University of Twente Student Theses

Login

NAISS : Network Authentication of Images to Stop e-Skimmers

Rus, A.C. (2023) NAISS : Network Authentication of Images to Stop e-Skimmers.

[img] PDF
4MB
Abstract:The rise of payment details theft has led to increasing concerns regarding the security of e-commerce platforms. For the MageCart threat family, the attacks employ e-skimmers, which are pieces of software code that instruct clients to forward payment details to an attacker-controlled server. They can be injected into hosting providers’ servers as HTML tags such as script, iframe, and img. By leveraging image steganography - the technique of hiding structured information inside images without visual perturbances - MageCart groups can deliver e-skimmers without raising any suspicion. In this report, we system- atically review applicable solutions in the literature and evaluate their drawbacks in the setting of a compromised hosting provider. While promising, existing solutions in the lit- erature present shortcomings such as lack of compatibility, adoptability or functionality under the presence of an attacker. Based on this review, we compile a set of features for a better solution, which we use as a foundation for designing our proposed solution - NAISS: Network Authentication of Images to Stop e-Skimmers. Through our solution, digital signa- tures of individual images are checked inside a server-side middlebox residing in the hosting provider’s network to prevent the transmission of unauthorized images to clients. The sig- natures are provided by the e-commerce platform developer prior to uploading a website to the hosting provider. Our proof-of-concept implementation shows that NAISS is capable of filtering 100% of present stegoimages, regardless of their novelty, while imposing a minimal performance detriment and no client-side modifications. All of the source code material of this project has been made publicly available on github.com/ruscatalin/NAISS.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/94962
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page