icann61 tech day idn abuse
play

ICANN61 Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i - PowerPoint PPT Presentation

Jan 02, 2024 •167 likes •336 views

ICANN61 Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i n g ) R e s e a r c h b y : M i k e S c h i f f m a n , S t e p h e n W a t t FARSIGHT SECURITY Mo#va#on Lots of Data To Play With Shed Light on Domain Abuse

  1. ICANN61 – Tech Day IDN Abuse M e r i k e K a e o ( p r e s e n t i n g ) R e s e a r c h b y : M i k e S c h i f f m a n , S t e p h e n W a t t FARSIGHT SECURITY

  2. Mo#va#on • Lots of Data To Play With • Shed Light on Domain Abuse via IDN Homographs • IDNs allow forgeries to be nearly undetectable by either human eyes or human judgment • Is it well understood by the wider public? • How Bad Is The Problem • Registering Internet DNS names for the purpose of misleading consumers is not news • Wanted to determine prevalence and reach of issue

  3. Terminology Terms to know when dealing with IDNs • Code point: A numerical value represenHng a Unicode character i.e.: U+03B1 • Plane: A conHguous set of code points (17 in total; plane 0, The Basic Mul-lingual Plane is the most important) • Block: Logical subdivision of a plane; “Basic LaHn” (ASCII 0x-0x7f ), or CJK Unified Ideographs • UTF-8: Common scheme for variable length encoding of Unicode code points into sequences of 1 – 4 bytes ( U+0000–U+10FFFF ); is backwards compaHble with ASCII • SSIM: Structured Similarity Index; a fracHonal value represenHng the similarity between two images that can range from 0.0 (least similar) to 1.0 (idenHcal) • Homoglyph: One of two or more characters with shapes that appear idenHcal or very similar (O ”oh” and 0 “zero”) • Homograph: Same as above, but enHre words are considered

  4. Unicode Universal Encoding • Unicode is a universal standard for encoding language glyphs • It provides a unique number for every character (this is a code point) • Latest version contains 136,755 characters covering 139 modern and historic scripts Example Unicode characters F: U+0046 I: ✪ : U+272A U+0049 A: U+0041 G: ∰ : U+0047 U+2230 R: U+0052 H: ॐ : U+0950 U+0048 S: U+0053 T: ♥ : U+2665 U+0054

  5. Punycode A lossless method for down sampling Unicode into ASCII • 'Taking data that requires larger encoding space and fihng it into a smaller presentaHon format (“puny”) • Punycode is an encoding to convert Unicode characters into ASCII • Technically, into a subset of ASCII known as LDH (leiers, digits, hyphens) Example Unicode --> Punycode αβγδεζηθικλ µ νξο π ρστυφχψω --> xn--mxacdefghijklmnopqr0btuvwxy IDNs represent Unicode labels and may appear as such to the end user, but over the wire they are sent encoded using Punycode 5

  6. IDN Homographs • Different leiers or characters might look alike • Uppercase “I” and lowercase “l” • Leier “O” and number “0” • Characters from different alphabets or scripts may appear indisHnguishable form one another to the human eye • Individually they are known as homoglyphs • In the context of the words that contain them they consHtute homographs

  7. IDN Homograph A=acks And this is why we can’t have nice things • Bad actors figured out they can register IDNs and target sites using homoglyphs (or someHmes homographs) Unicode 0+0430 Example Punycode to rendered Unicode IDNs: xn--frsight-2fg.com --> f а rsight.com xn--80ak6aa92e.com --> арр ӏе .com All Cyrillic characters 7

  8. Research Done • Examined 125 top brand domain names • Large content providers, social networking companies, financial websites, luxury brands, cryptocurrency exchanges, etc. • Monitoring IDN homographs in real-Hme • From 3 month observaHon period observed 116,113 homographs • 2017-10-17 23:41 UTC to 2018-01-10 19:00 UTC

  9. Disturbing Findings • Indepth details: • hips://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/ • The large number of homographs seems disturbing and may need further invesHgaHons • No assumpHon made of intent against domains or domain owners • However, did find some live phishing sites • Companies were contacted to alert them of suspected phishing sites • Demonstrates that threat of IDN homograph impersonaHon is both real and acHvely being exploited

  10. Suspicious IDNs

  11. Suspicious IDNs

  12. Suspicious IDNs

  13. Suspicious IDNs

  14. Suspicious IDNs

  15. General Observa#ons • While IDN related abuse domains are a fracHon of the overall abuse domains, they do exist • Publicity surrounding this kind of abuse is growing which will moHvate potenHally more abuse • What is role of IETF (who decides what characters can be used in an IDN) vs role of ICANN (who decides policy) ? • Would certain policy enforcements miHgate most of the potenHally harmful IDN related abuse domains ?

