Multilingual web sites: Internationalized Domain Name homograph attacks | IEEE Conference Publication | IEEE Xplore
Scheduled Maintenance: On Tuesday, 25 February, IEEE Xplore will undergo scheduled maintenance from 1:00-5:00 PM ET (1800-2200 UTC). During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

Multilingual web sites: Internationalized Domain Name homograph attacks


Abstract:

Homograph attacks are a very common type of security vulnerability on the Web. The attack aims to hide the domain name origin by switching some letters in the URL. As the...Show More

Abstract:

Homograph attacks are a very common type of security vulnerability on the Web. The attack aims to hide the domain name origin by switching some letters in the URL. As the Web evolves beyond the traditional base of English-speaking users, this kind of threat will increase significantly with the use of non-Latin scripts in the entire domain name. The recent introduction of Internationalized Domain Names (IDN) country-code Top Level Domains (ccTLDs) adaptation has made this new homograph attack possible. This paper outlines some of the possible security risks from using non-Latin scripts in the domain name, using examples drawn from Arabic, including the confusion from transforming the non-Latin scripts to ASCII compatible Encoding (ACE). The paper describes some of the existing defenses against IDN homograph attacks, such as white listing of domains and algorithmic analysis of the scripts in the URL. A preliminary design for a new client-side approach to the problem is also outlined. The approach focuses on drawing the user's attention to possible threats when browsing a non-Latin Web site. Some of the techniques being considered include Punycode generation and comparison, highlighting confusing letters (including increasing font sizes for Arabic script), and pre-fetching thumbnail images of Web pages. These solutions will not prevent the attack, but they can provide a visual defense to the user in an unobtrusive and easily adoptable manner.
Date of Conference: 17-18 September 2010
Date Added to IEEE Xplore: 09 November 2010
ISBN Information:
Print ISSN: 1550-4441
Conference Location: Timisoara, Romania

References

References is not available for this document.