Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study

Total Page:16

File Type:pdf, Size:1020Kb

Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study Session D5: Network Security CCS’17, October 30-November 3, 2017, Dallas, TX, USA Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study Qi Alfred Chen, Matthew Thomas†, Eric Osterweil†, Yulong Cao, Jie You, Z. Morley Mao University of Michigan, †Verisign Labs [email protected],{mthomas,eosterweil}@verisign.com,{yulongc,jieyou,zmao}@umich.edu ABSTRACT was recently annouced (US-CERT alert TA16-144A), which specif- The recent unprecedented delegation of new generic top-level do- ically targets the leaked WPAD (Web Proxy Auto-Discovery) ser- mains (gTLDs) has exacerbated an existing, but fallow, problem vice discovery queries [79, 87]. In this attack, the attacker simply called name collisions. One concrete exploit of such problem was needs to register a domain that already receives vulnerable internal discovered recently, which targets internal namespaces and en- WPAD query leaks. Since WPAD queries are designed for discover- ables Man in the Middle (MitM) attacks against end-user devices ing and automatically conguring web proxy services, exploiting from anywhere on the Internet. Analysis of the underlying prob- these leaks allows the attacker to set up Man in the Middle (MitM) lem shows that it is not specic to any single service protocol, but proxies on end-user devices from anywhere on the Internet. little attention has been paid to understand the vulnerability status The cornerstone of this attack exploits the leaked service dis- and the defense solution space at the service level. In this paper, covery queries from the internal network services using DNS- we perform the rst systematic study of the robustness of internal based service discovery. With over 600 services registered to sup- network services under name collision attacks. port DNS-based service discovery [41], the name collision prob- We rst perform a measure study and uncover a wide spectrum lem seems likely to be much broader than the WPAD service alone. of services aected by the name collision problem. We then collect However, previous work primarily focus on analyzing and prevent- their client implementations and systematically analyze their vul- ing name collisions at the new gTLD registry and the network lev- nerability status under name collision attacks using dynamic anal- els [44, 87, 95, 102], little attention has been paid to understand ysis. Out of the 48 identied exposed services, we nd that nearly the vulnerability status and the defense solution space at the ser- all (45) of them expose vulnerabilities in popular clients. To demon- vice level. Since services are the direct victims of name collision strate the severity, we construct exploits and nd a set of new name attacks, it is necessary to provide service-level solutions so that collision attacks with severe security implications including MitM they can proactively protect themselves. More importantly, since attacks, internal or personal document leakage, malicious code in- the underlying cause is the domain name resolution in an unin- jection, and credential theft. We analyze the causes, and nd that tended namespace, compared to defenses at other levels, only the the name collision problem broadly breaks common security as- service clients, the actual issuers of the exploited queries, know sumptions made in today’s service client software. Leveraging the the intended namespace and thus have the chance to fundamen- insights from our analysis, we propose multiple service software tally solve the problem. level solutions, which enables the victim services to actively de- In this paper, we perform the rst systematic study of the ro- fend against name collision attacks. bustness of the service client design and implementations under the name collision attack threat model for internal network ser- vices using DNS-based service discovery. Our goal is to systemat- 1 INTRODUCTION ically identify client-side name collision vulnerability in the client software, which causes the client to mistakenly accept the iden- With the unprecendented delegation of new generic top-level do- tity of a name collision attack server. Our results are expected to mains (gTLDs) since late 2013, increasing amounts of leaked in- serve as a guideline for understanding whether and why a certain ternal domain name system (DNS) namespace queries are now client software is vulnerable, as well as providing insights on how resolvable in the public DNS namespace [102]. This has exacer- to mitigate against this emerging class of attacks. To perform the bated a long existing problem, which has been lying fallow, called study, we rst measure the services that are exposed to potential name collisions, in which a DNS query is resolved in an unin- name collisions today by analyzing the leaked queries to the dele- tended namespace [44, 102]. One concrete exploit of such problem gated new gTLDs. Based on the measurement, we form an exposed service dataset with 80 services with high volumes of service