idn homographs
play

IDN Homographs SSAC | ICANN63 | October 2018 | 1 Introduction - PowerPoint PPT Presentation

Dec 31, 2022 •310 likes •646 views

IDN Homographs SSAC | ICANN63 | October 2018 | 1 Introduction | 2 | 2 Security and Stability Advisory Committee (SSAC) Who We Are What We Do Role: Advise the ICANN community and 39 Members Board on matters relating to the

  1. IDN Homographs SSAC | ICANN63 | October 2018 | 1

  2. Introduction | 2 | 2

  3. Security and Stability Advisory Committee (SSAC) Who We Are What We Do Role: Advise the ICANN community and ◉ 39 Members Board on matters relating to the security and integrity of the Internet’s naming and ◉ Appointed by the address allocation systems. ICANN Board How W Ho w We e Advise What is Our Expertise • Addressing and Routing • DNS & DNSSEC 103 Publications • Registry & Registrar Operations • ISP & Network Operations since 2002 • DNS Abuse & Cybercrime • Internationalization • ICANN Policy and Operations | 3

  4. Agenda 2 3 1 Introductions Internationalized Unicode and DNS Domain Names Labels 4 5 6 IDN Homographs Detection and Q&A Mitigation | 4

  5. Panelists / Presenters ◉ Tim April ◉ Merike Kaeo ◉ Rod Rasmussen ◉ Suzanne Woolf Acknowledgments ◉ Mike Schiffman, Farsight Security ◉ Sam Erb, Akamai Technologies | 5

  6. Internationalized Domain Names | 6 | 6

  7. Why IDNs? “The goal of an IDN effort is not to be able to write the great Klingon (or language of one's choice) novel in DNS labels but to be able to form a usefully broad range of mnemonics in ways that are as natural as possible in a very broad range of scripts.” -- RFC 5894 Translation → “ We deal with identifiers, not words” | 7

  8. IDNs ◉ Internationalized Domain Names in Applications (IDNA 2008) ◉ A way of representing characters other than Basic Latin in the DNS ◉ Internationalized Domain Names (IDNs) consist of Unicode characters Cyrillic: правительство.рф Korean: 스타벅스코리아 .com. . ﻊﻗوﻣ . ةرازو - ﺎﺻﺗا . ت . رﺻﻣ :Arabic | 8

  9. IDNs: Definitions RFC6365: Terminology Used in Internationalization in the IETF Language A way that humans communicate Script A set of graphic characters used for the written form of one or more languages Writing System A set of rules for using one or more scripts to write a particular language Character The smallest unit of a writing system, the name of the encoded entity itself Glyph An image of a character that can be displayed | 9

  10. IDNs: Homoglyphs and Homographs ◉ Homoglyph One of two or more glyphs with shapes that appear identical or very similar a ã ◉ Homograph One of two or more strings that appear identical or very similar facebook fãcebook | 10

  11. Unicode and DNS Labels | 11 | 11

  12. Unicode Unicode One character set (repertoire) with as a goal to contain every written character in every language. Like other character sets, it provides a unique number for every code point, not a unique code point per character. F U+0046 latin capital letter F A U+0041 latin capital letter A R U+0052 latin capital letter R S U+0053 latin capital letter S ∞ U+221E infinity Ю U+ 042E cyrillic capital letter yu П U+ 041F cyrillic capital letter pe ᄫ U+112B hangul choseong kapyeounpieup | 12

  13. U-labels and A-labels ◉ The DNS can carry any value in each octet in a label ◉ DNS labels are interpreted as ASCII, not Unicode ◉ Unicode form is called the U -label ◉ Unicode can be encoded as Letter Digit Hash (LDH) ASCII in DNS labels ◉ ASCII form is called the A -label (begins with "xn--") ○ An IDN can have one, some, or all labels A -label encoded ○ There is a 1:1 mapping between A-label and U-label ○ The ASCII encoding is known as punycode U-labels A-labels правительство.рф xn--80aealotwbjpid2k.xn--p1ai | 13

  14. IDN Homographs | 14 | 14

  15. ASCII Look-alikes vs IDN Homographs ◉ ASCII Look-alike: One of two or more ASCII strings that appear identical or very similar ◉ Solutions exist for detecting some ASCII look-alikes that do not exist for IDN Homographs acme.example acrne.example | 15

