Security, Privacy and Encryption in Mobile Networks Gyan Ranjan Narus Inc. November 12, 2014 Narus Inc (A wholly owned subsidiary of the Boeing Company.)

Slides:

Advertisements

Similar presentations

State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson.

Advertisements

Cross Site Request Forgery CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.

1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

How the web works: HTTP and CGI explained

TCP/IP Protocol Suite 1 Chapter 22 Upon completion you will be able to: World Wide Web: HTTP Know how HTTP accesses data on the WWW Objectives.

Servlets and JSP Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.

CS 142 Lecture Notes: HTTPSlide 1 HTTP Request GET /index.html HTTP/1.1 Host: User-Agent: Mozilla/5.0 Accept: text/html, */* Accept-Language:

Web Application Security 101 Steve Carter (special thanks to SPI Dynamics)

Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.

Lecture 4: stateful inspection, advanced protocols Roei Ben-Harush 2015.

Rensselaer Polytechnic Institute CSC-432 – Operating Systems David Goldschmidt, Ph.D.

MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Shibboleth Training: Round Two 1

How to Detect a Client’s Browser Senior Seminar CS498.

ECE Prof. John A. Copeland Office: Klaus or call.

Basics of the HTTP Protocol and Apache Web Server Brandon Checketts.

Web technologies and programming cse hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.

Web Hacking 1. Overview Why web HTTP Protocol HTTP Attacks 2.

Archive-it WARC usage - compared with NAS – and 3 Questions. By Tue Hejlskov Larsen, netarchive.dk January 2015.

HTTP Caching & Cache-Busting for Content Publishers Michael J. Radwin O’Reilly Open Source Convention July 28, 2004.

Java Technology and Applications

HTTP – HyperText Transfer Protocol

SUNY Polytechnic Institute CS 490 – Web Design, AJAX, jQuery Web Services A web service is a software system that supports interaction (requesting data,

HTTP HTML Introduction to web development. elaborate SPARCS 07 Wheel Moodle TA 안병욱 CS101 TA The presenter is 바퀴짱 ? 3 월 신작 ? 밤의 제왕 ? 악명 높은 TA?

The Web CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University Content of some slides provided.

CSC 2720 Building Web Applications Getting and Setting HTTP Headers (With PHP Examples)

CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.

CS 190 Lecture Notes: Tweeter ProjectSlide 1 Uniform Resource Locators (URLs) Scheme Host.

Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.

SAMPLES: Self Adaptive Mining of Persistent LExical Snippets for Classifying Mobile Application Traffic Gyan Ranjan Principal Data Scientist, Symantec.

WWW, HTTP, GET, POST, Cookies Svetlin Nakov Telerik Corporation

Building HTTP Services with ASP.NET Web API Sayed Ibrahim Hashimi Program Manager Microsoft Corporation DEV309.

IT Engineering Instructor: Rezvan Shiravi

Monitoring Malware at Runtime. From Last Lecture Malware authors use advanced coding for avoiding detection AnserverBot is a very sophisticate piece of.

The HTTP Protocol HTTP, Requests, Responses, Forms, MIME, Caching, Redirects SoftUni Team Technical Trainers Software University

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.

SAMPLES: Self Adaptive Mining of Persistent LExical Snippets for Classifying Mobile Application Traffic Gyan Ranjan Principal Data Scientist, Symantec.

Hakuna Suricata (it means no worries, except for APT)

Proxy Lab Recitation I Monday Nov 20, 2006.

HTTP1 Hypertext Transfer Protocol (HTTP) After this lecture, you should be able to:  Know how Web Browsers and Web Servers communicate via HTTP Protocol.

A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.

1-1 HTTP request message GET /somedir/page.html HTTP/1.1 Host: User-agent: Mozilla/4.0 Connection: close Accept-language:fr request.

HTTP/2 and ATS ATS Fall Summit 2015 Bryan Call. Why HTTP/2? Reduce latency and TCP connection overhead Easier to write well-performing sites (no domain.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

HTTP How the Internet servers and clients communicate.

JavaScript, Part 4 Instructor: Charles Moen CSCI/CINF 4230.

HTTP Here, we examine the hypertext transfer protocol (http) – originally introduced around 1990 but not standardized until 1997 (version 1.0) – protocol.

EE 122: Lecture 21 (HyperText Transfer Protocol - HTTP) Ion Stoica Nov 20, 2001 (*)

Summer 2007 Florida Atlantic University Department of Computer Science & Engineering COP 4814 – Web Services Dr. Roy Levow Part 1 – Introducing Ajax.

