DOCSLIB.ORG

Client-Server

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Client-Server EHR: System Architecture and Systems Security – An Analysis of Interdependencies SBA Research & Vienna University of Technology Edgar R. Weippl Typical Security Errors in Large-Scale Systems SBA Research & Vienna University of Technology Edgar R. Weippl Basic Architectures http://datacenterpost.com/wp- http://www.futuretimeline.net/subject/images/computer- content/uploads/2014/11/mainframe-apps.jpg storage-timeline.jpg Basic Architectures http://www.datacenterknowledge.com/wp- http://conversation.which.co.uk/wp- content/uploads/2013/07/cloud-vm-movement.jpg content/uploads/2011/03/peer-to- peer_shutterstock_56319415.jpg Architectures Centralized Distributed Historic Mainframe Client-Server • Admins understand • Admins understand systems and can systems and can observe everything observe servers and • Server-based security communication • Decentral / private data Hype Cloud Computing P2P / Grassroots • Internals hidden / Infrastructure protected • Trust in majority • Arms race in analysis • Sybil attack Architectures Centralized Distributed Historic Mainframe Client-Server • Admins understand systems • Admins understand systems and can observe everything and can observe servers and • Server-based security communication • Decentral / private data Hype Cloud Computing P2P / Grassroots Infrastructure • Internals hidden / protected • Trust in majority • Arms race in analysis • Sybil attack Observation & Empirical Research Impact Hop-count measuring Once IP is found, find path to victim Cloud platforms block ICMP errors/ control messages Our idea: Scan with incrementing TTL Use timing side-channel to count hosts Co-residence Testing Place prober on same host as victim Check if TTL scan to victim is 0 Check patterns to prober via interrupt-based side-channel If both pass – attacker is co-resident with victim Data Deduplication At the server At the client – Same file only stored – Calculate hash or once other digest – Save storage space at – Reduce server communication Authentication Viber, WhatsApp, fring, GupShup, hike, KakaoTalk, Line, ChatOn, textPlus and WeChat Re-Evaluation 2014 Empirical Research • Dropbox • Amazon Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Amir Herzberg and Haya Shulman and Johanna Ullrich and Markus Huber, and Edgar R. Weippl. Dark clouds on the Edgar R. Weippl, Cloudoscopy: Services Discovery and horizon: Using cloud storage as attack vector and online Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, slack space. USENIX Security, 8/2011. 2013. • WhatsApp • Tor Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Philipp Winter and Richard Koewer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Edgar R. Weippl. Guess who is texting you? evaluating the Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing security of smartphone messaging applications. In Network Malicious Tor Exit Relays, in Proceedings of the 14th Privacy and Distributed System Security Symposium (NDSS 2012), Enhancing Technologies Symposium, 2014 Feb 2012. • Facebook • GSM Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, Mulazzani, and Edgar R. Weippl, IMSI-Catch Me If You Can: and Edgar Weippl. Appinspect: Large-scale evaluation of IMSI-Catcher-Catchers in Proceedings of ACSAC, 2014 social networking apps. In ACM Conference on Online Social Networks (COSN), 2013. Take Aways • Implement or improve monitoring – Typical rates of queries – Amount of storage allocated – Reuse statistics for data duplications – … • Analyze attack surface • Active probing – Bad node behavior – … Architectures Centralized Distributed Historic Mainframe Client-Server • Admins understand systems • Admins understand systems and can observe everything and can observe servers and • Server-based security communication • Decentral / private data Hype Cloud Computing P2P / Grassroots Infrastructure • Internals hidden / protected • Trust in majority • Arms race in analysis • Sybil attack [email protected] [email protected] [email protected] .