dis- Permission to make digital or hard copies of all or part of this work for personal or covery query leaks. Compared to the recent study on the WPAD classroom use is granted without fee provided that copies are not made or distributed service [87], our study for the rst time uncovers the wide spec- for prot or commercial advantage and that copies bear this notice and the full cita- tion on the rst page. Copyrights for components of this work owned by others than trum of services aected by the name collision problem and the the author(s) must be honored. Abstracting with credit is permitted. To copy other- potential security implications. wise, or republish, to post on servers or to redistribute to lists, requires prior specic With the set of exposed services, we manually collect their client permission and/or a fee. Request permissions from [email protected]. CCS’17, Oct. 30–Nov. 3, 2017, Dallas, TX, USA. software, with prioritization for services with higher query leak © 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM. volumes and clients that are more popular among corporate or end 978-1-4503-4946-8/17/10...$15.00 DOI: 10.1145/3133956.3134084 1 941 Session D5: Network Security CCS’17, October 30-November 3, 2017, Dallas, TX, USA users. In total, we are able to collect 57 client implementations cov- on the exposed services today and characterize their designed func- ering 48 exposed services. To systematically perform vulnerability tionality and the potential security implications. analysis, we develop a dynamic analysis framework capable of ana- • We collect the client implementations for the exposed ser- lyzing the clients in a simulated name collision attack environment. vices and systematically analyze their vulnerability status under The analysis is performed by constructing attack server responses, name collision attacks leveraging a dynamic analysis framework. and a vulnerability is revealed if the client accepts the responses Our results show that nearly all the exposed services have popu- and proceeds with the designed service functionality. lar clients vulnerable due to several common design choices. This From the vulnerability analysis, our results reveal that nearly all suggests that the name collision attack threat model broadly breaks (45) of these 48 services have popular clients vulnerable due to sev- common security assumptions made in the service clients today. eral common software design or implementation choices. We nd • Based on the analysis results, we construct exploits and re- that the lack of server authentications, which is also exhibited in port our ndings of a myriad of new name collision attacks with the WPAD exploit, is the root cause for one third of these vulnera- severe security implications, including MitM attack, malicious li- ble services. For the remaining two thirds, their clients do use stan- brary injection, credential theft, etc. These ndings show high end- dard server authentications by default, leveraging TLS certicates to-end exploitability of identied vulnerabilities in practice. or pre-shared keys (PSK). However, nearly all clients using TLS cer- • We identify several fundamental vulnerability causes, in- ticates are found vulnerable due to the default choice of accepting cluding a cause newly introduced by the name collision problem, publicly-valid but previously-unseen certicates from a colliding the lack of namespace dierentiation. Based on the insights, we domain. For the clients using PSK, we nd that majority (88.1%) propose a set of service software level solutions, which enables the of them are vulnerable since they do not enforce server authenti- victim services to actively defend against name collision attacks. cation. We also nd a common vulnerable design choice specic to a previously uncovered but popular use of DNS-based service discovery, Zero-conguration networking (Zeroconf) [14], which 2 BACKGROUND mixes the service discovery in dierent namespaces. These results 2.1 The Name Collision Problem show that even with standard server authentication adopted, the In DNS, a domain name is a set of dot-separated labels that form name collision attack threat model still broadly breaks common se- a tree structure with the DNS root located at the top. The last two curity assumption in today’s internal network service clients. We labels, for example .com and example in www.example.com, are nd that one fundamental cause is the lack of namespace dieren- called the TLD (top-level domain) and SLD (second-level domain). tiation in the current service discovery and server authentication In the DNS ecosystem, the public DNS namespace is for the resolu- methods. This problem is newly introduced by the name collision tion of domain names on the public Internet, and the Internet Cor- problem and it leaves the clients incapable of handling potential poration for Assigned Names and Numbers (ICANN) is the author- name collisions. itative administrator for its DNS root. ICANN delegates the man- To demonstrate the severity of the discovered vulnerabilities, agement of the TLDs to specic TLD registry operators.