  16. IDN Homographic Attacks ◉ Humans are really good at pattern recognition ◉ Many glyphs originating from the Unicode repertoire look similar or even identical to others depending on the font ◉ So … register an IDN that is a homograph of a well-known (usually non-internationalized) domain name ◉ Extort, camp, cash -park, phish, distribute malware, or do other antisocial things by using the IDN in a URL ◉ ??? ◉ Profit | 16

  17. Examples Real Site Homograph A-label easyje ṭ .com. easyjet.com. xn--easyje-n17b.com. delta.com. de|ta.com. xn--deta-1kb.com. ryanai ṛ .com. ryanair.com. xn--ryanai-1x7b.com. poloniex.com. polonìex.com. xn--polonex-3ya.com. b ī t ť rex.com. bittrex.com. xn--btrex-m3a12b.com. linkedin.com. lìnkedin.com. xn--lnkedin-zya.com. Courtesy of Mike Schiffman, Farsight Security | 17

  18. Observed via Passive DNS ƒacebook.com.ƒaceb ọọ k.com. appǀe .com. appɩė .com. ġ oogle.xyz. goôgle.com. ñetflix.com. ƒacebook.tk. ƒɑcebook.com. âpplê.cf. ápple.com. ņ etflix.com. ĝ oogle.com. goog ĺ e.com. ḟ acebook.com. fácebook.com. ǎ pple.com. åpple.com. g ọọ gl ē .com. googlè.tk. nétflix.com. äpple.com. ą pple.com. n ė tflix.com. googl ę .com. googlè.com. fàcebook.com. fâcebook.com. ap ṗ le.com. app ĺ e.com. fåcebook.com. fäcebook.com. ne ṭ flix.com. googlé.com. ġ oo ģ le.com. fãcebook.com. f ȧ cebook.com. go ơ gle.com. googlè.com. applé.com. applè.com. netflíx.com. f ą cebook.com. f ā cebook.com. àpplè.com. appl ĕ .com. googlé.com. go ơ gle.com. netflìx.com. f ạ cebook.com. f ḁ cebook.com. ă ppl ĕ .com. ápplê.com. goo ĝ le.com. goo ĝ le.com. netflîx.com. fà ć ebook.com. fa ĉ ebook.com. goo ĝ le.com. goo ĝ le.com. àpplê.com. âpplê.com. netflïx.com. fa č ebook.com. fa ċ ebook.com. appl ě .com. applë.com. netfl ị x.com. goo ĝ le.com. goo ĝ le.com. façebook.com. faƈebook.com. äpplë.com. appl ė .com. netflıx.com. goo ĝ le.com. goo ĝ le.com. åppl ė .com. facébook.com. goo ģ le.com. netƒlix.com. w ė llsfargo.com. çhase.com. ƅankofamerica.com. baŋkofamerica.com. welłsfargo .com. chàse.com. baŋkofamerica.net. b ą nkofamerica.com. wellsfárgo.com. chäse.com. bankôfamerica.com. banköfamerica.com. wellsfårgo.com. chasé.com. bankofamerîca.com. bänkofämericä.com. wellsfargó.com. chasë.com. banĸofamerica.com. banĸofamerica.net. wellsfarg ọ .com. chɑse.com. bɑnkofɑmericɑ.com. Courtesy of wellsfɑrgo.com. сһаѕе.com. Mike Schiffman, Farsight Security | 18

  19. Observed in the Wild ◉ 1,936 impersonation domains observed in a review of Certificate Transparency logs (2017) [1] ◉ Farsight January 2018 research [2] ○ Examined 125 brand names ○ In a 3 month period observed 116,113 homographs ○ Discovered 10+ live phishing sites ○ 382 impersonation domains reported from Passive DNS logs [1]: https://github.com/CyberMonitor/defcon-25-Packet-Hacking- Village/blob/master/YOU'RE%20GOING%20TO%20CONNECT%20TO%20THE%20WRONG%20DOMAIN%20NAME%20phv2017-serb.pdf [2]: https://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/ | 19