5 th ed: Chapter 17 4 th ed: Chapter 21

Overview of Servlets and JSP

PHP Security Ryan Dunn Jason Pack. Outline PHP Overview PHP Overview Common Security Issues Common Security Issues Advanced Security Issues Advanced Security.

LURP Details. LURP Lab Details  1.Given a GET … call a proxy CGI script in the same way you would for a normal CGI request  2.This UDP perl.

Web Caching. Why Caching? Faster browsing experience for users Cache hit rate Traffic Prioritization Reduce network bandwidth requirements significantly.

The OWASP Foundation OWASP Education Computer based training The Basics Nishi Kumar IT Architect Specialist, FIS Chair, Software Security.

Performance testing and engineering Raja Gourav Kokkiligadda, Performance Architect, Domestic and General.

Web Protocols: HTTP COMP6017 Topics on Web Services Dr Nicholas Gibbins –

表單 (Form). … Ex. … method  method="get"  URL:  HTTP message entity: none  不可超過 256 個字元  method="post"

DEV336. demo HTTP Packet Trace GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible;

© Janice Regan, CMPT 128, Jan 2007 CMPT 371 Data Communications and Networking HTTP 0.

Fiddler and Your Website Robert Boedigheimer. About Me Web developer since 1995 Columnist for aspalliance.com Pluralsight Author 3 rd Degree Black Belt,

Lecture 4: Stateful Inspection, Advanced Protocols.

DOM, jQuery, AJAX, REST Using Kinvey as JS Back-End

6.033 Lecture 24 Protocols and Authorization Nickolai Zeldovich Spring 2009.

Hypertext Transfer Protocol (HTTP) COMP6218 Web Architecture Dr Nicholas Gibbins –

Android Mobile apps development services company in India

Python, PhantomJS, & Selenium

Presentation transcript:

Security, Privacy and Encryption in Mobile Networks Gyan Ranjan Narus Inc. November 12, 2014 Narus Inc (A wholly owned subsidiary of the Boeing Company.)

The World as it Used to Be  The Desktop/Laptop world Limited number of vendors Manageable application portfolio. Challenge: Proprietary protocols.  And along came the mobile revolution … Millions of apps from thousands of developers. Narus Inc (A wholly owned subsidiary of the Boeing Company.)

The World as it Is (More or Less)  The mobile revolution … Thousands of application developers, millions of apps. Challenge: Size above all. Good news: HTTP is still the protocol of choice. Narus Inc (A wholly owned subsidiary of the Boeing Company.) b.aol.com /ping ap_av= &ap_cn=wifi&...&ap_la=en_US&ap_os=ios& …&dL_ch=com.aol.aim&h=com.aol.aim.ios.application... AIM/ CFNetwork/ Darwin/ GET o.aolcdn.com /os/mservice/admanifests/iphone/com_aol_aim/v3/manif est.json {? "enabled": true,? "version": 3,? … } AIM/ CFNetwork/ Darwin/ GET

The World as it Will Be  Along came HTTPS … Convergent services. Challenge: No visibility. Good news: Woman-in-the-middle. Narus Inc (A wholly owned subsidiary of the Boeing Company.) 200 OK Content-Type: application/json;charset=utf-8 Content-Length: 139 X-Max-Sequence: 1 { : 0, 0, "responses" : [ { "disconnect" : { "sequence" : 1, "receiver" : “a*******”, "reason" : 4 } } ] } Client: Scheme: https GET :443/pe/4d8c5d92/92bcb62d/3661ec2a/15957/config/prod/config.xml Cache-Control: no-cache, no-transform Accept-Encoding: gzip Accept: */* User-Agent: YahooMobileMessenger/1.0 (Android Messenger; 1.8.4) (grouper; asus; Nexus 7; 4.2.2/JDQ39B) Host: s.yimg.com Connection: Keep-Alive Client: Scheme: https POST :443/login.php?login_attempt=1 Host: User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/ Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: Cookie: datr=bJLQUo4rXIgvkkOEKRA6ikD7; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2F; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; wd=1440x692; act= %2F0; _e_09Gr_0=%5B%2209Gr%22%2C %2C%22act%22%2C %2C0%2C%2 2 %22%2C%22click%22%2C%22click%22%2C%22bluebar%22%2C%22r%22%2C%22%2F%22%2C %7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C859%2C42%2C0%2C1427%2C%22p 8fhij%22%2C17%5D Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 144

The Zillion Dollar Question  So what can’t we do… Practical problems. Deployment scenarios. Challenges! Narus Inc (A wholly owned subsidiary of the Boeing Company.)