Recommended publications
  • Master's Thesis Electronic Gatekeeper Using ETHERNET
    University of West Bohemia Faculty of Applied Sciences Department of Computer Science and Engineering Master’s thesis Electronic Gatekeeper using ETHERNET Plzeň 2019 Hamza Elghoul Místo této strany bude zadání práce. Declaration I hereby declare that this master’s thesis is completely my own work and that I used only the cited sources. Plzeň, 2 May 2018 Hamza Elghoul Abstract The aim of this thesis is the analysis and the realization of a budget 2-way communication system using ETHERNET connection, more specific- ally a door intercom station (hereinafter ”Bouncer” or "Gatekeeper"), where it is possible to make voice calls between two CLIENTS, a CALLER and a CALLEE with an acceptable to minimal delay. There are many alternative methods available for implementing such sys- tems, this project will try to compare some of these solutions and choose the most convenient platform according to a number of factors, such as band- width, processing power needed and communication protocols in question. Keywords: VoIP, SIP,SDP, server, client, LAN, ethernet, embedded, audio, raspberry pi Contents Page List of Figures7 1 Preface 10 2 Analysis 11 2.1 Objectives and Requirements................. 11 2.2 Hardware............................ 12 2.2.1 Arduino......................... 12 2.2.2 RaspberryPi 3 Model B................ 13 2.2.3 Banana Pi........................ 14 2.2.4 Orange Pi........................ 15 2.2.5 CubieBoard 2...................... 16 2.2.6 Beagle Bone Black................... 16 2.3 Application........................... 18 2.4 Audio capture and digitalisation................ 19 2.4.1 Signaling Protocols................... 20 2.5 Communication Protocol.................... 23 2.5.1 Session Initiation Protocol............... 23 2.5.2 Real Time Protocol..................
    [Show full text]
  • Universidad Pol Facultad D Trabajo
    UNIVERSIDAD POLITÉCNICA DE MADRID FACULTAD DE INFORMÁTICA TRABAJO FINAL DE CARRERA ESTUDIO DEL PROTOCOLO XMPP DE MESAJERÍA ISTATÁEA, DE SUS ATECEDETES, Y DE SUS APLICACIOES CIVILES Y MILITARES Autor: José Carlos Díaz García Tutor: Rafael Martínez Olalla Madrid, Septiembre de 2008 2 A mis padres, Francisco y Pilar, que me empujaron siempre a terminar esta licenciatura y que tanto me han enseñado sobre la vida A mis abuelos (q.e.p.d.) A mi hijo icolás, que me ha dejado terminar este trabajo a pesar de robarle su tiempo de juego conmigo Y muy en especial, a Susana, mi fiel y leal compañera, y la luz que ilumina mi camino Agradecimientos En primer lugar, me gustaría agradecer a toda mi familia la comprensión y confianza que me han dado, una vez más, para poder concluir definitivamente esta etapa de mi vida. Sin su apoyo, no lo hubiera hecho. En segundo lugar, quiero agradecer a mis amigos Rafa y Carmen, su interés e insistencia para que llegara este momento. Por sus consejos y por su amistad, les debo mi gratitud. Por otra parte, quiero agradecer a mis compañeros asesores militares de Nextel Engineering sus explicaciones y sabios consejos, que sin duda han sido muy oportunos para escribir el capítulo cuarto de este trabajo. Del mismo modo, agradecer a Pepe Hevia, arquitecto de software de Alhambra Eidos, los buenos ratos compartidos alrrededor de nuestros viejos proyectos sobre XMPP y que encendieron prodigiosamente la mecha de este proyecto. A Jaime y a Bernardo, del Ministerio de Defensa, por haberme hecho descubrir las bondades de XMPP.
    [Show full text]
  • Mac OS X Server Administrator's Guide
    034-9285.S4AdminPDF 6/27/02 2:07 PM Page 1 Mac OS X Server Administrator’s Guide K Apple Computer, Inc. © 2002 Apple Computer, Inc. All rights reserved. Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Netscape Navigator is a trademark of Netscape Communications Corporation. RealAudio is a trademark of Progressive Networks, Inc. © 1995–2001 The Apache Group. All rights reserved. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 062-9285/7-26-02 LL9285.Book Page 3 Tuesday, June 25, 2002 3:59 PM Contents Preface How to Use This Guide 39 What’s Included
    [Show full text]
  • Openfire Service Level Agreement
    Service Level Agreement Technical Services — Communications Service University Technology Services 1. Overview This Service Level Agreement (SLA) is between University Technology Services (UTS) and either departments or groups choosing to utilize the internal Oakland University instant messaging (OUIM) service. The OUIM service is currently referenced by talk.oakland.edu and runs XMPP/Jabber software called Openfire. Under this SLA, UTS agrees to provide specific information technology (IT) services. This SLA also covers performance and reliability targets and objectives. Section 7 requires the signature and contact information of the group coordinator as an agreement to the SLA. OUIM is an online service that is available on campus and off campus. The requirements to utilize the service are a NetID, an XMPP client, and an Internet connection. XMPP clients are available online. The UTS Helpdesk supports the XMPP clients Spark, Pidgin, and Adium. Instructions are available on the UTS Web site at http://www.oakland.edu/?id=13849&sid=70. 2. Purpose The purpose of this SLA is to establish a cooperative partnership between UTS staff members with the community of customers who may opt into its use by clarifying roles, setting expectations, and providing service objectives and limitations. 3. Terms of Agreement This service is provided on an ongoing basis. From time to time, it may be reviewed and modified by UTS. Modifications to this agreement will be done at the sole discretion of UTS and the Technical Support and Services team (TSS). 4. Service Hours Regularly scheduled maintenance will be scheduled during low-use hours as much as possible; such work will be done either before 8:00 A.M.