Load more

Recommended publications
  • Kakaotalk Theme Guide
    kakaotalkThemeGuide Creat My Own Theme Android UPDATE 2017/02/23 STEP1 Check Points Customized Themes Create a unique look and feel that is all your own. With the custom theme feature, you can transform your wallpaper, chat bubbles, font, color scheme and more. Check point - This feature is available in KakaoTalk version 5.1.0 or later. - The color of the text can be changed. - Layout cannot be modified. - Produce based on a 480PX x 800PX (HDPI) resolution. - Produse based on a 1080x1920(xxhdpi) resolution Download File KakaoTalk Theme has been designed so that it is created in an APK file format, with execution speed and scalability in mind kakao.com > services > kakaotalk > Customized Themes download KakaoTalk sample themes. http://www.kakao.com/services/talk/theme STEP2 Modify Resources 1) Modify Images The package name/res/drawable-xxhdpi folder contains sample images that can be modified using the theme function. Refer to the resources list in the “Check Modifiable Resource” page and replace the image you wish to change with the identical file name. For example, if you wish to change the Splash screen that is displayed when KakaoTalk is executed, then change the thm_general_splash_img.png file shown in the folder above. Leave as-is or delete if there is no image that needs to be changed. Images that change size depending on the size of the phone or the situation are those categorized as “9-patch” in the recommended type column in the list and requires additional modification. Please refer to the URL below for more information on 9-patch.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • AVG Android App Performance and Trend Report H1 2016
    AndroidTM App Performance & Trend Report H1 2016 By AVG® Technologies Table of Contents Executive Summary .....................................................................................2-3 A Insights and Analysis ..................................................................................4-8 B Key Findings .....................................................................................................9 Top 50 Installed Apps .................................................................................... 9-10 World’s Greediest Mobile Apps .......................................................................11-12 Top Ten Battery Drainers ...............................................................................13-14 Top Ten Storage Hogs ..................................................................................15-16 Click Top Ten Data Trafc Hogs ..............................................................................17-18 here Mobile Gaming - What Gamers Should Know ........................................................ 19 C Addressing the Issues ...................................................................................20 Contact Information ...............................................................................21 D Appendices: App Resource Consumption Analysis ...................................22 United States ....................................................................................23-25 United Kingdom .................................................................................26-28
    [Show full text]
  • Security System for Mobile Messaging Applications Pejman Dashtinejad
    Security System for Mobile Messaging Applications Pejman Dashtinejad Master of Science Thesis Stockholm, Sweden TRITA–ICT–EX-2015:2 Introduction | 1 Security System for Mobile Messaging Applications Pejman Dashtinejad 8 January 2015 Master of Science Thesis Examiner Professor Sead Muftic Department of ICT KTH University SE-100 44 Stockholm, Sweden TRITA–ICT–EX-2015:2 Abstract | iii Abstract Instant messaging (IM) applications are one of the most popular applications for smartphones. The IMs have the capability of sending messages or initiating voice calls via Internet which makes it almost cost free for the users to communicate with each other. Unfortunately, like any other type of applications, majority of these applications are vulnerable to malicious attacks and have privacy issues. The motivation for this thesis is the need to identifying security services of an IM application and to design a secure system for any mobile messaging application. This research proposes an E2EE (End-to-End Encryption) approach which provides a secure IM application design which protects its users with better integrity, confidentiality and privacy. To achieve this goal a research is conducted to investigate current security features of popular messaging applications in the mobile market. A list of requirements for good security is generated and based on those requirements an architecture is designed. A demo is also implemented and evaluated. Keywords: Mobile, Application, messaging, Chat, Encryption, Security Acknowledgments | v Acknowledgments First and foremost, thank you God to give me another chance to complete my higher education and to learn enormous skills and knowledge through all these years of study at the university.
