Secure web proxy resistant to probing attacks

Similar documents
Navigation of blogs related by a tag

Displaying web pages within a software keyboard

Robocall and fake caller-id detection

Synchronizing Media Content In A Shared Virtual Reality Environment

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy

Conversion of a 3D scene into video

Preferential Resource Delivery Via Web Proxy or Web Browser

Disabling facial unlocking using facial expression

Intelligent Generation of Physical Products

Detection of lost status of mobile devices

Control of jitter buffer size using machine learning

Infoblox Authenticated DHCP

Firewalls, Tunnels, and Network Intrusion Detection

Pass, No Record: An Android Password Manager

Voice activated spell-check

Grandstream Networks, Inc. UCM6100 Security Manual

Providing link suggestions based on recent user activity

REDUCING GRANULARITY OF BROWSER FINGERPRINTING TECHNIQUES

Hashing technique to optimally balance load within switching networks

SECURITY SOLUTION FOR KUBERNETES USING CLOUD-NATIVE VIRTUAL NETWORK FUNCTIONS

Notification Features For Digital Content In A Mobile-Optimized Format

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Technical Disclosure Commons

How to Configure Authentication and Access Control (AAA)

Polite mode for a virtual assistant

Handwriting recognition for IDEs with Unicode support

Actions on Landing Pages

Configuring User Defined Patterns

Detecting Insider Attacks on Databases using Blockchains

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

RSA SecurID Implementation

Automatic information protection when device camera is operated by secondary user

Web and MAC Authentication

LANGUAGE RUNTIME NON-VOLATILE RAM AWARE SWAPPING

Skandocs Installation and Connectivity Guide What you need to know to successfully utilise the Internet connectivity in Skandocs

Configuring attack detection and prevention 1

Technical Disclosure Commons

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West

SOLUTION BRIEF REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING

Configure WSA to Upload Log Files to CTA System

Configuring Request Authentication and Authorization

Computer Security and Privacy

Input And Output Method Of Personalized Answers With Chatbot

Chapter 8. User Authentication

Analysis of cells within a spreadsheet

OpenID Security Analysis and Evaluation

Configuring Port-Based and Client-Based Access Control (802.1X)

IIS Installation for.net Application. Md. Saifullah Al Azad

Configuring Content Authentication and Authorization on Standalone Content Engines

Overview. RADIUS Protocol CHAPTER

Configure WSA to Upload Log Files to CTA System

Lab - Troubleshooting ACL Configuration and Placement Topology

BOTNET-GENERATED SPAM

Standard: Event Monitoring

Automatically Generating and Rendering Native Advertisements

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

EasyCrypt passes an independent security audit

Issues of Operating Systems Security

Section.Editor s Visual Guide to Editorial Manager

CyberP3i Course Module Series

How to Make the Client IP Address Available to the Back-end Server

Configuring SIP Registration Proxy on Cisco UBE

Network Security and Cryptography. 2 September Marking Scheme

Seamless transfer of ambient media from environment to mobile device

SMART LIVE CHAT LIMITER

Robust Defenses for Cross-Site Request Forgery

Intrusion Attempt Who's Knocking Your Door

Wireless LAN Controller Web Authentication Configuration Example

Replication Monitor User s Guide

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Authentication and Authorization of End User in Microservice Architecture

Smart-Voice Invocation of Scenes in Home- Automation Systems

Protegent Total Security Solution USER GUIDE Unistal Systems Pvt. Ltd. All rights Reserved Page 1

WHITEPAPER. Security overview. podio.com

A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications

BUFFERING AND INSERTING TEXT INPUTS

Network Security and Cryptography. December Sample Exam Marking Scheme

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

Selecting native ad units using gestures

Behavior-Triggered Answer Reconfirmation for Spam Detection in Online Surveys

Robust Defenses for Cross-Site Request Forgery

CNIT 129S: Securing Web Applications. Ch 8: Attacking Access Controls

SSD Admission Control for Content Delivery Networks

RSA NetWitness Logs. Salesforce. Event Source Log Configuration Guide. Last Modified: Wednesday, February 14, 2018

An Eye Tracking System For Smart Devices

Automatic event scheduling based on weather conditions

Barracuda Web Application Firewall Foundation - WAF01. Lab Guide

3) Click the Screen Sharing option and click connect to establish the session

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Cryptography and Network Security Chapter 1

WatchGuard AP - Remote Code Execution

We currently are able to offer three different action types:

bt-webfilter Administrator s Guide: Access Rules & Custom Access Policies

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Method Of Password Entering And Storing

Transcription:

Technical Disclosure Commons Defensive Publications Series December 04, 2017 Secure web proxy resistant to probing attacks Benjamin Schwartz Follow this and additional works at: http://www.tdcommons.org/dpubs_series Recommended Citation Schwartz, Benjamin, "Secure web proxy resistant to probing attacks", Technical Disclosure Commons, (December 04, 2017) http://www.tdcommons.org/dpubs_series/848 This work is licensed under a Creative Commons Attribution 4.0 License. This Article is brought to you for free and open access by Technical Disclosure Commons. It has been accepted for inclusion in Defensive Publications Series by an authorized administrator of Technical Disclosure Commons.

