UD ELEG 867 - Defending Against an Internet-Based Attack

Unformatted text preview:

Defending Against an Internet-Based Attackon the Physical WorldSIMON BYERSAT&T LabsAVIEL D. RUBINJohns Hopkins UniversityandDAVID KORMANNAT&T LabsWe discuss the dangers that scalable Internet functionality may present to the real world, focusingupon an attack that is simple, yet can have great impact, which we believe may occur quite soon.We offer and critique various solutions to this class of attack and hope to provide a warning to theInternet community of what is currently possible. The attack is, to some degree, a consequenceof the availability of private information on the Web, and the increase in the amount of personalinformation that users must reveal to obtain Web services.Categories and Subject Descriptors: H.4.m [Information Systems Applications]: MiscellaneousGeneral Terms: SecurityAdditional Key Words and Phrases: Internet threats, automated attacks, cybercrime1. INTRODUCTIONOne of the things that makes attacks on Internet services more dangerous thanattacks in the physical world is the automation that is possible in the world ofcomputers. An example of this can be seen in the resistance of many to moveelections online. The worry is that in the physical world, attacks do not scalevery well, but as soon as a physical world process is moved online, maliciousparties can potentially exploit vulnerabilities in an automated and exhaustivefashion. All of the published studies related to online elections come to the sameAuthors’ addresses: S. Byers and D. Kormann, A T&T Laboratories-Research, AT&T Shannon Labo-ratory, 180 Park Avenue, Florham Park, NJ 07932-0971; email: {byers,davek}@research.att.com; A.D. Rubin, The Johns Hopkins University Information Securiy Institute, Department of ComputerScience, 3100 Wyman Park Drive, Wyman Park Building, Baltimore, MD 21211; email: [email protected] to make digital or hard copies of part or all of this work for personal or classroom use isgranted without fee provided that copies are not made or distributed for profit or direct commercialadvantage and that copies show this notice on the first page or initial screen of a display alongwith the full citation. Copyrights for components of this work owned by others than ACM must behonored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers,to redistribute to lists, or to use any component of this work in other works requires prior specificpermission and/or a fee. Permissions may be requested from Publications Dept., ACM, Inc., 1515Broadway, New York, NY 10036 USA, fax: +1 (212) 869-0481, or [email protected]2004 ACM 1533-5399/04/0800-0239 $5.00ACM Transactions on Internet Technology, Vol. 4, No. 3, August 2004, Pages 239–254.240•S. Byers et al.conclusion. Namely, that the technology is not ready for Internet voting, andthat at this time, the security risks are too great [Foundation 2001; C.-M. 2001;T.D.O.P. 2001; N. C. on Federal Election Reform 2001]. We believe that the risksof online services are not limited to electronic voting.Over the last several years, we have enjoyed several new Internet servicesthat have dramatically improved our quality of life. The most obvious examplesof these are search engines, whose indices cover just about any information thatis known in the world, and Web portals, which provide a window to the wealth ofinformation and services available online. In this paper, we demonstrate that wehave been living in a state of bliss, spoiled by the lack of any concerted attacksthat utilize these new services, search engines in particular. We demonstratethat the current Internet services offer an avenue of attack against physicalworld processes, and we argue that the only means to defend against theseattacks is to dramatically alter the functionality of services such as searchengines, to the point where they becomes much less useful.As more organizations move online, and real-world processes become au-tomated, it is inevitable that more personal user information is stored indatabases. There are companies whose business it is to harvest this informa-tion, cross-index it, and compile lists of people and information about them.This information can consist of medical history, personal buying habits, gro-cery purchases, as well as a history of browsing sessions. The automatic natureof data collection, as well as the ability to invoke programmable scripts againstthis data makes for an unfortunate environment for users concerned with theirpersonal privacy.While we concentrate on an example involving search engines and a postoffice, we recognize that our discussion is but one example of a general vulnera-bility. As more functionality moves online, and as more services are automated,there is a greater risk that cyber attacks can cause problems that are manifestedin the physical world. Defending against these new attacks often requires tak-ing large steps backwards in the convenience offered by technology and oftenintroduces compromises of personal privacy.2. A WORD ON DISCLOSUREAs security researchers, we often find ourselves faced with a dilemma. Whenwe discover a serious flaw that leads to a vulnerability, do we disclose it to theworld, or do we sit on it with the hope that nobody will use it to launch anattack? Our philosophy is that each case needs to be handled independently. Ifone conceives of an attack that is not likely to happen on its own, and for whichthere is no prevention, then it is irresponsible to advertise it, and even worseto provide a recipe or exploit code.However, there is also a risk in not disclosing vulnerabilities for which thereare known solutions. By not educating people who are in a position to defendagainst an attack, it can be more damaging to bury knowledge of a vulnerabilitythan to announce it.In all cases, sound judgment must be applied and a decision made as to how tominimize the likely effect of the vulnerability. We first conceived of the attack inACM Transactions on Internet Technology, Vol. 4, No. 3, August 2004.Defending Against an Internet-Based Attack on the Physical World•241this paper in September of 2000, but until now have chosen not to publicize ourwork. The recent availability of an Application Programming Interface (API)for search engines makes the attack much more likely. In addition, since wehave developed enough countermeasures, we feel that the disclosure of thispaper is important so that proper steps can be taken to prevent the attack fromhappening. Not everyone will


View Full Document

UD ELEG 867 - Defending Against an Internet-Based Attack

Documents in this Course
Firewalls

Firewalls

53 pages

Load more
Download Defending Against an Internet-Based Attack
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Defending Against an Internet-Based Attack and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Defending Against an Internet-Based Attack 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?