WO2015009247A1 - System for granting web trust seals with detection of ip-address redirection attacks - Google Patents

System for granting web trust seals with detection of ip-address redirection attacks Download PDF

Info

Publication number
WO2015009247A1
WO2015009247A1 PCT/SI2014/000036 SI2014000036W WO2015009247A1 WO 2015009247 A1 WO2015009247 A1 WO 2015009247A1 SI 2014000036 W SI2014000036 W SI 2014000036W WO 2015009247 A1 WO2015009247 A1 WO 2015009247A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
web
token
address
server
Prior art date
Application number
PCT/SI2014/000036
Other languages
French (fr)
Inventor
Aleš LIPIČNIK
Jure ARTIČEK
David KLASINC
Original Assignee
Connet D.O.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Connet D.O.O. filed Critical Connet D.O.O.
Publication of WO2015009247A1 publication Critical patent/WO2015009247A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

System for granting web trust seals with detection of IP- address redirection attacks allows added security to be provided to web page visitors. Web seals capable of detecting -IP-address redirection attacks (pharming) solve the problem of detecting website attacks based on pharming, IP spoofing, or DNS spoofing techniques which essentially spoof the IP address of a website at some web domain, such as 'www.mydomain.si'. In such cases, an attacker will set up a copy of said website at a different IP address and utilize redirection to make the requests to display web pages arrive at the fraudulent server. The invention allows the visitor of such a web page to be immediately notified of the anomaly/attack in that the web seal will be displayed as unverified, or disappear altogether, having been removed by the attacker.

