Don’t believe everything you see
Project Title : HAWS – Homograph Attack Warning System
Don’t believe everything you see
If you belong to 21st Century, you may have probably seen a lot of those things which our old ancestors didn’t. Did the great father of Computer “Charles Babbage” or the Mother of Programming “Lady Eda” knew their invention is going to influence & overtaking the next century? Maybe the next of the next and all the rest centuries? Well, you know Computers, they are everywhere. From your smartphones to cars, from desktop to laptop, refrigerators, ovens and everywhere. They were build to make the work easy & interesting. The main thing they have revolutionized is, our way of communication which we were following from a long time ago. Now we are living in the era of social media apps, from Facebook to WhatsApp they are present everywhere. These apps are being used by everyone from the farmer to C.E.O of the companies.
Whatsapp have more then 1.5 billion active users in the world, 200 million users in India alone. Although this may seem to be a very good sign for Indians that they are moving to the new era of “THE DIGITAL INDIA” but it may have some consequences like spreading of fake news, breach of personal information like credit card, passwords or digital wallets etc.The users believe every message shared on social media and believe everything is “ALRIGHT”.
A survey shows that about 155 million phishing attempts on the firm’s users and among which 52 percent could have been stopped if taken care and Whats the best defense against phishing or homograph attack? Generally, checking the address bar,https connection or any misspelled word in the domain name. Right ? but the Social engineering attacks have moved very far from this like HOMOGRAPH attack in which we totally depend on our browser to give us a warning. This situation may worry some computer users but we generally don’t think much about when we perform any action on our mobile phones. But all these so called to do steps are not the right way to deal with these situation.
So to keep our loving internet and users safe we have come up with this project idea which provides the user with the ability to detect homograph attack and malicious links which warns them before they can access the site.
The Real world problem may look something like this
Note: This is just the proof of concept for the attack, the scenario may differ.
In the above picture the user asks his/her friend to send him the Link of Apple website but the friend tricked him and shared the Unicode domain which looks identical to the original Apple website. If this to be put in the way of an attacker then the result could have been different , it maybe possible that he may gets enter his Credentials onto the website assuming it’s all good .
Introduction : The project will be an android based application for any person which is using any social media apps like WhatsApp or any popular app. This will help the user to browser safe on there mobile to any link which is shared with them. The system will prompt the user a warning every time he visits a malicious link it will not just deal with simple and well know malicious link which can be detected easily by anyone which have some basic knowledge about the computer but it will also block any link which may even fool a techie.
The main benefit of this project will be that it will completely eliminate the help of the browser to detect such attacks or any user interaction to verify the domain and will detect any attack which may even bypass the browser protection.
Design : The design of the project can be divided into three phases which are as follows :
1. User Interface Design : In this phase the User Interface of the project is developed. That is, the designing of our application via which the user will interact for the warning issued as per the cases.
2. Database : The database is the pool of information for every application .In our application, the database is used to store the most popular websites spoofed link and malicious sites link which looks similar to top 10k domains of Alexa. The database will also store every site which it will detect as “Not Safe” and thus make our process fast to detect the same issue in the next future occurrence.T he below diagrams shows the representation between different entities of our project.
3. System Design: In this phase a complete flow diagram of the working system is designed. The flow diagram shows the step by step working of every entity of our project.
As per the following three stages, we will now start our implementation of the project.
Diagrams: The below diagrams shows the implementation and working of the project.
Data Flow Chart
Data Flow Diagram
The project is currently under development so here are the details of some of the core modules of our project.
Checker 1 : The very first module which will come to action when the user clicks on the link shared on social media app (i.e WhatsApp or any other messaging apps). It will fetch the link from the app and will search the following link in our database, if the link is found in the database then it will prompt a warning to the user as “Not Safe”.If the search is not successful then it will move to the next module i.e Converter.
Converter : This module will convert the link from ASCII Compatible Encoding to Unicode. If there is an error in the conversion ToUnicode (e.g. contains disallowed characters, starts with a combining mark or violates BiDi rules) then Punycode is generated and a warning is displayed. And if there is no error in conversion then it heads towards the next module i.e Checker 2.
Checker 2 : This module will check the following conditions :
- If there is a character in a label not belonging to Characters allowed in identifiers as per Unicode Technical Standard 39 (UTS 39)
- If any character in a label belongs to the black list
- If two or more numbering systems are mixed
- If there are any invisible characters
- Test the label for mixed script confusable per UTS 39
- If a hostname belongs to an non-IDN TLD
If anyone of these conditions is satisfied, a warning is displayed.
(These conditions may increase on the further development of the project to make it more effective)
Warning System : This module will come into the action as soon as it gets the Punycode or the extracted link is found in the database and will display the warning “The link is not safe to visit”.And will provide following operations to be performed by the user :
1- Open in browser : This will allow the user to visit the link in the browser.
2- Back to application : This will redirect the user to the source application (i.e WhatsApp or any other app).
Tools Used: Node.js, Apache HTTP Server, MySQL database, PHP for handling backend of interface, Basic4android , AppInventor, Google Firebase
Application: This project is proposed to make us more secure from cybercrime like IDN Homograph Attacks or Phishing Scams etc on social media. As India is moving towards “Digitalization” the cyber crimes are also increasing which may sometime even effect on the day to day life of a common man, so our project aims to help them to minimize the risk while visiting web links shared on social media.
- Costello, A. (2003, March). “RFC3492- Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA).” from http://www.ietf.org/rfc/rfc3492.txt
- Krammer, V. (2006). Phishing defense against IDN address spoofing attacks, ACM
- Mark Davis ,Michel Suignard (2018) “Unicode Security Mechanisms” from http://www.unicode.org/reports/tr39/
- Potter, B. (2005). Dangerous urls: Unicode & IDN. [doi: DOI: 10.1016/S1353-4858(05)00210-2]. Network Security,2005 (3), 5-6
- Weber, C. (2008a). The Lookout : Unicode security attacks and test cases Visual Spoofing,IDN homograph attacks,and the Mixed Script Confusables. from https://www.lookout.net/2008/12/unicode-attacks-and-test-cases-visual_11.html
Note: This project idea is contributed for ProGeek Cup 2.0- A project competition by GeeksforGeeks.