  20. Observed in the Wild (cont) ◉ Farsight October 2018 research [3] ○ Examined 509 brand names ○ In a 20 month period observed 11,766 unique IDN homographs ○ In same period observed 61,443 total IDNs • 20 % in banking/finance • 52 % in .com • 68 % geolocate to the USA • 93 % using IPv4 Data courtesy of Mike Schiffman, Farsight Security | 20

  21. Diagram courtesy of Mike Schiffman, Farsight Security | 21

  22. Diagram courtesy of Mike Schiffman, Farsight Security | 22

  23. Diagram courtesy of Mike Schiffman, Farsight Security | 23

  24. Diagram courtesy of Mike Schiffman, Farsight Security | 24

  25. Detection and Mitigation | 25 | 25

  26. How to Detect Attacks ◉ Monitor certificate transparency logs ◉ Monitor DNS zone files ◉ Utilize passive DNS services ◉ Detecting IDN homographs reliably typically requires human eyes | 26

  27. Mitigation ◉ Stricter rules at registry and registrar ○ Registries and registrars implement recommendations from IDNA 2008 (RFC 5890-5894, specifically RFC5894) ○ Use an inclusion based process before allowing code points • For example, base rules on what script a code point belongs to ○ Be extremely conservative with mixed scripts within a label, and within a domain name ○ Adapt the Label Generation Rules (LGRs) ○ Mandate homographic lookup checks ◉ Browsers often implement homograph preventions, but with limited success | 27

  28. Why is this Important? ◉ ICANN's mission of Security , Stability and Resiliency of the global unique identifiers ○ Phishing, malware, malicious email ◉ Affects universal acceptance ○ Failure to act may result in ad -hoc blocking or other display tricks ◉ Business Email Compromise (BEC) is a growing problem ○ Failure to act may result in blocking of emails that use IDNs | 28

  29. What Can the Community do to Help? ◉ Opportunity for development of tools to detect IDN Homographs ○ Visualization ○ Comparison to known homographic targets ○ Facilitate brand protection ◉ Awareness and outreach of the potential malicious use of IDN Homographs ○ End -user awareness ○ Implementor education ○ Service provider awareness | 29

  30. Relevant SSAC Publications | 30 | 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pronunciation Lexicon Background Outline Brief Introduction on Pronunciation Lexicon

Pronunciation Lexicon Background Outline Brief Introduction on Pronunciation Lexicon

Paolo Baggia Loquendo Workshop on Internationalizing SSML III Hyderabad, India 3 Jan 2007 Pronunciation Lexicon Background Outline Brief Introduction on Pronunciation Lexicon Specification Common Use Cases Homographs solution

362 views • 11 slides
Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list homographs+type = words symbols broken down and pronounced unknown words: as word or letter sequence 11-752, LTI, Carnegie Mellon (define (token_to_words

836 views • 48 slides
Cypriot Identity by Georgia Evagorou MA, Graphic Design, London College of Communication Cypriot

Cypriot Identity by Georgia Evagorou MA, Graphic Design, London College of Communication Cypriot

Cypriot Identity by Georgia Evagorou MA, Graphic Design, London College of Communication Cypriot Identity Georgia Evagorou As the Greek alphabet fails to represent all of the sounds in the Cypriot dialect, this project suggests a phonetically

450 views • 14 slides
G l y p h M i n e r : A S y s t e m f o r E f f i c i e n t l y E

G l y p h M i n e r : A S y s t e m f o r E f f i c i e n t l y E

G l y p h M i n e r : A S y s t e m f o r E f f i c i e n t l y E x t r a c t i n g G l y p h s f r o m E a r l y P r i n t s i n t h e C o n t e x t o f O C R Benedikt

631 views • 36 slides
Diffusion Tensor Visualization With Glyph Packing Gordon Kindlmann, Carl-Fredrik Westin

Diffusion Tensor Visualization With Glyph Packing Gordon Kindlmann, Carl-Fredrik Westin

Diffusion Tensor Visualization With Glyph Packing Gordon Kindlmann, Carl-Fredrik Westin Laboratory of Mathematics in Imaging Department of Radiology Brigham & Women s Hospital Harvard Medical School 2/15 Diffusion tensor imaging (DTI)

330 views • 8 slides
Assessment of the shear strength of glued-laminated timber in existing structures T. Tannert 1 ,

