University of Twente Student Theses
NAISS : Network Authentication of Images to Stop e-Skimmers
Rus, A.C. (2023) NAISS : Network Authentication of Images to Stop e-Skimmers.
PDF
4MB |
Abstract: | The rise of payment details theft has led to increasing concerns regarding the security of e-commerce platforms. For the MageCart threat family, the attacks employ e-skimmers, which are pieces of software code that instruct clients to forward payment details to an attacker-controlled server. They can be injected into hosting providers’ servers as HTML tags such as script, iframe, and img. By leveraging image steganography - the technique of hiding structured information inside images without visual perturbances - MageCart groups can deliver e-skimmers without raising any suspicion. In this report, we system- atically review applicable solutions in the literature and evaluate their drawbacks in the setting of a compromised hosting provider. While promising, existing solutions in the lit- erature present shortcomings such as lack of compatibility, adoptability or functionality under the presence of an attacker. Based on this review, we compile a set of features for a better solution, which we use as a foundation for designing our proposed solution - NAISS: Network Authentication of Images to Stop e-Skimmers. Through our solution, digital signa- tures of individual images are checked inside a server-side middlebox residing in the hosting provider’s network to prevent the transmission of unauthorized images to clients. The sig- natures are provided by the e-commerce platform developer prior to uploading a website to the hosting provider. Our proof-of-concept implementation shows that NAISS is capable of filtering 100% of present stegoimages, regardless of their novelty, while imposing a minimal performance detriment and no client-side modifications. All of the source code material of this project has been made publicly available on github.com/ruscatalin/NAISS. |
Item Type: | Essay (Master) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/94962 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page