School of Computer & Security ScienceEdith Cowan University

Say my name, BITCH

An Investigation into IDN Homograph Mitigation Strategies

Peter HannaySECAU Security Research Centre

Edith Cowan University

Greg BaatardEdith Cowan University

School of Computer & Security ScienceEdith Cowan University

UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG

• People get USB sticks all the time.  The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks.  The problem is that the OS will automatically run a program that can install malware from a USB stick.  The problem is that it isn't safe to plug a USB stick into a computer. Bruce Schneier

School of Computer & Security ScienceEdith Cowan University

School of Computer & Security ScienceEdith Cowan University

People are Idiots

• 20 government agencies

• 70%+ hit rate

• Some sticks phoned home from multiple ‘sensitive’ networks

School of Computer & Security ScienceEdith Cowan University

WHATThis marks the beginning of the section titled

School of Computer & Security ScienceEdith Cowan University

IDN

☃��

School of Computer & Security ScienceEdith Cowan University

Homoglyph

ј j

School of Computer & Security ScienceEdith Cowan University

Homograph

http://gooɡle.com/ http://google.com/

School of Computer & Security ScienceEdith Cowan University

Mitigation• Unicode Punycode• http://gooɡle.com/ http://xn--goole-tmc.com

• Alerts

School of Computer & Security ScienceEdith Cowan University

PICSThis marks the beginning of the section titled

School of Computer & Security ScienceEdith Cowan University

Web

School of Computer & Security ScienceEdith Cowan University

Web

School of Computer & Security ScienceEdith Cowan University

Web

School of Computer & Security ScienceEdith Cowan University

Web

School of Computer & Security ScienceEdith Cowan University

Web

School of Computer & Security ScienceEdith Cowan University

Email

• Phishing

• Better than spoofed address

• You can get replies and everything!

Sweet kiwicon@kiwіcon.org

School of Computer & Security ScienceEdith Cowan University

THE TESTINGThis marks the beginning of the section titled

School of Computer & Security ScienceEdith Cowan University

Tests

• URL Bar

• Certificate Information

• Geolocation Request

School of Computer & Security ScienceEdith Cowan University

Evaluation

School of Computer & Security ScienceEdith Cowan University

Internet Explorer

School of Computer & Security ScienceEdith Cowan University

Firefox

School of Computer & Security ScienceEdith Cowan University

Chrome

School of Computer & Security ScienceEdith Cowan University

Opera

School of Computer & Security ScienceEdith Cowan University

Safari

School of Computer & Security ScienceEdith Cowan University

Comparison

School of Computer & Security ScienceEdith Cowan University

Email Testing

School of Computer & Security ScienceEdith Cowan University

CONCLUSIONIts time for the…