Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/13780
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.date.accessioned | 2016-11-10T08:49:17Z | - |
dc.date.available | 2016-11-10T08:49:17Z | - |
dc.date.issued | 2016 | - |
dc.identifier.uri | https://www.um.edu.mt/library/oar//handle/123456789/13780 | - |
dc.description | B.SC.(HONS)COMP.SCI. | en_GB |
dc.description.abstract | As CDNs and co-located domains became more common, the threat of VHC became more evident. In this study, VHC was analysed and studied to understand the fundamental aspects that cause it. In addition, an investigation was carried out to determine what an attacker might get access to, when confusion is successful. Nginx and Apache were selected to for testing to obtain a better understanding of VHC on the most prominent web server. It was found that both web servers can be configured in a way that allows such vulnerabilities to happen. It was found that the fall-back mechanism of the HTTPS multiplexer plays an important role during all of the three confusion methods. Additionally, it is understood that multiple virtual hosts on the same IP:port, need to be on the same SSL context, but how this context ID is generated is the main reason VHC occurs when shared caches or ticket keys are involved. When VHC is exploitable, only client based data is vulnerable. XSS or SQL injection leading to JavaScript injection on a domain, can be used to steal the browser data of the confused domain, even though this data is supposedly protected by SOP. Redirections to HTTP can also be exploited to expose the arguments in the URI field for the domain being confused. This, in conjunction with how OAuth, works can become a huge vulnerability when implicit authentication takes place, as the token will be exposed in plain text. From the perspective of an incident responder, memory analysis can be used to to find out if VHC attacks have been carried out, but the volatility of the request makes for a very limited view of what is happening. The default logs, when enabled, can also provide hints as to whether or not confusion has been attempted. Network analysis was also carried out, to determine the level of information an attacker can obtain by simply analysing the data on the network. It was found that an attacker can easily determine the fall-back certificates and response for an IP:port. Additionally, using network analysis, one can determine with a high probability, that two IP:ports are sharing the same ticket key. On the other hand, no information as to whether two IP:ports are sharing the same cache can be obtained using network and packet analysis. | en_GB |
dc.language.iso | en | en_GB |
dc.rights | info:eu-repo/semantics/restrictedAccess | en_GB |
dc.subject | Computer networks | en_GB |
dc.subject | HTTP (Computer network protocol) | en_GB |
dc.subject | Internet -- Security measures | en_GB |
dc.title | Threat analysis of ‘Virtual Host Confusion’ on TLS | en_GB |
dc.type | bachelorThesis | en_GB |
dc.rights.holder | The copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder. | en_GB |
dc.publisher.institution | University of Malta | en_GB |
dc.publisher.department | Faculty of Information & Communication Technology. Department of Computer Science | en_GB |
dc.description.reviewed | N/A | en_GB |
dc.contributor.creator | Bonnici, Kyle | - |
Appears in Collections: | Dissertations - FacICT - 2016 Dissertations - FacICTCS - 2016 |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
16BCS002.pdf Restricted Access | 1.82 MB | Adobe PDF | View/Open Request a copy |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.