    [Show full text]
  • OS X Support Essentials 10.9 Apple Pro Training Series
    Apple Pro Training Series: OS X Support Essentials 10.9 Apple Pro Training Series Training Apple Pro Network Configuration Locations: One selected by user Automatic Work Home Test Ethernet Wi-Fi Ethernet 2 FireWire VPN Services: Multiple services activate and prioritized based on service order Understand OS X Mavericks underlying technologies, Configurestand-alone and networked Mac Troubleshoot software and hardware issues software components, and industry-standard protocols. computers with step-by-step instructions. using Apple-recommended procedures and tools. OS X Mavericks Supporting and Troubleshooting OS X Support Essentials 10.9 The Apple-Certified Way to Learn This is the official curriculum of the Apple Mavericks 101: OS X The Apple Pro Training Series is both a self-paced Support Essentials 10.9 course and preparation for Apple learning tool and the official curriculum of the Apple Training and Certified Support Professional (ACSP) 10.9 certification— Certification program. Upon completing the course material in this as well as a top-notch primer for anyone who needs to support, book, you can become an Apple Certified Support Professional by troubleshoot, or optimize OS X Mavericks. This guide provides passing the OS X Support Essentials 10.9 Exam. Work through this comprehensive coverage of Mavericks and is part of the Apple book as self-study material or attend a class at an Apple Authorized Pro Training series—the only Apple-certified books on the Training Center. To learn more, please visit training.apple.com. market. Designed for support technicians, help desk specialists, and ardent Mac users, this guide takes you deep inside the Also in the Apple Pro Training Series: Mavericks operating system.
    [Show full text]
  • Computer Service Technician- CST Competency Requirements
    Computer Service Technician- CST Competency Requirements This Competency listing serves to identify the major knowledge, skills, and training areas which the Computer Service Technician needs in order to perform the job of servicing the hardware and the systems software for personal computers (PCs). The present CST COMPETENCIES only address operating systems for Windows current version, plus three older. Included also are general common Linux and Apple competency information, as proprietary service contracts still keep most details specific to in-house service. The Competency is written so that it can be used as a course syllabus, or the study directed towards the education of individuals, who are expected to have basic computer hardware electronics knowledge and skills. Computer Service Technicians must be knowledgeable in the following technical areas: 1.0 SAFETY PROCEDURES / HANDLING / ENVIRONMENTAL AWARENESS 1.1 Explain the need for physical safety: 1.1.1 Lifting hardware 1.1.2 Electrical shock hazard 1.1.3 Fire hazard 1.1.4 Chemical hazard 1.2 Explain the purpose for Material Safety Data Sheets (MSDS) 1.3 Summarize work area safety and efficiency 1.4 Define first aid procedures 1.5 Describe potential hazards in both in-shop and in-home environments 1.6 Describe proper recycling and disposal procedures 2.0 COMPUTER ASSEMBLY AND DISASSEMBLY 2.1 List the tools required for removal and installation of all computer system components 2.2 Describe the proper removal and installation of a CPU 2.2.1 Describe proper use of Electrostatic Discharge
    [Show full text]
  • Icaeyeblinkmetrics() Version 3.2
    Documentation for: icaeyeblinkmetrics() Version 3.2 This EEGLAB toolbox is designed for automated/semi-automated selection of ICA components associated with eye- blink artifact using time-domain measures. The toolbox is based on the premises that 1) an ICA component associated with eye blinks should be more related to the recorded eye blink activity than other ICA components, and 2) removal of the ICA component associated with eye blinks should reduce the eye blink artifact present within the EEG following back projection. Other than the EEG input, the only required input for the function is specification of the channel that exhibits the artifact (in most cases the VEOG electrode). This can either be stored within the EEG.data matrix or within EEG.skipchannels. It will then identify eye-blinks within the channel to be used for computation of the metrics listed below. If you are not sure what channel to choose, you can let the function determine the channel where the artifact maximally presents but this does slow the function down. The toolbox does not change the data in any way, it only provides an output stored in ‘EEG.icaquant’ providing: 1. Metrics: a. The correlation between the measured artifact in the artifact channel and each ICA component. (i.e. how similar the ICA component is to the eye blink) b. The adjusted normalized convolution of the ICA component activity with the measured artifact in the artifact channel. (i.e., how well does the ICA component overlap with the eye blink) c. The percent reduction in the artifact present in the EEG for each ICA component if it was removed.