    [Show full text]
  • Executive Summary
    Executive Summary Chat apps are quickly becoming the preferred medium for digital communication in some of the world’s fastest-growing markets. Global monthly users of the top four chat apps (WhatsApp, Messenger, WeChat, and Viber) now exceed those of the top four traditional social media networks (Facebook, Instagram, Twitter, and LinkedIn) (Business Insider Intelligence, 2017). The most popular chat app, WeChat, had 889 million monthly active users as of Q4 2016 (according to Tencent Penguin Intelligence’s 2017 WeChat User Behavior Report [as cited in Brennan, 2017]). Given these radical shifts, the Institute for the Future (IFTF), with support from the Google News Lab, conducted an ethnographic case study of the chat app news media ecosystem in Korea. The goal was to better understand the role chat apps will play in the creation and propagation of news around the world, highlighting key challenges and opportunities for newsrooms and journalists. Our study focuses primarily on KakaoTalk, the most popular chat app in South Korea. South Korea has the fastest internet speed in the world (averaging 28.6 Mbps in the first quarter of 2017 [Akamai, 2017]), the highest smartphone ownership rates in the world (Hana, 2016), free access to global media and internet, and high saturation of both indigenous (KakaoTalk) and foreign chat apps, making the country a good indicator where news media are headed both in the region and around the world. We found three key insights for journalists and newsrooms to consider: 1. MILLIONS OF ORDINARY PEOPLE ARE DRIVING THE FLOW OF NEWS THROUGH CHAT APPS, FURTHER EVOLVING THE INFORMATION ECOSYSTEM IN THE DIGITAL WORLD: The flow of information today within chat apps is similar to a massive, virtual version of the children’s game of telephone, in which individuals whisper messages to each other one by one, the final message inevitably differing significantly from the original.
    [Show full text]
  • Forensic Analysis of the Backup Database File in Kakaotalk Messenger
    Forensic analysis of the backup database file in KakaoTalk messenger Jusop Choi∗, Jaewoo Parky and Hyoungshick Kimy ∗Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea Email : [email protected] yDepartment of Software, Sungkyunkwan University, Republic of Korea Email : fbluereaper, [email protected] Abstract—Instant messaging services should be designed to A security practice commonly used in IM applications is to securely protect their users’ personal contents such as chat encrypt such sensitive files with a key that the IM application messages, photos and video clips against a wide range of attacks. can only access. Needless to say, the security of this security In general, such contents are securely encrypted in storage. In this paper, however, we demonstrated that the backup database practice strongly relies on the protection of the encryption key. file for chat messages in KakaoTalk (the most popularly used Our research was motivated to check whether the protection instant messaging service in Republic of Korea, http://www. of the encryption key in IM applications would actually be kakao.com/talk/en) can be leaked to unauthorized users. We acceptable to the standard criteria in the information security carefully examined the backup procedure in KakaoTalk through community. reverse engineering the KakaoTalk application to analyze how the backup database file was encrypted and the encryption key can In order to provide practical answers to this research be generated. Our analysis showed that the encrypted database question, we examined the key protection implementation in is susceptible to off-line password guessing attacks. Based on this IM applications through a case study of KakaoTalk (http: finding, we recommend that a secure key generation technique //www.kakao.com/talk/en) that is the most popularly used IM should be designed to improve resistance against offline password guessing attacks by using a random secret number to generate application in South Korea with more than 49.1 million active the encryption key.
    [Show full text]
  • Private Status Sharing and Sender-Controlled Notifications In
    I Share, You Care: Private Status Sharing and Sender-Controlled Notifications in Mobile Instant Messaging 34 HYUNSUNG CHO, KAIST, Republic of Korea JINYOUNG OH, KAIST, Republic of Korea JUHO KIM, KAIST, Republic of Korea SUNG-JU LEE, KAIST, Republic of Korea While mobile instant messaging (MIM) facilitates ubiquitous interpersonal communication, its constant connectivity could build the expectation of an immediate response to messages, and its notifications flood could cause interruptions at inopportune moments. We examine two design concepts for MIM—private status sharing and sender-controlled notifications—that aim to lower the pressure for an immediate reply and reduce unnecessary interruptions by untimely notifications. Private status sharing reactively reveals a customized status with a selected partner(s) only when the partner has sent a message. Sender-controlled notifications give senders the control of choosing whether to send a notification for their own messages. We built MyButler, an Android app prototype that instantiates these two concepts and integrated it with KakaoTalk, a commercial MIM app. During a two-week field study with 11 pairs (5 couples and 6 friend pairs), participants expressed themselves through a total of 210 different statuses, 64.3% of which indicated the current activity or task ofthe user. Participants reported that private status sharing enabled them to explain their unavailability and relieved the pressure and expectations for timely attendance. We reveal more findings on the types of privately shared statuses and their roles in MIM communication; the in-situ behaviors and patterns of using sender-controlled notifications; and the motivations of MIM users in choosing whether to alert their messages.