Description

System for Granting Web Trust Seals with Detection of IP- Address Redirection Attacks
The present invention pertains to the field of secure use of the Internet from the standpoint of the end user - the visitor of web pages.
The invention relates to a system for granting web trust seals and a method for verifying the authenticity of web page trust seals, by means of which the granted trust certificates are usually evinced.
Increasingly often, visitors A of web pages fall victims to web frauds. A vast part of web frauds employ forged web pages, which are copies of genuine pages of a given provider. For protecting and establishing the authenticity of web pages there are a plurality of trust certificate providers/issuers B, who, by granting a certificate, vouch for the authenticity of a page or a website as a whole. The recipients C of such a certificate exhibit a seal on their pages, said seal having generally the form of an image E. Being that images of seals are exceedingly easy to copy, those provided by technologically advanced issuers are served off of the issuer's server and comprise a link back, to the issuer's server. Such a link allows a visitor to verify the authenticity of the seal and of the page as a whole by clicking on the seal.
More advanced systems are capable of verifying the name of the website (domain) where the request to display the seal is coming from. That way the certification system can, in many cases, detect the copying of seal-equipped websites, since the seal is being requested by the wrong server.
More sophisticated forms of attack, however, preserve the server name on the copy, forging the server's IP address so that it points to the counterfeit web page. In such cases the elementary server name detection fails. These types of website attacks are referred to as 'pharming', 'DNS spoofing', 'IP spoofing'.
There are quite a number of patents relating to the field of 'pharming', 'DNS spoofing', 'IP spoofing' attack detection, but there are none addressing the field of attack detection through web certificate issuance services.
US 2008/0060054 Al relates to pharming attack detection hinging upon a query being sent from the client workstation via two distinct infrastructures. According to the present invention, the IP address verification is initiated with a query from the server being potentially under attack, which fact makes the method substantially different.
US 2008/0055928 Al relates to pharming attack detection based on what is known as a 'whitelist' of domains and the corresponding valid IP addresses. The present system likewise utilizes what is known as a 'whitelist' but it utilizes it in a slightly different manner.
US 2009/0208020 Al relates to pharming attack detection via client-side software - also known as a password manager. With the system and the method of the invention the certification system can detect such kinds of attacks as well, and take appropriate steps, such as notifying the visitor about the unverified trust seal by altering the seal accordingly.
That way, added security is provided to web page visitors. A web page thusly secured will always exhibit an 'unverified' status, even in cases when a visitor's computer has been 'infected' by a virus redirecting the IP address of a given domain.
To the best of the Applicant's knowledge, no similar solutions are yet available.
The invention may be applied to any website certification system meeting the following criteria:
- the system involves three entities: a certificate issuer B, a certificate receiver C, and a visitor A of a web page of the certificate receiver C;
- the certificate issuer B is provided with the necessary technology (a web server and a web application) which verifies the requests, sent by the web browser of the visitor A, to display the seal D. The seal does not necessarily have to be in the form of an image, although this is most often the case. A seal may also be a sound or other record that a human is capable of perceiving and identifying; - the certificate receiver C provides a website and has published the seal thereon in accordance with the instructions la of the certificate issuer B;
- the displaying of the seal is requested of the server of the certificate issuer B, who also verifies the legitimacy of the request to display the seal.
The invention is illustrated in the following pictures:
Figure 1: schematic representation of the system for certifying websites with trust certificates, comprising the entities involved and data transactions.
Figure 2: flow chart of the verification of the authenticity of a trust seal capable of detecting whether the IP address of the certificate receiver C's website is correct .
Figure 3: symbolic representation of a trust certificate.
Internet page viewing is initiated with a request to view the page 2a, triggered by the visitor A from his/her workstation through the use of a web browser.
The server hosting the requested web page replies with the content of the web page 2b. If the requested page is owned by the certificate receiver C and provided with a seal according to the instructions la of the certificate issuer B, the web browser of the visitor A proceeds by sending a request to display the seal 2c to the server of the certificate issuer B. The server of the certificate issuer B replies with the content of the seal 2d, which is then rendered, or played back, by the web browser of the visitor A.
Independently of the above procedure, according to the invention, the trust certificate receiver C also has to install software code on the website, which code periodically requests lb a data token T from the server of the certificate issuer B. To said request, the certificate issuer B sends a response lc with a valid data token T, which is then stored locally on the server of the certificate receiver C. If the request lb has not been recognized as valid, the certificate issuer B returns an invalid/null token T within the response lc.
In continuation, the certificate receiver C utilizes the data token T, sending it to visitors who request to view the web page 2a. The data token T is sent along with the requested web page content 2b, for instance as a 'cookie', or in other convenient manner.
When the entire web page has been rendered in the web browser of the visitor A, the web browser can start verifying the authenticity of the seal and consequently of the web page as a whole, in order to protect the visitor A from possible abuses. To this end, it sends to the certificate issuer B a request to display the seal 2c. The request to display the seal 2c is supplemented with the data token T, which was received from the certificate receiver C along with the content of the web page 2b. Proceeding from such a request, the certificate issuer B can verify whether the said request has arrived for the correct domain as well as whether the said domain has the correct IP address.
After verification, illustrated in Figure 2, the certificate issuer B returns the trust seal in a form corresponding to the verification result, which is to say, 'verified' D or 'unverified' E, an exemplary variant whereof is symbolically shown in Figure 3.
Verification is carried out in three steps. First, it is verified whether the token T is at all present within the request to display the seal 2c. In the next step, the validity of the token T is assessed, which is determined from the expected record format of the token T and from the content of said record. The validity of the token T is time-limited, which is also recorded within the token content .
In the last step, the validity of the IP address of the certificate receiver C's server is finally verified. The following component parts are also included in the content of the token T :
- the unique designation of the certificate receiver C,
- the unique designation of the domain for which the certificate is valid,
- the IP address of the certificate receiver C's server, from which the request lb for the token T originated.
The IP address from the token T is compared with the valid IP addresses of the domain where the web pages of the certificate receiver C are hosted. The list of valid IP addresses (the whitelist) is announced by the certificate receiver C.
In order for the protection system to operate, the certificate issuer B has to meet several prerequisites:
- the trust certificate issuer B has to provide a server, a software and a database 3 adequate for carrying out the abovesaid transactions;
- the certificate issuer B has to register/enter into the database 3 the certificate receiver C, the web domains thereof which are to be protected, and the list of valid IP addresses for each domain (whitelist) ;
- the certificate receiver C has to install on the domain with which the trust certificate is associated a seal software and a software for refreshing the token T, according to the instructions la of the certificate issuer B.