    [Show full text]
  • Polycom Realpresence Trio ™ Hands-On Testing of an All-In-One Audio, Content, and Video Conferencing Device for Small Meeting Rooms
    June 2017 Evaluation of Polycom RealPresence Trio ™ Hands-on testing of an all-in-one audio, content, and video conferencing device for small meeting rooms. This evaluation sponsored by: Background Founded in 1990 and headquartered in San Jose, California, Polycom is a privately-held 1 company that develops, manufactures, and markets video, voice, and content collaboration and communication products and services. The company employs approximately ~ 3,000 people and generates more than $1B in annual revenue. Polycom has been in the conference phone business since the early 1990s2, and to date has shipped more than six million analog and digital conference phones – all with the familiar Polycom three-legged “starfish” design (see images below). In October 2015, Polycom announced the RealPresence Trio 8800 – a multi-function conferencing device intended for use in small, medium, and large meeting rooms. Figure 1: Polycom SoundStation IP4000 (L) and Polycom RealPresence Trio 8800 (R) In April 2017, Polycom commissioned members of our South Florida test team to perform a third-party assessment of the RealPresence Trio 8800 solution. This document contains the results of our hands-on testing. Note – For readability and brevity’s sake, throughout this document we will refer to the Polycom RealPresence Trio 8800 as the Trio 8800 or simply Trio. 1 Polycom was acquired by private equity firm Siris Capital in September 2016 2 Source: https://en.wikipedia.org/wiki/Polycom#Polycom_audio_and_voice © 2018 Recon Research | www.reconres.com | Page 2 Understanding
    [Show full text]
  • Novell Messenger 3.0 May 2015
    Novell Messenger 3.0 May 2015 1Overview The information in this Readme file pertains to Novell Messenger 3.0. Novell Messenger 3.0 offers enhanced functionality over prior Messenger versions: Mobile Applications: Novell Messenger 3.0 provides native applications for iOS, Android, and BlackBerry devices. For more information, see “Using Novell Messenger on Your Mobile Device” in the Novell Messenger 3.0 Client User Guide. For information about the administrative tasks associated with Messenger mobile applications, see “Managing Messenger Mobile Applications” in the Novell Messenger 3.0 Administration Guide. Simultaneous Client Connections: Novell Messenger 3.0 allows you to maintain simultaneous connections to your Messenger system from multiple workstations or devices. For example, you can be connected to Messenger on your workstation, and then connect to Messenger from a mobile device without being logged out of Messenger on your workstation. For more information about this feature, see “Limiting Physical Access to Client Workstations” in “Securing Novell Messenger” in the Novell Messenger 3.0 Administration Guide. Update Clients (Look and Feel): Novell Messenger 3.0 provides an updated look and feel for both the Windows and Linux/Mac client interfaces. The Messenger 3.0 release also contains the following changes: Removal of NetWare support: With Messenger 3.0 and later, NetWare is no longer supported. ConsoleOne download option: If you have not already installed ConsoleOne, it is available with the Messenger distribution. 2 System Requirements Novell Messenger 3.0 system requirements (including requirements for mobile devices) are listed in “Novell Messenger Hardware and Software Requirements” in the Novell Messenger 3.0 Installation Guide.