Assessment of the shear strength of glued-laminated timber in existing structures T. Tannert 1 ,

The Future of Quality Control for Wood & Wood Products, 4-7 th May 2010, Edinburgh The Final Conference of COST Action E53 Assessment of the shear strength of glued-laminated timber in existing structures T. Tannert 1 , A. Mller 2

214 views • 9 slides
What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode

What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode

What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode Simple and consistent manner Developer Workshop Alphabetic, syllabic and ideographic scripts Version 4.0 Muthu Nedumaran 50,000

686 views • 4 slides
Interactive Data Visualization and Exploration Using the Loon R package Adrian Waddell PhUSE

Interactive Data Visualization and Exploration Using the Loon R package Adrian Waddell PhUSE

Interactive Data Visualization and Exploration Using the Loon R package Adrian Waddell PhUSE 2016, Barcelona Motivation for new interactive visualization tools Carefully designed, general, and extendable framework simple plots

703 views • 34 slides
Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES & CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER LANGUAGE OR CULTURE ORGANISED SEQUENCE, NOT RANDOM ZASLONKA APERTURE diameterof200mmcircle dividedbythef/number DECIDED ON AN

440 views • 16 slides
Data Imaging and Visualization Analysis Team DIVA : Teddy Corrales, Erin Estes, Kevin Ho, Austin

Data Imaging and Visualization Analysis Team DIVA : Teddy Corrales, Erin Estes, Kevin Ho, Austin

Data Imaging and Visualization Analysis Team DIVA : Teddy Corrales, Erin Estes, Kevin Ho, Austin Hom, Mughil Muthupari, Justin Pan, Justin Shen Mentor : Dr. Stephen Penny Librarian: Dr. Kelley ONeal Overview Background Past

560 views • 24 slides
13-21083 Approved for public release; distribution is unlimited. Title: PISTON: An SDAV

13-21083 Approved for public release; distribution is unlimited. Title: PISTON: An SDAV

LA-UR- 13-21083 Approved for public release; distribution is unlimited. Title: PISTON: An SDAV Framework for Portable High-Performance Data-Parallel Visualization and Analysis Operators Author(s): Christopher Sewell, Li-ta Lo, and James

672 views • 13 slides
NIGHTMARE CREATURES II Game Design Presentation - Confidential Kalisto Entertainment 1999

NIGHTMARE CREATURES II Game Design Presentation - Confidential Kalisto Entertainment 1999

NIGHTMARE CREATURES II Game Design Presentation - Confidential Kalisto Entertainment 1999 1 NIGHTMARE CREATURES II NIGHTMARE CREATURES II Game Overview Working tittle : Nightmare Creatures II Genre : Horror Action- Adventure Game

317 views • 8 slides
PeopleSoft Can Do That? Webinar December 11, 2012 Agenda Emtec Overview PeopleSoft Update

PeopleSoft Can Do That? Webinar December 11, 2012 Agenda Emtec Overview PeopleSoft Update

PeopleSoft Can Do That? Webinar December 11, 2012 Agenda Emtec Overview PeopleSoft Update Reporting User Experience Operational Enhancements About Emtec North America 14 Locations Worldwide 850 Associates $250MM IT Services

619 views • 46 slides
Nku t rourou, n taku rourou ka ora ai te iwi: Recognising the need for relationships between

Nku t rourou, n taku rourou ka ora ai te iwi: Recognising the need for relationships between

Nku t rourou, n taku rourou ka ora ai te iwi: Recognising the need for relationships between Mori and Government in a rapidly evolving world of digital. Ngati Hikairo (Ngati Taiuru te hap), Twharetoa (Tamakopiri te hap), Ngti

338 views • 5 slides
Guiding Principles System Shift: Racial Equity System Shift: A Connected & System Shift: A

Guiding Principles System Shift: Racial Equity System Shift: A Connected & System Shift: A

Brenda Martinek, Chief of Student Support Services Dan Jung , Chief of Operations Curtis Wilson , Principal Benson Tech David Roy , Senior Director of Communications Guiding Principles System Shift: Racial Equity System Shift: A Connected &

363 views • 10 slides
Making an Impression: Tips for the Judges Interview Presented by the Ponytail Posse Who are

Making an Impression: Tips for the Judges Interview Presented by the Ponytail Posse Who are

Making an Impression: Tips for the Judges Interview Presented by the Ponytail Posse Who are we? Retired in 2018 9 years of robotics experience 5 years in FLL 4 years in FTC team@theponytailposse.com AGENDA: 1.

