Professional Documents
Culture Documents
Aakash Goyal
Assistant Professor, Jind Institute, Engineering and Technology, Jind, Kurukshetra
Solutions
The man-in-the-browser attack is a very harmful and also, it has extremely low detection ratio. Some of the possible ways to protect computer from a man-in-thebrowser attack are as follow: Out-of-Band Transaction Verication is a successful technique of ghting with any MitB attack it uses transaction verication method in which the transaction details are veried as received by the website of bank, to the user through any other channel not browser; for example SMS, a mobile call or app with graphical cryptogram. The OOB transaction verication adds slower steps to the security and may cause frustration to user. Also, Trojan Man-inthe-Mobile (MitMo) can overcome OOB SMS transaction verication. Hardened Software: The hardened browser does not permit any extension to be added and it also prevents user scripts to run on the secure channel (SSL). Use of live distribution for important transactions or other main browsing can add extra step in the security. Various live distributions like Ubantu (Linux), BartPE (windows) are available as open source. Virtual Machine: Surng on virtual machine (VMware, Virtual Box etc) for important websites by using Network Address Translation (NAT), instead of
Working
This section an overview of working of MitB and various cases of MitB reported in cyber world over different platforms like Windows, MAC and Linux is presented. The MitB attack is based on Trojan horse, thus, the first step is targeting the victims computer. It can be done by social engineering techniques, Spam emails Phishing email and Exploiting the web application weakness to target the victims computer. The second step is performed by Trojan horse as it has ability of self activation. The Trojan horse silently watches the actions of the victim can give the control to its server. The Trojan horse has been designed to observe and when user visit specific websites, the Trojan horse can sense it and perform its preferred functions. The Trojan horse bypasses two way authentication and alters the communication between user and the website. The Trojan horse has ability to enter the data in the website form by itself. For example:
Victims Browser Payee name: Aakash Goyal Account no: xxxxxxx789 Amount: $2000 Trojan Horse
Bank Server Received Payee name: XXXX Account no: xxxxxxx345 Amount: $2000
www.csi-india.org
Name Carberp
Details targets Facebook users saving e-cash vouchers keeps bank session open successor of Zeus, widespread, low detection widespread, low detection Crime ware kit like to Zeus, not widespread widespread, low detection
Browser IE, Firefox Firefox IE, Firefox IE, Firefox IE, Firefox Firefox
validates users identity and secures the communication channel between the browser and the Web application using SSL client-certicate authentication [SafeNet].
References/Sources
[1] [2] Philipp Ghring (2007), Concepts against Man-in-the-Browser Attacks. Man in the browser attack, https:/ /www. owasp.org /index.php/Man-in-thebrowser_attack Man-in-the-browser, http:/ /en.wikipedia. org/wiki/Man-in-the-browser Safenets Security Guide (2011), Man in the Browser Security Guide. Web Application Security to the clients, http:/ /www.denyall.com/decision-maker/ products/Browser_Security_en.html Facebook users targeted in Carberp man-in-the-browser attack http:/ /news. techworld.com/security/3243894/zeusnot-the-only-bank-trojan-threat-userswarned/ n
[3]
IE, Firefox
[4] [5]
bridge network make the transactions secure as attack on virtual machine is very costly. External Authorization devices External authorization devices have no link to the Personal Computer. So the user enters the transaction details on the external authorization device and personal
About the Author
computer. For example, Mobile phone of user could also be used as external authorization devices. Alternatively, eToken NG-FLASH with a portable browser is a secure, zerofootprint certicate-based USB strong authentication token with onboard Flash memory. eToken NG-FLASH
[6]
Aakash Goyal has done B.Tech.(CSE) and M.Tech.(CSE). He is currently Working as Assistant Professor in Jind Institute of engineering and technology, Jind (under Kurukshetra university, Kurukshetra). He has published 2 national and 3 international papers in various conferences. He is a member of working committee of international journal JRPS (Journal for research publication and seminar). His area of interest is network security, Cryptography & information security, Mobile ad hoc networks.