    [Show full text]
  • United States District Court for the Eastern District of Texas Marshall Division
    Case 2:13-cv-00948-JRG-RSP Document 18 Filed 07/21/14 Page 1 of 14 PageID #: 158 UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF TEXAS MARSHALL DIVISION MOBILE TELECOMMUNICATIONS § TECHNOLOGIES, LLC, § Plaintiff, § Civil Action No. 2:13-cv-948-JRG-RSP v. § § JURY TRIAL REQUESTED HTC AMERICA, INC., § Defendant. § PLAINTIFF MOBILE TELECOMMUNICATIONS TECHNOLOGIES, LLC’S AMENDED COMPLAINT Plaintiff Mobile Telecommunications Technologies, LLC (“MTel” or “Plaintiff”) by and through its undersigned attorneys, hereby pleads the following claims for patent infringement against Defendant HTC America, Inc. (“HTC” or “Defendant”) and alleges as follows. THE PARTIES 1. Plaintiff MTel is a Delaware limited liability company having a principal place of business at 1720 Lakepointe Drive, Suite 100 Lewisville, TX 75057. MTel is a wholly owned subsidiary of United Wireless Holdings, Inc. (“United Wireless”). In 2008, United Wireless, through another of its wholly owned subsidiaries, Velocita Wireless, LLC, purchased the SkyTel wireless network from Bell Industries, including assets related to SkyTel’s more than twenty year history as a wireless data company. Velocita Wireless, LLC, continued to operate the SkyTel wireless data network after the acquisition. As a result of that transaction, United Wireless gained ownership and control over the portfolio of intellectual property, including patents, developed over the years by several SkyTel-related entities, including Mobile Telecommunication Technologies Corp. (“MTEL Corp.”), Destineer Corporation, and SkyTel Communications. United Wireless subsequently assigned certain of the patent assets, including PLAINTIFF MOBILE TELECOMMUNICATIONS TECHNOLOGIES, LLC’S AMENDED COMPLAINT 740352V.1 Case 2:13-cv-00948-JRG-RSP Document 18 Filed 07/21/14 Page 2 of 14 PageID #: 159 the patents-in-suit, together with all rights of recovery related to those patent assets to its wholly owned subsidiary, MTel, which is the plaintiff here.
    [Show full text]
  • Application-To-Person Messaging Helping Enterprises to Respond to Consumers’ Changing Communications Behavior
    Ovum TMT intelligence | Application-to-Person Messaging Helping enterprises to respond to consumers’ changing communications behavior Sponsored by Contents Introduction .....................................................................................................................................................4 Ovum view .....................................................................................................................................................4 Key findings ..................................................................................................................................................5 Key trends in messaging .................................................................................................................................6 P2P SMS declines as use of OTT communications apps grows .................................................................6 Enterprise adoption of A2P SMS strengthens .............................................................................................7 A2P SMS commoditization drives innovation ..............................................................................................8 Case study: MakeMyTrip ..............................................................................................................................8 Service providers lay foundations for IP-based communications ............................................................10 OTT communications apps seek greater engagement with enterprises .................................................10
    [Show full text]
  • Understanding Stress on Mobile Instant Messengers Based On
    CHI 2018 Paper CHI 2018, April 21–26, 2018, Montréal, QC, Canada Too Close and Crowded: Understanding Stress on Mobile Instant Messengers based on Proxemics In-geon Shin, Jin-min Seok, Youn-kyung Lim Department of Industrial Design, KAIST Daejeon, Republic of Korea {ingeonshin, jinminseok, younlim}@kaist.ac.kr ABSTRACT MIM is no longer simply a tool for delivering text. People Nowadays, mobile instant messaging (MIM) is a necessity are experiencing real and practical interaction through MIM. for our private and public lives, but it has also been the cause Conversations in MIM are more natural and fluent than with of stress. In South Korea, MIM stress has become a serious SMS, and people form communities and have a sense of social problem. To understand this stress, we conducted four connection through MIM [4]. In a study that focuses on focus groups with 20 participants under MIM stress. We WhatsApp, O’Hara et al. [27] argue that the use of MIM is a initially discovered that MIM stress relates to how people form of dwelling in digital space, and they use the notion of perceive the territory in MIM. We then applied proxemics— dwelling [11] to explain how MIM drives the encounters of the theory of human use of space—to the thematic analysis people’s relationships over time. Whereas chat rooms in the as the rationale. The data revealed two main themes: too past, such as the chat rooms of PC-based IM, were regarded close and too crowded. The participants were stressed due to as temporary places to be repeatedly created and destroyed, design features that let strangers or crowds into their MIM chat rooms in MIM have become more permanent places so applications and forced them to interact and share their status that people form their own virtual territory [15].
