with Cache
2016Co-Authors: Hayato Shimamoto, Naoto Yanai, Shingo Okamura, Toru FujiwaraAbstract:Cache is a mechanism in a web system to store web contents in order to provide them efficiently. Since there is an Attack called a browser Cache Poisoning Attack where an adversary utilizes a web Cache, analyzing the security under environments with a Cache is necessary. Based on this motivation, we discuss a potential weakness of the existing security model due to a lack of a Cache, and then propose a new security model by introducing the Cache. In particular, we define main capability of a Cache and headers to control the Cache, and introduce intermediaries which are entities to deal with a Cache. We furthermore identify a fact that these approaches are able to deal with the more strong adversary's capability by discussing how to execute the browser Cache Poisoning Attack in the proposed model. We implement a part of the proposed model by Alloy.
-
Web security model with Cache
2016 International Symposium on Information Theory and Its Applications (ISITA), 2016Co-Authors: Hayato Shimamoto, Naoto Yanai, Shingo Okamura, Toru FujiwaraAbstract:Cache is a mechanism in a web system to store web contents in order to provide them efficiently. Since there is an Attack called a browser Cache Poisoning Attack where an adversary utilizes a web Cache, analyzing the security under environments with a Cache is necessary. Based on this motivation, we discuss a potential weakness of the existing security model due to a lack of a Cache, and then propose a new security model by introducing the Cache. In particular, we define main capability of a Cache and headers to control the Cache, and introduce intermediaries which are entities to deal with a Cache. We furthermore identify a fact that these approaches are able to deal with the more strong adversary's capability by discussing how to execute the browser Cache Poisoning Attack in the proposed model. We implement a part of the proposed model by Alloy.
Fatemah Alharbi - One of the best experts on this subject based on the ideXlab platform.
-
INFOCOM - Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019Co-Authors: Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-ghazalehAbstract:DNS Poisoning Attacks inject malicious entries into the DNS resolution system, allowing an Attacker to redirect clients to malicious servers. These Attacks typically target a DNS resolver allowing Attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses can effectively protect resolvers rendering classical DNS Poisoning Attacks ineffective. In this paper, we present a new class of DNS Poisoning Attacks targeting the client-side DNS Cache. The Attack initiates DNS Poisoning on the client Cache, which is used in all main stream operating systems to improve DNS performance, circumventing defenses targeting resolvers. Our Attack allows an off-path Attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS Cache on a client machine. We developed the Attack on Windows, Mac OS, and Ubuntu Linux. Interestingly, the behaviors of the three operating systems are distinct and the vulnerabilities require different strategies to exploit. We also generalize the Attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. Finally, we propose a defense against this type of Poisoning Attacks.
-
Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019Co-Authors: Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-ghazalehAbstract:DNS Poisoning Attacks inject malicious entries into the DNS resolution system, allowing an Attacker to redirect clients to malicious servers. These Attacks typically target a DNS resolver allowing Attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses can effectively protect resolvers rendering classical DNS Poisoning Attacks ineffective. In this paper, we present a new class of DNS Poisoning Attacks targeting the client-side DNS Cache. The Attack initiates DNS Poisoning on the client Cache, which is used in all main stream operating systems to improve DNS performance, circumventing defenses targeting resolvers. Our Attack allows an off-path Attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS Cache on a client machine. We developed the Attack on Windows, Mac OS, and Ubuntu Linux. Interestingly, the behaviors of the three operating systems are distinct and the vulnerabilities require different strategies to exploit. We also generalize the Attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. Finally, we propose a defense against this type of Poisoning Attacks.
Hayato Shimamoto - One of the best experts on this subject based on the ideXlab platform.
-
ISITA - Web security model with Cache
2016Co-Authors: Hayato Shimamoto, Naoto Yanai, Shingo Okamura, Toru FujiwaraAbstract:Cache is a mechanism in a web system to store web contents in order to provide them efficiently. Since there is an Attack called a browser Cache Poisoning Attack where an adversary utilizes a web Cache, analyzing the security under environments with a Cache is necessary. Based on this motivation, we discuss a potential weakness of the existing security model due to a lack of a Cache, and then propose a new security model by introducing the Cache. In particular, we define main capability of a Cache and headers to control the Cache, and introduce intermediaries which are entities to deal with a Cache. We furthermore identify a fact that these approaches are able to deal with the more strong adversary's capability by discussing how to execute the browser Cache Poisoning Attack in the proposed model. We implement a part of the proposed model by Alloy.
-
Web security model with Cache
2016 International Symposium on Information Theory and Its Applications (ISITA), 2016Co-Authors: Hayato Shimamoto, Naoto Yanai, Shingo Okamura, Toru FujiwaraAbstract:Cache is a mechanism in a web system to store web contents in order to provide them efficiently. Since there is an Attack called a browser Cache Poisoning Attack where an adversary utilizes a web Cache, analyzing the security under environments with a Cache is necessary. Based on this motivation, we discuss a potential weakness of the existing security model due to a lack of a Cache, and then propose a new security model by introducing the Cache. In particular, we define main capability of a Cache and headers to control the Cache, and introduce intermediaries which are entities to deal with a Cache. We furthermore identify a fact that these approaches are able to deal with the more strong adversary's capability by discussing how to execute the browser Cache Poisoning Attack in the proposed model. We implement a part of the proposed model by Alloy.
Zouheir Trabelsi - One of the best experts on this subject based on the ideXlab platform.