Claims

Patent Claims
1. System for granting web trust seals with detection of IP-address redirection attacks providing secure use of the Internet to visitors of web pages, characterized in that it comprises:
- a certificate issuer (B) , provided with an infrastructure comprising at least a computer server with adequate software, a database (3) , and a connection to the Internet, wherein certificate receivers (C) , web domains thereof, and valid IP addresses for said domains are entered into the database ( 3 ) ;
- a certificate receiver (C) , provided with a web domain hosted on a server and having an operational website thereon comprising one or a plurality of web pages, wherein a seal is installed onto the website according to the instructions (la) of the certificate issuer (B) , as well as a software code which periodically requests (lb) a data token (T) from the server of the certificate issuer (B) .
2. Method for verifying the authenticity of trust seals on the web page of the receiver (C) , characterized in that, along with the request (2c) to display the seal, a data token (T) is also sent from the device of the web page visitor (A) to the certificate issuer (B) , said data token (T) carrying information about the valid IP address of the website of the certificate receiver (C) , from which IP address the certificate issuer (B) determines the validity of the request (2c) . Method according to Claim 2, characterized in that the data token (T) is transferred to the device of the web page visitor (A) along with the web page content (2b) . Method according to Claim 2, characterized in that the data token (T) is periodically transferred from the server of the certificate issuer (B) to the server of the certificate receiver (C) by means of a software code periodically requesting (lb) the data token (T) from the server of the certificate issuer (B) .
Method according to the preceding Claims, characterized in that, first, it is verified whether the token (T) is at all present within the request to display the seal (2c) ; in the next step, the validity of the token (T) is assessed, which is determined from the expected record format of the token (T) and from the content of said record; in the last step, the validity of the IP address of the server of the certificate receiver (C) is finally verified by comparing the IP address from the token (T) with the valid IP addresses of the domain where the web pages of the certificate receiver (C) are hosted.
Method according to the preceding Claims, characterized in that the following component parts are also included in the content of the token (T) : a unique designation of the certificate receiver (C) , a unique designation of the domain for which the certificate is valid, and the IP address of the server of the certificate receiver (C) , from which the request (lb) for the token (T) originated.
PCT/SI2014/000036 2013-07-17 2014-06-10 System for granting web trust seals with detection of ip-address redirection attacks WO2015009247A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SI201300194A SI24434A (en) 2013-07-17 2013-07-17 A system of granting web trust seals with the detection of attacks by redirecting of ip address
SIP-201300194 2013-07-17

Publications (1)

Publication Number Publication Date
WO2015009247A1 true WO2015009247A1 (en) 2015-01-22

Family

ID=51492420

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SI2014/000036 WO2015009247A1 (en) 2013-07-17 2014-06-10 System for granting web trust seals with detection of ip-address redirection attacks

Country Status (2)

Country Link
SI (1) SI24434A (en)
WO (1) WO2015009247A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995848A (en) * 2019-12-10 2020-04-10 北京海益同展信息科技有限公司 Service management method, device, system, electronic equipment and storage medium
EP3687139A3 (en) * 2020-04-07 2020-10-28 CyberArk Software Ltd. Secure provisioning and validation of access tokens in network environments
US11032270B1 (en) 2020-04-07 2021-06-08 Cyberark Software Ltd. Secure provisioning and validation of access tokens in network environments
US11295301B1 (en) * 2017-12-15 2022-04-05 Worldpay, Llc Systems and methods for electronic certification of e-commerce security badges

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006018647A1 (en) * 2004-08-20 2006-02-23 Rhoderick John Kennedy Pugh Server authentication
US20080055928A1 (en) 2006-08-09 2008-03-06 Sony Corporation Backlight device, light source device, lens, electronic apparatus and light guide plate
US20080060054A1 (en) 2006-09-05 2008-03-06 Srivastava Manoj K Method and system for dns-based anti-pharming
US20080066163A1 (en) * 2006-09-07 2008-03-13 Fazal Raheman Novel method and system of Network Integrity via Digital Authorization (NIDA) for enhanced internet security
US20090208020A1 (en) 2008-02-15 2009-08-20 Amiram Grynberg Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager
WO2013002741A1 (en) * 2011-06-28 2013-01-03 Connet D.O.O. Web tokens with a signature of a web page visitor