  16. QUESTIONS ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61, San Juan Jacques Latour, .ca (Chair) TLD-OPS Global technical incident response community for and by ccTLDs , open to all ccTLDs Brings

318 views • 10 slides
FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz 12.03.2018 What is FRED? Open source domain registry solution EPP, DNSSEC, WHOIS, RDAP Developed (and used) by CZ.NIC since 2006 Just

649 views • 18 slides
How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4.

How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4.

Child Abuse, Bullying and Strategies You Can Use to Protect Yourself How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4. Emotional Maltreatment 1 Physical Abuse Physical indicators Behavioral indicators

737 views • 7 slides
ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61,

ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61,

ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61, San Juan From WG to Committee The Strategic and Operational Working Group (SOPWG) was created at the Cairo ICANN meeting in Nov 2008.

852 views • 8 slides
PRE-ICANN61 POLICY OPEN HOUSE 1 March 2018 | 1 Welcome and Introduction David Olive Senior

PRE-ICANN61 POLICY OPEN HOUSE 1 March 2018 | 1 Welcome and Introduction David Olive Senior

PRE-ICANN61 POLICY OPEN HOUSE 1 March 2018 | 1 Welcome and Introduction David Olive Senior Vice President, Policy Development Support Open House Format Interactive Format | A question and answer exchange with the Policy Team

382 views • 22 slides
Hi Histor ory of of Elder Elder Abuse Abuse Legisla Legislation ion Fe Federal Federal

Hi Histor ory of of Elder Elder Abuse Abuse Legisla Legislation ion Fe Federal Federal

12/12/2019 Na Nati tional onal Gui Guidel elines ines fo for Fi Financial nancial Ins Instit itutio ions ns: Wo Working to togeth gether er to to Pro Protect Ol Older der Pe Persons fr from Fi Financial nancial Abuse Abuse Joe

409 views • 8 slides
ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2

ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2

ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2 General overview GDPR entry in force: 25 May 2018 Impact goes far beyond EU! Organisations outside EU/EEA but with offer for EU

490 views • 14 slides
Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic

Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic

Economic abuse What Research Tells Us Dr Nicola Sharp-Jeffs Overview What is economic abuse? How is it different to financial abuse ? Economic abuse and coercive control Economic abuse post-separation Prevalence data for UK and

326 views • 31 slides
Psychological Abuse NCEA Elder Abuse Presentation: Psychological Abuse www.ncea.aoa.gov 1

Psychological Abuse NCEA Elder Abuse Presentation: Psychological Abuse www.ncea.aoa.gov 1

An Introduction to Elder Abuse for Professionals: Psychological Abuse NCEA Elder Abuse Presentation: Psychological Abuse www.ncea.aoa.gov 1 NCEA Elder Abuse Presentation: Psychological Abuse www.ncea.aoa.gov 2 Learning Objectives At

839 views • 28 slides
Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

3/20/2018 Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch Smart Phones to Make or declare Toys Tools A Terror? Tablets something sacred, Laptop Computers that is to purposefully

414 views • 7 slides
Consolidated Substance Consolidated Substance Abuse Counseling Abuse Counseling Center Center

Consolidated Substance Consolidated Substance Abuse Counseling Abuse Counseling Center Center

Consolidated Substance Consolidated Substance Abuse Counseling Abuse Counseling Center Center (CSACC) (CSACC) 13 FEB 2014 MCB CAMP PENDLETON, CA Marine Corps Substance Abuse Program DoD Instruction (DoDI) 1015.10 The minimum drinking

395 views • 6 slides
Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase

Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase

Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase Tension build-up/ set-up Back to abuse Abuse abuse is psychological and physical it can leave deep and lasting scars No one should live in fear of the

470 views • 17 slides
INHALANT ABUSE And What To Do About It What Is Inhalant Abuse? Deliberate inhalation of fumes,

INHALANT ABUSE And What To Do About It What Is Inhalant Abuse? Deliberate inhalation of fumes,

INHALANT ABUSE And What To Do About It What Is Inhalant Abuse? Deliberate inhalation of fumes, vapors or gases to get high Sniffing, Huffing, or Dusting More than 1,400 household products High of choice

756 views • 51 slides
Patterns of Abuse Domestic Abuse: A form of oppression

Patterns of Abuse Domestic Abuse: A form of oppression

Patterns of Abuse Domestic Abuse: A form of oppression in which a person uses certain behavior patterns to control their intimate partner.

