Stopping DNS Rebinding Attacks in the Browser

Hazhirpasand, Mohammadreza; Ale Ebrahim, Arash; Nierstrasz, Oscar (2021). Stopping DNS Rebinding Attacks in the Browser. In: 7th International Conference on Information Systems Security and Privacy - ICISSP 2021. Vienna, Austria. Feb 11, 2021 - Feb 13, 2021. 10.5220/0010310705960603

[img]
Preview
Text
Hazh21a.pdf - Accepted Version
Available under License Creative Commons: Attribution-Noncommercial-No Derivative Works (CC-BY-NC-ND).

Download (277kB) | Preview

DNS rebinding attacks circumvent the same-origin policy of browsers and severely jeopardize user privacy. Although recent studies have shown that DNS rebinding attacks pose severe security threats to users, up to now little effort has been spent to assess the effectiveness of known solutions to prevent such attacks. We have carried out such a study to assess the protective measures proposed in prior studies. We found that none of the recommended techniques can entirely halt this attack due to various factors, e.g., network layer encryption renders packet inspection infeasible. Examining the previous problematic factors, we realize that a protective measure must be implemented at the browser-level. Therefore, we propose a defensive measure, a browser plug-in called Fail-rebind, that can detect, inform, and protect users in the event of an attack. Afterwards, we discuss the merits and limitations of our method compared to prior methods. Our findings suggest that Fail-rebind does not nec essitate expert knowledge, works on different OSes and smart devices, and is independent of networks and location.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG)

UniBE Contributor:

Hazhirpasand Barkadehi, Mohammadreza and Nierstrasz, Oscar

Subjects:

000 Computer science, knowledge & systems
500 Science > 510 Mathematics

ISBN:

978-989-758-491-6

Funders:

[4] Swiss National Science Foundation

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

15 Apr 2021 09:58

Last Modified:

15 Apr 2021 09:58

Publisher DOI:

10.5220/0010310705960603

Uncontrolled Keywords:

scg-pub security snf-asa3 scg20 jb20 snf-imad

BORIS DOI:

10.48350/154522

URI:

https://boris.unibe.ch/id/eprint/154522

Actions (login required)

Edit item Edit item
Provide Feedback