322 views • 18 slides
Financial Engineering and Actuarial Science In the Life Insurance Industry Presentation at

Financial Engineering and Actuarial Science In the Life Insurance Industry Presentation at

Financial Engineering and Actuarial Science In the Life Insurance Industry Presentation at University of California at Santa Barbara February 21, 2014 Frank Zhang, CFA, FRM, FSA, MSCF, PRM Vice President, Risk Management Pacific Life Insurance

499 views • 38 slides
Patrick Curtin Himanshu Garg Rajesh Dalmia (Guide) Rajesh Dalmia (Guide) th June 2013 India

Patrick Curtin Himanshu Garg Rajesh Dalmia (Guide) Rajesh Dalmia (Guide) th June 2013 India

Patrick Curtin Himanshu Garg Rajesh Dalmia (Guide) Rajesh Dalmia (Guide) th June 2013 India Fellowship Seminar 13 India Fellowship Seminar 13 th June 2013 What are whole life fixed rate annuities? Various forms they come in

407 views • 15 slides
Joint Regional Seminar 2016 Risk Analysis of Equity-linked Products 1 Equity-linked products 2

Joint Regional Seminar 2016 Risk Analysis of Equity-linked Products 1 Equity-linked products 2

Joint Regional Seminar 2016 Risk Analysis of Equity-linked Products 1 Equity-linked products 2 Structured products Market-linked investment (Investment-linked products) Credit-linked notes (CLN) Interest rate-linked notes

447 views • 32 slides
Adam Means treasurerCCCGNV@gmail Current contributions $464,615 Current expenses $480,737 Faith 2

Adam Means treasurerCCCGNV@gmail Current contributions $464,615 Current expenses $480,737 Faith 2

Adam Means treasurerCCCGNV@gmail Current contributions $464,615 Current expenses $480,737 Faith 2 Sight Contributions $60,737 Money spent from Savings $16,122 Year to Date Budget: $519,930 $39,193 under projected budget 300 Average attendance

539 views • 18 slides
Scott Magnans Custom Service scttmgnn@gmail.com High flow from stock pump on tank required

Scott Magnans Custom Service scttmgnn@gmail.com High flow from stock pump on tank required

Scott Magnans Custom Service scttmgnn@gmail.com High flow from stock pump on tank required us to spread over 6 mph in order to drop application rates, resulting in mechanical failures and uncontrolled application rates. We mounted

359 views • 15 slides
When, What & How to Outsource November 2018 Susan McKenney President at Diversified Sales

When, What & How to Outsource November 2018 Susan McKenney President at Diversified Sales

When, What & How to Outsource November 2018 Susan McKenney President at Diversified Sales Solutions Co-Founder at Smarketing Institute Helps small companies and startups achieve sales success through management, performance and planning.

294 views • 14 slides
BISO International Biennial of Sculpture of Ouagadougou 8 15 October 2019 PRESENTATION FILE

BISO International Biennial of Sculpture of Ouagadougou 8 15 October 2019 PRESENTATION FILE

BISO International Biennial of Sculpture of Ouagadougou 8 15 October 2019 PRESENTATION FILE 1 BISO PRESENTATION FILE CONTEXT Dynamic and with a growing population, Africa is the essential continent of the 21st century. As the French

441 views • 9 slides
Ian Robinson (e.ian.robinson@gmail.com) 22 March 2013 Campus Faculty FTEs: # SCHs: # Campus

Ian Robinson (e.ian.robinson@gmail.com) 22 March 2013 Campus Faculty FTEs: # SCHs: # Campus

Ian Robinson (e.ian.robinson@gmail.com) 22 March 2013 Campus Faculty FTEs: # SCHs: # Campus Lecturer % Lecturer % Type of all of all AA TT 2,712 268k Faculty Faculty 2010-11 (52%) (54%) (1995-96) (2010-11) Lec 579 138k

812 views • 33 slides

More recommend