A new technique developed by an Indiana University School of Informatics scientist provides a strong shield against identity theft and cyber attacks.
Cybersecurity expert Markus Jakobsson and the start-up RavenWhite Inc., of which Jakobsson is a co-founder, have developed an "active cookie," a countermeasure designed to protect against online scams such as pharming and man-in-the-middle attacks.
Pharming is obtaining personal or private (usually financial) information through domain spoofing. Rather than spamming with malicious and mischievous e-mail requests for users to visit fake Web sites which appear legitimate, pharming "poisons" a domain name server by planting false information in the server, resulting in a user’s request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.
"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection."
Meiss discovered a technique that allows an attacker to hijack almost any Wi-Fi (wireless fidelity) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.
"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU’s Advanced Network Management Lab. "You can’t be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."
Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He showed a browser window where he typed eBay into the address bar, but where the loaded content showed the Web page of the Anti-Phishing Working Group.
"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user’s password," said Tsow, a visiting research associate who works with Jakobsson.
Jakobsson believes these kinds of attacks pose threats that few have considered. "How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don’t trust? These attacks are not detectable by the ordinary Internet user."
Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.
"Those are the organizations that would benefit most from using active cookies," Jakobsson added.
Jakobsson will discuss active cookies and other research results on identity theft and its countermeasures when he moderates a panel discussion Saturday (Feb. 18) at the annual gathering of the American Association for the Advancement of Science in St. Louis, Mo.
More details about RavenWhite can be found at http://www.ravenwhite.com. Information about the IU Center for Applied Cybersecurity Research is at http://cacr.iu.edu.
Internet-related identity theft accounted for about 9 percent of all ID thefts in the United States in 2005, according to a recent report released by Javelin Strategy and Research. The findings also show that the average loss per incident jumped to $6,432 from $2,897 in the previous year.
Consumers can find out more about how to protect themselves from identity theft at the Federal Trade Commission Web site, http://www.consumer.gov/idtheft.
About the IU School of Informatics:
The Indiana University School of Informatics offers a unique, interdisciplinary curriculum that focuses on developing specialized skills and knowledge of information technology. The school has a variety of undergraduate degrees and specialized master’s and doctoral degrees in bioinformatics, chemical informatics, health informatics, human-computer interaction, laboratory informatics, new media and computer science. Each degree is an interdisciplinary endeavor that combines course work and field experiences from a traditional subject area or discipline with intensive study of information and technology.
Construction of practical quantum computers radically simplified
05.12.2016 | University of Sussex
UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville
Physicists of the University of Würzburg have made an astonishing discovery in a specific type of topological insulators. The effect is due to the structure of the materials used. The researchers have now published their work in the journal Science.
Topological insulators are currently the hot topic in physics according to the newspaper Neue Zürcher Zeitung. Only a few weeks ago, their importance was...
In recent years, lasers with ultrashort pulses (USP) down to the femtosecond range have become established on an industrial scale. They could advance some applications with the much-lauded “cold ablation” – if that meant they would then achieve more throughput. A new generation of process engineering that will address this issue in particular will be discussed at the “4th UKP Workshop – Ultrafast Laser Technology” in April 2017.
Even back in the 1990s, scientists were comparing materials processing with nanosecond, picosecond and femtosesecond pulses. The result was surprising:...
Have you ever wondered how you see the world? Vision is about photons of light, which are packets of energy, interacting with the atoms or molecules in what...
A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.
Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...
In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.
“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...
16.11.2016 | Event News
01.11.2016 | Event News
14.10.2016 | Event News
09.12.2016 | Life Sciences
09.12.2016 | Ecology, The Environment and Conservation
09.12.2016 | Health and Medicine