Defacement of Colluding Attack Using Blowfish Algorithm

Abstract In web environment, browser extension extends its functionality by retrieving, presenting and traversing the information through web browser. Browser extensions run with ‘high’ privileges which consequences, vulnerable web browser extensions to steal user’s credentials and trap users into leaking sensitive information to unauthorized parties. One of the attack known as Colluding browser extension attack causes privacy leakage of share data in web browser through extensions. This paper, proposed Defacement of colluding Attack (DCA) mechanism to secure user credentials and confidential information over web browser extension. DCA mechanism encapsulate padding with blowfish algorithm to encrypt sensitive information before sharing it over common memory location. Finally the comparison evaluation of proposed mechanism is carried out with twofish, threefish, 3DES and DES on standard parameters such as encryption time, decryption time, key-length, throughput, attacks and level of security.

[1]  Mohey M. Hadhoud,et al.  Evaluating The Performance of Symmetric Encryption Algorithms , 2010, Int. J. Netw. Secur..

[2]  Adam Barth,et al.  Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.

[3]  Cihan Varol,et al.  BrowStEx: A tool to aggregate browser storage artifacts for forensic analysis , 2015, Digit. Investig..

[4]  Vinod Ganapathy,et al.  Analyzing Information Flow in JavaScript-Based Browser Extensions , 2009, 2009 Annual Computer Security Applications Conference.

[5]  A. Suruliandi,et al.  Performance analysis of encryption algorithms for Information Security , 2013, 2013 International Conference on Circuits, Power and Computing Technologies (ICCPCT).

[6]  David A. Wagner,et al.  An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.

[7]  Marin Silic,et al.  Security vulnerabilities in modern web browser architecture , 2010, The 33rd International Convention MIPRO.

[8]  Abdelaziz Ait Moussa,et al.  SafeBrowse: A new tool for strengthening and monitoring the security configuration of web browsers , 2016, 2016 International Conference on Information Technology for Organizations Development (IT4OD).

[9]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[10]  Mohammad Zulkernine,et al.  Protecting Web Browser Extensions from JavaScript Injection Attacks , 2013, 2013 18th International Conference on Engineering of Complex Computer Systems.

[11]  Marianne Winslett,et al.  Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.

[12]  Vinod Ganapathy,et al.  An Analysis of the Mozilla Jetpack Extension Framework , 2012, ECOOP.

[13]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[14]  Manju Suresh,et al.  Hardware Implementation of Blowfish Algorithm for the Secure Data Transmission in Internet of Things , 2016 .

[15]  Ville Leppänen,et al.  Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures , 2012, CompSysTech '12.

[16]  Michael W. Godfrey,et al.  A reference architecture for Web browsers , 2005, 21st IEEE International Conference on Software Maintenance (ICSM'05).

[17]  Lei Guo,et al.  NDNBrowser: An extended web browser for named data networking , 2015, J. Netw. Comput. Appl..

[18]  Robert E. Crossler,et al.  A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers , 2012, Decis. Support Syst..

[19]  Benjamin Livshits,et al.  Verified Security for Browser Extensions , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Jaime Raigoza,et al.  Evaluating Performance of Symmetric Encryption Algorithms , 2016, 2016 International Conference on Computational Science and Computational Intelligence (CSCI).

[21]  Samuel T. King,et al.  Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[22]  Erdogan Dogdu,et al.  A novel semantic web browser for user centric information retrieval: PERSON , 2012, Expert Syst. Appl..

[23]  Ramlan Mahmod,et al.  Security analysis of blowfish algorithm , 2013, 2013 Second International Conference on Informatics & Applications (ICIA).

[24]  Rui Zhao,et al.  Toward a secure and usable cloud-based password manager for web browsers , 2014, Comput. Secur..

[25]  Tingyuan Nie,et al.  Performance Evaluation of DES and Blowfish Algorithms , 2010, 2010 International Conference on Biomedical Engineering and Computer Science.

[26]  Mohammad Zulkernine,et al.  Effective detection of vulnerable and malicious browser extensions , 2014, Comput. Secur..

[27]  Vaibhav Poonia,et al.  Analysis of modified Blowfish algorithm in different cases with various parameters , 2015, 2015 International Conference on Advanced Computing and Communication Systems.

[28]  Vijay Laxmi,et al.  Colluding browser extension attack on user privacy and its implication for web browsers , 2016, Comput. Secur..

[29]  Vijay Laxmi,et al.  The darker side of Firefox extension , 2013, SIN.