Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New ’active cookie’ helps protect Internet users from cyber crooks

20.02.2006


A new technique developed by an Indiana University School of Informatics scientist provides a strong shield against identity theft and cyber attacks.

Cybersecurity expert Markus Jakobsson and the start-up RavenWhite Inc., of which Jakobsson is a co-founder, have developed an "active cookie," a countermeasure designed to protect against online scams such as pharming and man-in-the-middle attacks.

Pharming is obtaining personal or private (usually financial) information through domain spoofing. Rather than spamming with malicious and mischievous e-mail requests for users to visit fake Web sites which appear legitimate, pharming "poisons" a domain name server by planting false information in the server, resulting in a user’s request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.

"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection."

RavenWhite provides a new use of cookies, which are coded pieces of information stored on a person’s computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson’s invention helps protect against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.

Meiss discovered a technique that allows an attacker to hijack almost any Wi-Fi (wireless fidelity) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.

"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU’s Advanced Network Management Lab. "You can’t be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."

Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He showed a browser window where he typed eBay into the address bar, but where the loaded content showed the Web page of the Anti-Phishing Working Group.

"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user’s password," said Tsow, a visiting research associate who works with Jakobsson.

Jakobsson believes these kinds of attacks pose threats that few have considered. "How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don’t trust? These attacks are not detectable by the ordinary Internet user."

Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.

"Those are the organizations that would benefit most from using active cookies," Jakobsson added.

Jakobsson will discuss active cookies and other research results on identity theft and its countermeasures when he moderates a panel discussion Saturday (Feb. 18) at the annual gathering of the American Association for the Advancement of Science in St. Louis, Mo.

More details about RavenWhite can be found at http://www.ravenwhite.com. Information about the IU Center for Applied Cybersecurity Research is at http://cacr.iu.edu.

Internet-related identity theft accounted for about 9 percent of all ID thefts in the United States in 2005, according to a recent report released by Javelin Strategy and Research. The findings also show that the average loss per incident jumped to $6,432 from $2,897 in the previous year.

Consumers can find out more about how to protect themselves from identity theft at the Federal Trade Commission Web site, http://www.consumer.gov/idtheft.

About the IU School of Informatics:

The Indiana University School of Informatics offers a unique, interdisciplinary curriculum that focuses on developing specialized skills and knowledge of information technology. The school has a variety of undergraduate degrees and specialized master’s and doctoral degrees in bioinformatics, chemical informatics, health informatics, human-computer interaction, laboratory informatics, new media and computer science. Each degree is an interdisciplinary endeavor that combines course work and field experiences from a traditional subject area or discipline with intensive study of information and technology.

Joe Stuteville | EurekAlert!
Further information:
http://www.consumer.gov/idtheft
http://cacr.iu.edu.
http://www.ravenwhite.com

More articles from Information Technology:

nachricht Equipping form with function
23.06.2017 | Institute of Science and Technology Austria

nachricht Can we see monkeys from space? Emerging technologies to map biodiversity
23.06.2017 | Forschungsverbund Berlin e.V.

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Can we see monkeys from space? Emerging technologies to map biodiversity

An international team of scientists has proposed a new multi-disciplinary approach in which an array of new technologies will allow us to map biodiversity and the risks that wildlife is facing at the scale of whole landscapes. The findings are published in Nature Ecology and Evolution. This international research is led by the Kunming Institute of Zoology from China, University of East Anglia, University of Leicester and the Leibniz Institute for Zoo and Wildlife Research.

Using a combination of satellite and ground data, the team proposes that it is now possible to map biodiversity with an accuracy that has not been previously...

Im Focus: Climate satellite: Tracking methane with robust laser technology

Heatwaves in the Arctic, longer periods of vegetation in Europe, severe floods in West Africa – starting in 2021, scientists want to explore the emissions of the greenhouse gas methane with the German-French satellite MERLIN. This is made possible by a new robust laser system of the Fraunhofer Institute for Laser Technology ILT in Aachen, which achieves unprecedented measurement accuracy.

Methane is primarily the result of the decomposition of organic matter. The gas has a 25 times greater warming potential than carbon dioxide, but is not as...

Im Focus: How protons move through a fuel cell

Hydrogen is regarded as the energy source of the future: It is produced with solar power and can be used to generate heat and electricity in fuel cells. Empa researchers have now succeeded in decoding the movement of hydrogen ions in crystals – a key step towards more efficient energy conversion in the hydrogen industry of tomorrow.

As charge carriers, electrons and ions play the leading role in electrochemical energy storage devices and converters such as batteries and fuel cells. Proton...

Im Focus: A unique data centre for cosmological simulations

Scientists from the Excellence Cluster Universe at the Ludwig-Maximilians-Universität Munich have establised "Cosmowebportal", a unique data centre for cosmological simulations located at the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences. The complete results of a series of large hydrodynamical cosmological simulations are available, with data volumes typically exceeding several hundred terabytes. Scientists worldwide can interactively explore these complex simulations via a web interface and directly access the results.

With current telescopes, scientists can observe our Universe’s galaxies and galaxy clusters and their distribution along an invisible cosmic web. From the...

Im Focus: Scientists develop molecular thermometer for contactless measurement using infrared light

Temperature measurements possible even on the smallest scale / Molecular ruby for use in material sciences, biology, and medicine

Chemists at Johannes Gutenberg University Mainz (JGU) in cooperation with researchers of the German Federal Institute for Materials Research and Testing (BAM)...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Plants are networkers

19.06.2017 | Event News

Digital Survival Training for Executives

13.06.2017 | Event News

Global Learning Council Summit 2017

13.06.2017 | Event News

 
Latest News

Quantum thermometer or optical refrigerator?

23.06.2017 | Physics and Astronomy

A 100-year-old physics problem has been solved at EPFL

23.06.2017 | Physics and Astronomy

Equipping form with function

23.06.2017 | Information Technology

VideoLinks
B2B-VideoLinks
More VideoLinks >>>