    [Show full text]
  • Humanitarian Futures for Messaging Apps
    HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION Syrian refugees, landed on Lesbos in Greece, looking for a mobile signal to check their location and notify relatives that they arrived safely. International Committee of the Red Cross 19, avenue de la Paix 1202 Geneva, Switzerland T +41 22 734 60 01 F +41 22 733 20 57 E-mail: [email protected] www.icrc.org January 2017 Front cover: I. Prickett/UNHCR HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION This report, commissioned by the International Committee of the Red Cross (ICRC), is the product of a collaboration between the ICRC, The Engine Room and Block Party. The content of this report does not reflect the official opinion of the ICRC. Responsibility for the information and views expressed in the report lies entirely with The Engine Room and Block Party. Commissioning Editors: Jacobo Quintanilla and Philippe Stoll (ICRC). Lead Researcher: Tom Walker (The Engine Room). Content: Eytan Oren (Block Party), Zara Rahman (The Engine Room), Nisha Thompson, and Carly Nyst. Editors: Michael Wells and John Borland. Project Manager: Waiyee Leong (ICRC). The ICRC, The Engine Room and Block Party request due acknowledgement and quotes from this publication to be referenced as: ICRC, The Engine Room and Block Party, Humanitarian Futures for Messaging Apps, January 2017. This report is available at www.icrc.org, https://theengineroom.org and http://weareblockparty.com. This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-sa/4.0/.
    [Show full text]
  • Design and Analysis of Enumeration Attacks on Finding Friends
    computers & security xxx (2015) 1e9 Available online at www.sciencedirect.com ScienceDirect journal homepage: www.elsevier.com/locate/cose Design and analysis of enumeration attacks on finding friends with phone numbers: A case study with KakaoTalk * Eunhyun Kim a, Kyungwon Park a, Hyoungshick Kim a, , Jaeseung Song b a Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea b Department of Computer and Information Security, Sejong University, Republic of Korea article info abstract Article history: Users' phone numbers are popularly used for finding friends in instant messaging (IM) Received 13 December 2014 services. In this paper, we present a new security concern about this search feature Received in revised form through a case study with KakaoTalk which is the most widely used IM in Korea. We 21 March 2015 demonstrate that there are multiple ways of collecting victims' personal information such Accepted 18 April 2015 as their (display) names, phone numbers and photos, which can be potentially misused for Available online xxx a variety of cyberecriminal activities. Our experimental results show that a user's personal data can be obtained automatically (0.26 s on average). The results also indicate that a large Keywords: portion of KakaoTalk users (72.8%) have used real or real-like names in their profiles, which Finding friends with phone numbers means that our discovered enumeration attacks seem to be practically dangerous. To Enumeration attack mitigate these attacks, we present three countermeasures including a misuse detection Information leakage system that can discover abnormal application activities within a certain time-window. Privacy © 2015 Elsevier Ltd.
    [Show full text]