Attack on WiFi-based Location Services and SSL using Proxy Servers

Feng, Jun Liang

02 January 2014

Wireless LANs are very common in any household or business today. It allows access to their home or business network and the Internet without using wires. Their wireless nature allows mobility and convenience for the user and that opens up a lot of new possibilities in mobile devices such as smartphones and tablets. One application that makes use of wireless LANs is positioning, which can be used in areas where Global Positioning Systems may have trouble functioning or not at all. However, a drawback of using wireless communication is that it is susceptible to eavesdropping and jamming. Once the wireless signal is jammed, an attacker can set up fake access points on different channels or frequencies to impersonate a legitimate access point. In this thesis, this attack is performed specifically to trick WiFi-based location services. The attack is shown to work on Skyhook, Google, Apple and Microsoft location services, four of the major location service providers, and on dual-band hardware. Some countermeasures to such an attack are also presented. The web is an important part of many people???s lives nowadays. People expect that their privacy and confidentiality is preserved when they use the web. Previously, web traffic uses HTTP which meant traffic is all unencrypted and can be intercepted and read by attackers. This is clearly a security problem so many websites now default to using a more secure protocol, namely HTTPS which uses HTTP with SSL, and forces the user to HTTPS if they connect to the no SSL protocol. SSL works by exchanging keys between the client and server and the actual data is protected using the key and the cipher suite that is negotiated between the two. However, if a network uses a proxy server, it works slightly different. The SSL connection is broken up into two separate ones and that creates the potential for man-in-the-middle attacks that allow an attacker to intercept the data being transmitted. This thesis analyzes several scenarios in which an adversary can conduct such a man-in-the-middle attack, and potential detection and mitigation methods.

wifi

location service

ssl

proxy server

attack

Implementation of TCP Splicing for Proxy Servers on Linux Platform

Wang, Cheng-Sheng

10 July 2002

The forwarding delay and throughput of a proxy server play significant role in the overall network performance. It is widely known that the forwarding delay of proxy¡¦s application layer is much larger than that of lower layers. This is because for a general purpose operating system, the receiving or sending data in application layer needs to move data through the TCP/IP stack and also cross the user/kernel protection boundaries. TCP Splice can forward data directly in TCP layer without going up to the application layer. This can be achieved by modifying the packet headers of one TCP connection from the original server to the proxy so that the TCP connection can be seamlessly connected to another TCP connection from the proxy to the client. To maintain the caching ability of proxy, TCP Tap can duplicate packets before they are forwarded by TCP Splice. The duplicated packets are copied into a tap buffer, so the application layer can read data from the tap buffer. We fully utilize the original TCP receive queue as the tap buffer and allow application layer to read data as usual. We chose Linux as the platform for experiment. The TCP Splice and Tap are implemented as Linux modules. Finally, we develop an HTTP proxy to test and verify our implementation. It is shown that the performance of proxy in terms of lower forwarding delay, higher throughput, and increased CPU utilization, can be improved significantly.

TCP Tap

TCP Splice

BSD Socket

Linux Kernel

Proxy Server

Skalierung von Realtime-multiplayer-Games : am Beispiel der Quake 2 Engine und anschliessender Evaluation /

Schröter, Tobias.

January 2006

Zugl.: Diplomarbeit.

The Remote Socket Architecture a proxy based solution for TCP over wireless /

Schläger, Morten.

Unknown Date

Techn. University, Diss., 2004--Berlin.

Dynamicky zasílané WWW-stránky / Dynamic web pages

Kotlín, Jiří

January 2009

Serving dynamic web pages raises higher load of web servers and associated technologies. This can to some extent eliminate setting up reverse proxy with cache in front of the web server. The primary goal of this thesis is to implement this technique via presently most popular web server -- Apache. These Apache's proxy features were at first well tested and described, later practically applied in real LAMP software bundle enviroment (Linux, Apache, PHP, MySQL).

PERFORMANCE EVALUATION OF AN ENHANCED POPULARITY-BASED WEB PREFETCHING TECHNIQUE

Sharma, Mayank

January 2006

No description available.

Computer Science

web prefetching

proxy server prefetching

popularity based prefetching

Proxy firewall / Proxy firewall

Kugler, Zdeněk

January 2009

This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.

Proxy servery v síti Internet / Proxy servers in Internet

Henek, Jan

January 2016

The goal of this paper is to analyze the representation of proxy servers in cyber attacks conducted by Internet. For this purpose I used method which compares tested IP address with database of open proxy servers. I assembled a list of IP address taken from the blacklist of cyber attacks committed in 2015. Then I checked this list with the created program Proxy checker and compared them with a database of open proxy servers. By measurement I demonstrate the inefficacy of this method for reverse detection of proxy servers in the IP list of past attacks.

HIGH PERFORMANCE I/O ARCHITECTURES AND FILE SYSTEMS FOR INTERNET SERVERS

WANG, JUN

16 September 2002

No description available.

Computer Science

I/O architectures

file system

LFS

proxy server

internet

Modulární architektura distribuovaných aplikací / Modular Architecture of Distributed Applications

Musil, Jiří

January 2007

Traditional architectures of software systems are in heterogenous environment of today's computer networks too heavy-footed. One of principles, which tries to solve this problem is service-oriented architecture (SOA). Practical way of its implementation is represented by web services (WS) built upon protocols like SOAP or XML-RPC. This diploma thesis focuses problem of providing contextual information to mobile devices and its solution based on SOA principles. The thesis introduces design and implementation of web service providing contextual information to mobile devices and prototype of modular inverse SOAP proxy server allowing its effective monitoring and management.