    [Show full text]
  • A Brief Technical Introduction
    Mac OS X A Brief Technical Introduction Leon Towns-von Stauber, Occam's Razor LISA Hit the Ground Running, December 2005 http://www.occam.com/osx/ X Contents Opening Remarks..............................3 What is Mac OS X?.............................5 A New Kind of UNIX.........................12 A Diferent Kind of UNIX..................15 Resources........................................39 X Opening Remarks 3 This is a technical introduction to Mac OS X, mainly targeted to experienced UNIX users for whom OS X is at least relatively new This presentation covers primarily Mac OS X 10.4.3 (Darwin 8.3), aka Tiger X Legal Notices 4 This presentation Copyright © 2003-2005 Leon Towns-von Stauber. All rights reserved. Trademark notices Apple®, Mac®, Macintosh®, Mac OS®, Finder™, Quartz™, Cocoa®, Carbon®, AppleScript®, Bonjour™, Panther™, Tiger™, and other terms are trademarks of Apple Computer. See <http://www.apple.com/legal/ appletmlist.html>. NeXT®, NeXTstep®, OpenStep®, and NetInfo® are trademarks of NeXT Software. See <http://www.apple.com/legal/nexttmlist.html>. Other trademarks are the property of their respective owners. X What Is It? 5 Answers Ancestry Operating System Products The Structure of Mac OS X X What Is It? Answers 6 It's an elephant I mean, it's like the elephant in the Chinese/Indian parable of the blind men, perceived as diferent things depending on the approach X What Is It? Answers 7 Inheritor of the Mac OS legacy Evolved GUI, Carbon (from Mac Toolbox), AppleScript, QuickTime, etc. The latest version of NeXTstep Mach, Quartz (from Display PostScript), Cocoa (from OpenStep), NetInfo, apps (Mail, Terminal, TextEdit, Preview, Interface Builder, Project Builder, etc.), bundles, faxing from Print panel, NetBoot, etc.
    [Show full text]
  • Mac OS X Intro for UNIX Users
    Mac OS X An Introduction for UNIX Users Leon Towns-von Stauber, Occam's Razor Seattle BSD Users Group, October 2004 http://www.occam.com/osx/ X Contents Opening Remarks.............................3 Where Did Mac OS X Come From?.....5 What is Mac OS X?..........................13 A New Kind of UNIX........................25 A Different Kind of UNIX.................28 Why Use Mac OS X?.........................60 Resources.......................................63 Closing Remarks.............................67 X Opening Remarks 3 This is a technical introduction to Mac OS X, mainly targeted to experienced UNIX users for whom OS X is at least relatively new Some emphasis on comparisons with FreeBSD I'm assuming basic familiarity with operating system design Where I'm coming from: UNIX user and some-time admin since 1990 Full-time UNIX admin since 1995 NeXTstep user and admin since 1991 This presentation covers primarily Mac OS X 10.3.5 (Darwin 7.5) X Legal Notices 4 This presentation Copyright © 2003-2004 Leon Towns-von Stauber. All rights reserved. Trademark notices Apple®, Mac®, Macintosh®, Mac OS®, Aqua®, Finder™, Quartz™, Cocoa®, Carbon®, AppleScript®, Rendezvous™, Panther™, and other terms are trademarks of Apple Computer. See <http:// www.apple.com/legal/appletmlist.html>. NeXT®, NeXTstep®, OpenStep®, and NetInfo® are trademarks of NeXT Software. See <http://www.apple.com/legal/nexttmlist.html>. PowerPC™ is a trademark of International Business Machines. Java™ is a trademark of Sun Microsystems. Other trademarks are the property of their
    [Show full text]
  • A User Study of Off-The-Record Messaging
    A User Study of Off-the-Record Messaging Ryan Stedman Kayo Yoshida Ian Goldberg University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1 {rstedman@cs, k2yoshid@math, iang@cs}.uwaterloo.ca ABSTRACT Keywords Instant messaging is a prevalent form of communication ac- OTR, Usable Security, Instant Messaging, Think Aloud ross the Internet, yet most instant messaging services pro- vide little security against eavesdroppers or impersonators. 1. INTRODUCTION There are a variety of existing systems that aim to solve There has been much research into creating privacy-en- this problem, but the one that provides the highest level hancing technologies, especially since the Internet has started of privacy is Off-the-Record Messaging (OTR), which aims to play an essential role in everyday life. However, not many to give instant messaging conversations the level of privacy of these technologies have seen widespread adoption. One available in a face-to-face conversation. In the most recent of the reasons for this is that many of these technologies redesign of OTR, as well as increasing the security of the provide insufficient usability [8]. protocol, one of the goals of the designers was to make OTR The process of evaluating and enhancing usability is im- easier to use, without users needing to understand details of portant in order for a privacy-enhancing technology to pro- computer security such as keys or fingerprints. vide benefits to ordinary users. Since privacy is not just To determine if this design goal has been met, we con- intended for computer scientists or cryptographers, but for ducted a user study of the OTR plugin for the Pidgin in- everyone, these technologies should be accessible to the gen- stant messaging client using the think aloud method.
    [Show full text]