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006018647A1 (en) * 2004-08-20 2006-02-23 Rhoderick John Kennedy Pugh Server authentication
US20080055928A1 (en) 2006-08-09 2008-03-06 Sony Corporation Backlight device, light source device, lens, electronic apparatus and light guide plate
US20080060054A1 (en) 2006-09-05 2008-03-06 Srivastava Manoj K Method and system for dns-based anti-pharming
US20080066163A1 (en) * 2006-09-07 2008-03-13 Fazal Raheman Novel method and system of Network Integrity via Digital Authorization (NIDA) for enhanced internet security
US20090208020A1 (en) 2008-02-15 2009-08-20 Amiram Grynberg Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager
WO2013002741A1 (en) * 2011-06-28 2013-01-03 Connet D.O.O. Web tokens with a signature of a web page visitor

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11295301B1 (en) * 2017-12-15 2022-04-05 Worldpay, Llc Systems and methods for electronic certification of e-commerce security badges
US20220391894A1 (en) * 2017-12-15 2022-12-08 Worldpay, Llc Systems and methods for electronic certification of e-commerce security badges
US11704664B2 (en) 2017-12-15 2023-07-18 Worldpay, Llc Systems and methods for electronic certification of e-commerce security badges
US20230325819A1 (en) * 2017-12-15 2023-10-12 Worldpay, Llc Systems and methods for electronic certification of e-commerce security badges
CN110995848A (en) * 2019-12-10 2020-04-10 北京海益同展信息科技有限公司 Service management method, device, system, electronic equipment and storage medium
CN110995848B (en) * 2019-12-10 2022-09-06 京东科技信息技术有限公司 Service management method, device, system, electronic equipment and storage medium
EP3687139A3 (en) * 2020-04-07 2020-10-28 CyberArk Software Ltd. Secure provisioning and validation of access tokens in network environments
US11032270B1 (en) 2020-04-07 2021-06-08 Cyberark Software Ltd. Secure provisioning and validation of access tokens in network environments

Also Published As

Publication number Publication date
SI24434A (en) 2015-01-30

Similar Documents

Publication Publication Date Title
US7562222B2 (en) System and method for authenticating entities to users
US8315951B2 (en) Identity verification for secure e-commerce transactions
AU2006200688B2 (en) Internet security
US8332627B1 (en) Mutual authentication
US8813181B2 (en) Electronic verification systems
US8996697B2 (en) Server authentication
US9154472B2 (en) Method and apparatus for improving security during web-browsing
US9021586B2 (en) Apparatus and methods for preventing cross-site request forgery
US20170078276A1 (en) System for domain control validation
WO2008036126A2 (en) Authentication method between an internet site and customers using customer-specific streamed audio or video signals
US20160028723A1 (en) Method for domain control validation
US20110321144A1 (en) Systems and methods of authentication in a disconnected environment
CN105657474A (en) Anti-stealing link method and system using identity-based signature in video application
WO2015009247A1 (en) System for granting web trust seals with detection of ip-address redirection attacks
CN102255894A (en) Website information verification method, system and resolution server
JP4698239B2 (en) Web site impersonation detection method and program
KR100956452B1 (en) A method for protecting from phishing attack
JP6444344B2 (en) Authentication server, mediation server, and advertisement distribution server
US20090094456A1 (en) Method for protection against adulteration of web pages
Tsow Phishing with Consumer Electronics-Malicious Home Routers.
WO2005094264A2 (en) Method and apparatus for authenticating entities by non-registered users
US20140143539A1 (en) Web tokens with a signature of a web page visitor
Ellison et al. Security and privacy concerns of internet single sign-on
CN102223379B (en) Method and system for processing website verification mark, resolution server and browsing device
Wu et al. Minimizing SSO effort in verifying SSL anti-phishing indicators

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14759358

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28.04.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14759358

Country of ref document: EP

Kind code of ref document: A1