Séminaire confiance numérique (Amrit Kumar Privatics team, INRIA Grenoble)

Google Safe Browsing: Security and Privacy.

Phishing and malware websites are still duping unwary targets by infecting private computers or by committing cybercrimes such as fraud and identity theft. Safe Browsing is a defensive technology which identifies unsafe websites and notifies users in real-time of any potential harm of visiting a URL. All the established web service providers such as Google, Microsoft and Yandex offer Safe Browsing as feature in their software solutions and products. Hence, knowingly or unknowingly, you are certainly one of its users. The goal of this talk is to analyze the prevalent Safe Browsing architectures through a security and privacy point of view. 

While, some of these services such as Microsoft Smart Screen Filter are privacy unfriendly by design, i.e. without any effort, the backend server may track a user's activity over the web. Other players such as Google and Yandex advert in their privacy policy that their Safe Browsing architecuture does allow them to track users. This talk would prove that their privacy policy is incorrect. 
On the security front, our findings are rather opposite. Microsoft Smart Screen Filter is a secure solution, while Google and Yandex Safe Browsing are insecure by design. We propose several denial-of-service attacks that simultaneously affect both the Safe Browsing servers and its clients. One of our attacks allows an adversary to force Google and Yandex to "blacklist" any target benign URL.

347 vues
Jeudi 18 Juin 2015
Tag(s) : confiance numerique, sécurité informatique
Partager : Facebook
Intégrer :
Vidéos suggérées