School of Computer & Security ScienceEdith Cowan University
Say my name, BITCH
An Investigation into IDN Homograph Mitigation Strategies
Peter HannaySECAU Security Research Centre
Edith Cowan University
Greg BaatardEdith Cowan University
School of Computer & Security ScienceEdith Cowan University
UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG
• People get USB sticks all the time. The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn't safe to plug a USB stick into a computer. Bruce Schneier
School of Computer & Security ScienceEdith Cowan University
School of Computer & Security ScienceEdith Cowan University
People are Idiots
• 20 government agencies
• 70%+ hit rate
• Some sticks phoned home from multiple ‘sensitive’ networks
School of Computer & Security ScienceEdith Cowan University
WHATThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
IDN
☃��
School of Computer & Security ScienceEdith Cowan University
Homoglyph
ј j
School of Computer & Security ScienceEdith Cowan University
Homograph
http://gooɡle.com/ http://google.com/
School of Computer & Security ScienceEdith Cowan University
Mitigation• Unicode Punycode• http://gooɡle.com/ http://xn--goole-tmc.com
• Alerts
School of Computer & Security ScienceEdith Cowan University
PICSThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
• Phishing
• Better than spoofed address
• You can get replies and everything!
Sweet kiwicon@kiwіcon.org
School of Computer & Security ScienceEdith Cowan University
THE TESTINGThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
Tests
• URL Bar
• Certificate Information
• Geolocation Request
School of Computer & Security ScienceEdith Cowan University
Evaluation
School of Computer & Security ScienceEdith Cowan University
Internet Explorer
School of Computer & Security ScienceEdith Cowan University
Firefox
School of Computer & Security ScienceEdith Cowan University
Chrome
School of Computer & Security ScienceEdith Cowan University
Opera
School of Computer & Security ScienceEdith Cowan University
Safari
School of Computer & Security ScienceEdith Cowan University
Comparison
School of Computer & Security ScienceEdith Cowan University
Email Testing
School of Computer & Security ScienceEdith Cowan University
CONCLUSIONIts time for the…
