Abstract-Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages.Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook's acquisition of the hugely popular mobile messaging app WHATSAPP, alternatives claiming to provide secure communication experienced a significant increase of new users.A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TEXTSECURE. Besides numerous direct installations, its protocol is part of Android's most popular aftermarket firmware CYANOGEN-MOD. TEXTSECURE's successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TEXTSECURE's complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TEXTSECURE. Furthermore, we formally prove that-if key registration is assumed to be secure-TEXTSECURE's push messaging can indeed achieve most of the claimed security goals.
XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide adoption of this technology has resulted in an emergence of numerous-mostly complex-extension specifications. Naturally, this has been followed by a rise in large number of Web Services attacks. They range from specific Denial of Service attacks to attacks breaking interfaces of cloud providers [1], [2] or confidentiality of encrypted messages [3]. By implementing common web applications, the developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the wellknown attacks as SQL injection or Cross Site Scripting, there exist no penetration testing tools for Web Services specific attacks. This was the motivation for developing the first automated penetration testing tool for Web Services called WS-Attacker. In this paper we give an overview of our design decisions and provide evaluation of four Web Services frameworks and their resistance against WS-Addressing spoofing and SOAPAction spoofing attacks.
SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this technology is used, has introduced demands for new extensions raising its complexity. However, this has also introduced a large variety of new attacks. In this paper, we investigate an automatic evaluation of Web service specific Denial of Service (DoS) attacks. We present a new fully automated plugin for the WS-Attacker penetration testing tool implementing major DoS attacks. Our tool determines the attack success without having physical access to the target machine, using a novel blackbox approach. We give an overview of our design decisions and present the evaluation results using common Web service frameworks and systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.