openduck

Title: Using Traffic Analysis to Identify Tor Usage – A Proposed Study

Authors: John Barker, Peter Hannay, Christopher Bolan

Abstract
Traditional attacks against anonymous routing systems aim to uncover the identities of those involved, however, a more likely goal of attackers is to block or degrade the network itself, discouraging participation and forcing vulnerable users to communicate using less secure means. Since these anonymous networks operate on known protocols and employ strong encryption it is difficult to distinguish them from regular traffic. This paper proposes a method for identifying traffic belonging to anonymous networks by examining their communication patterns. If successful the method would enable the identification of Tor usage and thus allow for more directed attacks and possible user identification.

Files: Full Paper (PDF)

Title: The 2010 IDN Homograph Attack Mitigation Survey

Authors: Peter Hannay, Christopher Bolan

Abstract
The advent of internationalised domains has introduced a new threat with the non-english character sets allowing visual mimicry of common domain names. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been previously shown to lack successful mitigation strategies and countermeasures. The research found that in the current versions of most internet browsers and email clients, some form of homograph identification or blocking exists. However, some notable and popular applications include either flawed implementations or miss key features and thus allow for IDN based attacks.

Files: Full Paper (PDF)

Title: Geotagging where Cyberspace comes to your Place

Authors: Craig Valli, Peter Hannay

Abstract
The combination of GPS services and information technology is increasing with the use of geotagging now occurring as a default action in many commodity based devices functionality for example mobile phones and cameras. The camera in suitably enabled phones takes the picture and embeds GPS co-ordinates of the location into the metadata of the resulting image file. Furthermore there are now online services such as foursquare that are targeted at the geotagging or geocaching community. In addition to this overtly designed service other social online  services such Flickr, Twitter are providing a means of geotagging users. This enablement of technology has significant and profound effects on bpersonal security and also extending into corporate security.

Files: Full Paper (PDF), Slide Show (Powerpoint)

Title: The 2009 Personal Firewall Robustness Evaluation

Authors: Ken Pydayya, Peter Hannay, Patryk Szewczyk

Abstract
The evolution of the internet as a platform for commerce, banking, general information and personal communications has resulted in a situation where many individuals who may not have previously required internet access now require this connectivity as part of their everyday lives. In addition to this the widespread adoption of mobile broadband has lead to an increasing number of individuals having public facing IP addresses with no firewall appliances present. This situation has dramatically increased reliance on personal firewalls as the first and often last defence against intruders (human and malware alike). The evaluation performed demonstrates the capabilities of current personal firewall software to mitigate the threat posed by these intruders. The results show that the majority of personal firewall products evaluated are somewhat effective in reducing the risks remote exploitation but leave something to be desired in the area of information disclosure.

Files: Full Paper (PDF)

Title: An Assessment of Internationalised Domain Name Homograph Attack Mitigation Implementations

Authors: Peter Hannay, Christopher Bolan

Abstract
With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack.

Files: Full Paper (PDF)

Title: Freegate: A Defence against the Pending Censorship of Australia?

Authors: Christopher Bolan, Peter Hannay

Abstract
The commencement of a trial of Internet Service Provider (ISP) level content filtering as a precursor to nation wide mandatory content filters in Australia has generated a large amount of publicity. Despite remaining low on details, figures released show that the laboratory testing of the filtering solutions caused significant slow down in Internet speeds as well as the unintentional censorship of allowable content. This paper investigates the currently available information on the trials and provides evidence that a freely available privacy tool such as Freegate could be used to bypass all of the likely filtering methods.

Files: Full Paper (PDF)