-
A NOVEL MAN-IN-THE-MIDDLE INTRUSION DETECTION SCHEME FOR SWITCHED LANs
International Journal of Computers and Applications, 2020Co-Authors: Zouheir Trabelsi, Khaled ShuaibAbstract:Abstract The Man-in-the-Middle (MiM) Attack is used by Attackers toperformsniffingactivitiesinswitchedLANnetworks. Thepotentialdamagetoanetworkfromsniffingactivitiescanbeverysignificant.This paper proposes a mechanism for detecting malicious hostsperforming MiM Attack in switched LAN networks. The proposedmechanism consists of sending trap and spoofed packets to thenetwork’shosts,afterwhich,malicioussniffinghostscanbeidentifiedefficiently and accurately by collecting and analyzing the responsepackets. The effect of the proposed mechanism on the performanceof the network is discussed and shown to be minimal. Thelimits of current security solutions regarding their ability to detectand prevent the MiM Attack in switched LAN networks, are alsodiscussed. Key Words Address Resolution Protocol, man-in-the-middle Attack, AddressResolution Protocol Cache Poisoning Attack, intrusions detectionsystems 1. IntroductionSince the inception of the Internet, various security in-cidents and Attacks have been a continuous phenomenonreaching unparalleled levels. This becomes very evidentby reviewing recent studies conducted in this domain byCERT[1]. TheseAttackscomprisedofdifferenttechniquesexploiting the Internet in general and TCP/IP protocolsin particular, steadily continue to grow in sophistication,usingaverylargesetoftoolsandtechniques. Theman-in-the-middle(MiM)Attackiscountedamongstthesetech-niques. MiM AttackisusedbymaliciousinternaluserstosniffthetrafficinswitchedLANnetworks. Malicioususerscantapinonthenetworktrafficforinformationwithoutthe knowledge of the networks legitimate owner or users.Thisinformationcanincludepasswords,e-mailmessages,encryption keys, sequence numbers or other proprietarydata. Often, some of this information can be used topenetrate further into the network, or cause other severe
-
Microsoft Windows vs. Apple Mac OS X: Resilience against ARP Cache Poisoning Attack in a local area network
Information Security Journal: A Global Perspective, 2016Co-Authors: Zouheir TrabelsiAbstract:Robust security measures are integrated into new release versions of operating systems OSs to ensure that users have a more secure and reliable environment in which to run their daily tasks. In this article, through extensive practical experiments, we evaluate and compare the resilience of popular versions of Microsoft Windows OSs and Apple Mac OS X against Address Resolution Protocol ARP Cache Poisoning Attack in a local area network LAN. The experimental results demonstrate clearly that all tested versions of Windows OSs and Apple Mac OS X are vulnerable to the ARP Cache Poisoning Attack, and do not deploy built-in efficient security features to prevent success of this Attack. In addition, the experimental results directly contradict the common belief that Windows OSs are always less secure than Apple OSs. On the other hand, the article analyzes the efforts that have been made and the different methods that have been applied to detect and prevent ARP Cache Poisoning Attacks. The article shows that none of these efforts and methods has been able to give satisfactory results.
-
The robustness of Microsoft Windows and Apple Mac OS X against ARP Cache Poisoning based network Attacks
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016Co-Authors: Zouheir TrabelsiAbstract:Robust security measures are integrated into new release versions of operating systems (OSs) to ensure that users have a more secure and reliable environment to run their daily tasks. In this paper, through extensive practical experiments, we evaluate and compare the effectiveness of popular versions of Microsoft Windows OSs and Apple Mac OS X in thwarting Address Resolution Protocol (ARP) Cache Poisoning Attack in Local Area Network (LAN). The experimental results demonstrate clearly that all tested versions of Windows OSs and Apple Mac OS X are still very vulnerable to the ARP Cache Poisoning Attack, and do not deploy built-in efficient security features to prevent the success of this Attack. In addition, the experimental results directly allow to contradict the common belief that Windows OSs are always less security aspects compared to Apple OSs.
-
CCNC - The robustness of Microsoft Windows and Apple Mac OS X against ARP Cache Poisoning based network Attacks
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016Co-Authors: Zouheir TrabelsiAbstract:Robust security measures are integrated into new release versions of operating systems (OSs) to ensure that users have a more secure and reliable environment to run their daily tasks. In this paper, through extensive practical experiments, we evaluate and compare the effectiveness of popular versions of Microsoft Windows OSs and Apple Mac OS X in thwarting Address Resolution Protocol (ARP) Cache Poisoning Attack in Local Area Network (LAN). The experimental results demonstrate clearly that all tested versions of Windows OSs and Apple Mac OS X are still very vulnerable to the ARP Cache Poisoning Attack, and do not deploy built-in efficient security features to prevent the success of this Attack. In addition, the experimental results directly allow to contradict the common belief that Windows OSs are always less security aspects compared to Apple OSs.
-
ICDF2C - Towards More Secure Biometric Readers for Effective Digital Forensic Investigation
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, 2010Co-Authors: Zouheir Trabelsi, Mohamed Al-hemairy, Ibrahim Baggili, Saad AminAbstract:This paper investigates the effect of common network Attacks on the performance, and security of several biometric readers. Experiments are conducted using Denial of Service Attacks (DoSs) and the ARP Cache Poisoning Attack. The experiments show that the tested biometric readers are vulnerable to DoS Attacks, and their recognition performance is significantly affected after launching the Attacks. However, the experiments show that the tested biometric readers are secure from the ARP Cache Poisoning Attack. This work demonstrates that biometric readers are easy targets for malicious network users, lack basic security mechanisms, and are vulnerable to common Attacks. The confidentiality, and integrity of the log files in the biometric readers, could be compromised with such Attacks. It then becomes important to study these Attacks in order to find flags that could aid in a network forensic investigation of a biometric device.