387 views • 19 slides
Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND

Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND

Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND PREVENTION: General information and materials from programs about substance abuse. Parentengagementnetwork.org Speak Now Colorado - Age appropriate

165 views • 4 slides
Admission Analysis 2019-20 FY B. Tech., DSE and FY M. Tech. F.Y. B. Tech. Cutoff 2019-20

Admission Analysis 2019-20 FY B. Tech., DSE and FY M. Tech. F.Y. B. Tech. Cutoff 2019-20

Admission Analysis 2019-20 FY B. Tech., DSE and FY M. Tech. F.Y. B. Tech. Cutoff 2019-20 Allotment in CAP Round-I SN Gender OPEN SC ST DT/VJ NT1 NT2 NT3 OBC SEBC EWS TFWS PWD DEF COURSE 10051 16813 70931 16484 20400 13952

465 views • 17 slides
PRESENTED BY CYBRAIN SOFTWARE SOLUTIONS ABOUT US Cybrain Software Solutions is an ISO

PRESENTED BY CYBRAIN SOFTWARE SOLUTIONS ABOUT US Cybrain Software Solutions is an ISO

PRESENTED BY CYBRAIN SOFTWARE SOLUTIONS ABOUT US Cybrain Software Solutions is an ISO 9001:2008 certified Software development and Web development Company, Headquartered in Mohali (Punjab). We are providing IT solutions and IT-enabled

754 views • 60 slides
Y O U R P L A C E Y O U R L I F E b r o u g h t t o y ou b y RESIDENCES SUITES 0 2

Y O U R P L A C E Y O U R L I F E b r o u g h t t o y ou b y RESIDENCES SUITES 0 2

Y O U R P L A C E Y O U R L I F E b r o u g h t t o y ou b y RESIDENCES SUITES 0 2 DISCLAIMER: The Illustration are artist impressions and serve only to give an approximate idea of the project. SEMANGGI Kuningan CBD Medistra Hospital

556 views • 26 slides
It was quickly confirmed to be the solution to the FQHE mystery but WHY it works has

It was quickly confirmed to be the solution to the FQHE mystery but WHY it works has

LCDQM-15 Low Dimensional Quantum Condensed Matter workshop, University of Amsterdam, July 2, 2015 Geometrodynamics of the Fractional Quantum Hall Effect F. Duncan M. Haldane Princeton University An effective field theory for the

532 views • 32 slides
MACN M ARITIME A NTI -C ORRUPTION N ETWORK Karoline L. Bhler (klb@rederi.no) Shippingforum

MACN M ARITIME A NTI -C ORRUPTION N ETWORK Karoline L. Bhler (klb@rederi.no) Shippingforum

MACN M ARITIME A NTI -C ORRUPTION N ETWORK Karoline L. Bhler (klb@rederi.no) Shippingforum 04.09.13 Contents Setting the context Why is bribery and corruption a hot topic? What is the Maritime Anti-Corruption Network (MACN)

924 views • 27 slides
FrameNet: A Knowledge Base for Natural Language Processing Collin F . Baker International

FrameNet: A Knowledge Base for Natural Language Processing Collin F . Baker International

FrameNet: A Knowledge Base for Natural Language Processing Collin F . Baker International Computer Science Institute Berkeley, California 94704 U.S.A. collinb@icsi.berkeley.edu Session in Honor of Charles J. Fillmore ACL, Baltimore,

833 views • 71 slides
Entity Linking with Multiple Knowledge Bases Bianca Pereira MSc. / PhD Day November 2015

Entity Linking with Multiple Knowledge Bases Bianca Pereira MSc. / PhD Day November 2015

Entity Linking with Multiple Knowledge Bases Bianca Pereira MSc. / PhD Day November 2015 Motivation Entity Linking is the task of grounding entity mentions in text with Knowledge Base entries.

439 views • 17 slides
Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board

Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board

Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board meeting OWEBs Tide Gate Investments Tide Gate Tide Gate Removals for Replacements for Species and Water Species and Water Quality Benefits

328 views • 5 slides
Knowledge Base Exchange Marcelo Arenas 1 Elena Botoeva 2 Diego Calvanese 2 1 Dept. of Computer

Knowledge Base Exchange Marcelo Arenas 1 Elena Botoeva 2 Diego Calvanese 2 1 Dept. of Computer

Knowledge Base Exchange Techniques for Deciding Knowledge Base Exchange Conclusions Knowledge Base Exchange Marcelo Arenas 1 Elena Botoeva 2 Diego Calvanese 2 1 Dept. of Computer Science, PUC Chile marenas@ing.puc.cl 2 KRDB Research Centre, Free

1.09k views • 81 slides

More recommend