Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Securing Websites Against Homograph Attacks

Download
496 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78816-6_4,
        author={Jemal Abawajy and A. Richard and Zaher Aghbari},
        title={Securing Websites Against Homograph Attacks},
        proceedings={Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM \& ATCS \& SEPRIOT},
        year={2018},
        month={4},
        keywords={Internationalized Domain Name Homograph attacks Phishing attacks Unicode attack Homograph obfuscation Web browsers security},
        doi={10.1007/978-3-319-78816-6_4}
    }
    
  • Jemal Abawajy
    A. Richard
    Zaher Aghbari
    Year: 2018
    Securing Websites Against Homograph Attacks
    SECURECOMM & ATCS & SEPRIOT
    Springer
    DOI: 10.1007/978-3-319-78816-6_4
Jemal Abawajy1,*, A. Richard2, Zaher Aghbari2,*
  • 1: Deakin University
  • 2: University of Sharjah
*Contact email: jemal@deakin.edu.au, zaher@sharjah.ac.ae

Abstract

With the globalisation of the Internet, standard frameworks such as the Internationalized Domain Name (IDN) that enable everyone to code a domain name in their native language or script has emerged. While IDN enabled coding the domain names in different languages, it has also put users of web browsers that support IDNs at risk of homograph attacks. As IDN-based homograph attacks have recently become a significant threat in content-based attacks such as phishing and other fraudulent attacks against Internet users, an approach that could automatically thwart such attacks against web browsers is important to the Internet users. To this end, we propose a new approach to mitigate the Internationalised Domain Name homograph attacks in this paper. The proposed approach is very easy to deploy in the existing browsers and requires no change in the way the end-user interact with the web-browsers. We implemented the proposed approach as an add-on to a popular web-browser and demonstrate its effectiveness against the homograph attack. Our assessment of the proposed implementation shows that the proposed solution to the IDN-based homograph attack protects web browsers with no noticeable overhead.