Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New ’active cookie’ helps protect Internet users from cyber crooks

20.02.2006


A new technique developed by an Indiana University School of Informatics scientist provides a strong shield against identity theft and cyber attacks.

Cybersecurity expert Markus Jakobsson and the start-up RavenWhite Inc., of which Jakobsson is a co-founder, have developed an "active cookie," a countermeasure designed to protect against online scams such as pharming and man-in-the-middle attacks.

Pharming is obtaining personal or private (usually financial) information through domain spoofing. Rather than spamming with malicious and mischievous e-mail requests for users to visit fake Web sites which appear legitimate, pharming "poisons" a domain name server by planting false information in the server, resulting in a user’s request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.

"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection."

RavenWhite provides a new use of cookies, which are coded pieces of information stored on a person’s computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson’s invention helps protect against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.

Meiss discovered a technique that allows an attacker to hijack almost any Wi-Fi (wireless fidelity) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.

"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU’s Advanced Network Management Lab. "You can’t be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."

Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He showed a browser window where he typed eBay into the address bar, but where the loaded content showed the Web page of the Anti-Phishing Working Group.

"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user’s password," said Tsow, a visiting research associate who works with Jakobsson.

Jakobsson believes these kinds of attacks pose threats that few have considered. "How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don’t trust? These attacks are not detectable by the ordinary Internet user."

Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.

"Those are the organizations that would benefit most from using active cookies," Jakobsson added.

Jakobsson will discuss active cookies and other research results on identity theft and its countermeasures when he moderates a panel discussion Saturday (Feb. 18) at the annual gathering of the American Association for the Advancement of Science in St. Louis, Mo.

More details about RavenWhite can be found at http://www.ravenwhite.com. Information about the IU Center for Applied Cybersecurity Research is at http://cacr.iu.edu.

Internet-related identity theft accounted for about 9 percent of all ID thefts in the United States in 2005, according to a recent report released by Javelin Strategy and Research. The findings also show that the average loss per incident jumped to $6,432 from $2,897 in the previous year.

Consumers can find out more about how to protect themselves from identity theft at the Federal Trade Commission Web site, http://www.consumer.gov/idtheft.

About the IU School of Informatics:

The Indiana University School of Informatics offers a unique, interdisciplinary curriculum that focuses on developing specialized skills and knowledge of information technology. The school has a variety of undergraduate degrees and specialized master’s and doctoral degrees in bioinformatics, chemical informatics, health informatics, human-computer interaction, laboratory informatics, new media and computer science. Each degree is an interdisciplinary endeavor that combines course work and field experiences from a traditional subject area or discipline with intensive study of information and technology.

Joe Stuteville | EurekAlert!
Further information:
http://www.consumer.gov/idtheft
http://cacr.iu.edu.
http://www.ravenwhite.com

More articles from Information Technology:

nachricht Smart Computers
21.08.2017 | Albert-Ludwigs-Universität Freiburg im Breisgau

nachricht AI implications: Engineer's model lays groundwork for machine-learning device
18.08.2017 | Washington University in St. Louis

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Fizzy soda water could be key to clean manufacture of flat wonder material: Graphene

Whether you call it effervescent, fizzy, or sparkling, carbonated water is making a comeback as a beverage. Aside from quenching thirst, researchers at the University of Illinois at Urbana-Champaign have discovered a new use for these "bubbly" concoctions that will have major impact on the manufacturer of the world's thinnest, flattest, and one most useful materials -- graphene.

As graphene's popularity grows as an advanced "wonder" material, the speed and quality at which it can be manufactured will be paramount. With that in mind,...

Im Focus: Exotic quantum states made from light: Physicists create optical “wells” for a super-photon

Physicists at the University of Bonn have managed to create optical hollows and more complex patterns into which the light of a Bose-Einstein condensate flows. The creation of such highly low-loss structures for light is a prerequisite for complex light circuits, such as for quantum information processing for a new generation of computers. The researchers are now presenting their results in the journal Nature Photonics.

Light particles (photons) occur as tiny, indivisible portions. Many thousands of these light portions can be merged to form a single super-photon if they are...

Im Focus: Circular RNA linked to brain function

For the first time, scientists have shown that circular RNA is linked to brain function. When a RNA molecule called Cdr1as was deleted from the genome of mice, the animals had problems filtering out unnecessary information – like patients suffering from neuropsychiatric disorders.

While hundreds of circular RNAs (circRNAs) are abundant in mammalian brains, one big question has remained unanswered: What are they actually good for? In the...

Im Focus: RAVAN CubeSat measures Earth's outgoing energy

An experimental small satellite has successfully collected and delivered data on a key measurement for predicting changes in Earth's climate.

The Radiometer Assessment using Vertically Aligned Nanotubes (RAVAN) CubeSat was launched into low-Earth orbit on Nov. 11, 2016, in order to test new...

Im Focus: Scientists shine new light on the “other high temperature superconductor”

A study led by scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg presents evidence of the coexistence of superconductivity and “charge-density-waves” in compounds of the poorly-studied family of bismuthates. This observation opens up new perspectives for a deeper understanding of the phenomenon of high-temperature superconductivity, a topic which is at the core of condensed matter research since more than 30 years. The paper by Nicoletti et al has been published in the PNAS.

Since the beginning of the 20th century, superconductivity had been observed in some metals at temperatures only a few degrees above the absolute zero (minus...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Call for Papers – ICNFT 2018, 5th International Conference on New Forming Technology

16.08.2017 | Event News

Sustainability is the business model of tomorrow

04.08.2017 | Event News

Clash of Realities 2017: Registration now open. International Conference at TH Köln

26.07.2017 | Event News

 
Latest News

What the world's tiniest 'monster truck' reveals

23.08.2017 | Life Sciences

Treating arthritis with algae

23.08.2017 | Life Sciences

Witnessing turbulent motion in the atmosphere of a distant star

23.08.2017 | Physics and Astronomy

VideoLinks
B2B-VideoLinks
More VideoLinks >>>