Schwartz: Secure web proxy resistant to probing attacks Secure web proxy resistant to probing attacks ABSTRACT Secure web proxies are popular for sending internet traffic via alternative paths. Access to a secure web proxy is typically password protected. A malicious third party that does not know a username or password can detect a secure web proxy server by attempting a connection and observing a distinctive response from the proxy server, e.g., an HTTP 407 Proxy Authentication Required response. Traffic from clients that utilize web proxy servers that are detected in this manner can then be blacklisted. The techniques of this disclosure enable secure web proxies that are resistant to probing attacks. The output of distinctive signals by the proxy servers is limited to authorized clients by making use of a secret key known only to such authorized clients. KEYWORDS Secure proxy Probing attack HTTP 407 Proxy probing Web server Shared secret BACKGROUND Secure web proxies (e.g., HTTPS proxy servers) allows for transmittal of confidential information over the internet. Secure web proxies transmit client traffic via alternative and anonymized paths. Access to a secure web proxy is controlled typically by a username and password arrangement. Published by Technical Disclosure Commons, 2017 2

Defensive Publications Series, Art. 848 [2017] A malicious third party that does not know a username or password can identify a secure web proxy server by attempting a connection and observing the distinctive response from the proxy server, e.g., a HTTP 407 Proxy Authentication Required response. This is known as a probing attack. Attackers use proxy probing to discover proxy servers. Once the proxy servers are discovered, attackers can use various techniques to block such servers or users that are detected as using the servers. There are some non-standard proxy server technologies that can resist probing attacks. However, servers that implement such technologies are not compatible with large installed base of browsers and other client software that can communicate with a secure web proxy. DESCRIPTION A typical password-protected connection between a client and a secure web proxy server proceeds in the following manner. The client is configured to be aware of the proxy server. To fetch a resource over the network, the client attempts to connect to the proxy server, and requests the resource. If the proxy server is password-protected, it responds with an HTTP 407 Proxy Authentication Required response. The client then retries the request, and transmits a username and password to the proxy server. Once the authentication is successful, the client software stores information indicative of having received the 407 response from the proxy server. In subsequent requests, the client software includes the username and password. Thus, during each client session, all requests from the client software other than the initial request include the username and password, and the proxy server transmits only a single HTTP 407 response. As explained previously, the HTTP 407 response potentially reveals existence of the secure web proxy server to malicious third parties. To achieve probing resistance, techniques of http://www.tdcommons.org/dpubs_series/848 3

Schwartz: Secure web proxy resistant to probing attacks this disclosure limit HTTP 407 responses by the proxy server to queries from authorized clients. If a request is received from a client (or party) that is not authorized, the proxy server does not emit HTTP 407 response. However, per current standards, clients do not include the username and password in the request until after the 407 response is received from the server. Thus, the server cannot use the username and password to determine whether the client is authorized or not. Also, to maintain compatibility with existing clients, it is important that no changes be imposed on the protocol. To allow existing clients to prove their authorization, techniques of this disclosure introduce a concept referred to as the Secret Destination. A specific destination, or set of destinations, is identified as the Secret Destination, and the first valid request from the client to a proxy server includes the Secret Destination as a domain name or URL. The value of the Secret Destination is known to authorized clients and unknown to a malicious client. The proxy server is implemented such that it responds with an HTTP 407 response only when the incoming client request includes the Secret Destination. Proxy requests to other destinations are either rejected in the manner of a normal (non-proxy) web server or, if they include a correct username and password, served as a proxy request. Published by Technical Disclosure Commons, 2017 4

Defensive Publications Series, Art. 848 [2017] Fig. 1: Limiting proxy authorization required responses to authorized users The communications interchange between two clients and a proxy server is illustrated in Fig. 1. Client software of an authorized user (104) attempts to connect with proxy server (102). The connection attempt (106) from the client software includes the Secret Destination. The proxy server responds with an HTTP 407 proxy authorization required message (108). In contrast, a connection attempt (112) by an unauthorized party (110) does not include the Secret Destination (or can include an incorrect Secret Destination). The proxy server responds (114) as would a normal (non-proxy) web server, e.g., with no emission of an HTTP 407 response. In this manner, the probing attack is thwarted. http://www.tdcommons.org/dpubs_series/848 5

Schwartz: Secure web proxy resistant to probing attacks Per techniques of this disclosure, to use a web proxy server, the client software is configured to use the proxy server, which includes, e.g., sending connections requests that include the Secret Destination. For example, users may enter the Secret Destination as an address in the address bar of a client browser. The user can also provide a username and password to be included in the request. For the remainder of the session between the client software and the proxy server, all queries are directed through the proxy, with appropriate credentials. In this manner, techniques of this disclosure achieve probing resistance without a need to install additional software or to make changes to existing client software. The techniques do not rely on preemptive client authentication. For example, the techniques do not require that the client include username and password in the initial request. In this manner, the techniques are compatible with most existing client software, e.g., popular web browsers that do not implement preemptive authentication. CONCLUSION Techniques of this disclosure harden the resistance of secure web proxy servers to probing attacks. A web proxy server limits distinctively emitted signals, such as an HTTP 407 response only to requests from authorized clients. Authorized clients are configured to include a secret destination in the connection request to the web proxy server. Published by Technical Disclosure Commons, 2017 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback