{"id":239,"date":"2011-11-14T16:17:40","date_gmt":"2011-11-14T15:17:40","guid":{"rendered":"https:\/\/samovar2022.int-evry.fr\/index.php\/2011\/11\/14\/soutenance-these-de-sophie-gastellier-prevost\/"},"modified":"2020-09-04T18:46:59","modified_gmt":"2020-09-04T16:46:59","slug":"soutenance-these-de-sophie-gastellier-prevost-2","status":"publish","type":"post","link":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/2011\/11\/14\/soutenance-these-de-sophie-gastellier-prevost-2\/","title":{"rendered":"SOUTENANCE : Th\u00e8se de Sophie Gastellier-Prevost"},"content":{"rendered":"<p>Jeudi <strong>24 Novembre<\/strong> 2011 \u00e0 <strong>14<\/strong>h00 en <strong>Amphi 10<\/strong><\/p>\n<p><strong>\u00ab\u00a0Vers une D\u00e9tection des Attaques de Phishing et Pharming C\u00f4t\u00e9 Client\u00a0\u00bb<\/strong>.<\/p>\n<p><strong>jury :<\/strong><\/p>\n<p>&#8211; Ludovic M\u00c9, Professeur \u00e0 Sup\u00e9lec, Rapporteur.<br \/>\n&#8211; Radu STATE, Chercheur associ\u00e9 \u00e0 l\u2019Universit\u00e9 du Luxembourg, Rapporteur.<br \/>\n&#8211; Guy PUJOLLE, Professeur \u00e0 l\u2019UPMC \/ LIP6, Examinateur.<br \/>\n&#8211; Laurent TOUTAIN, Ma\u00eetre de Conf\u00e9rences \u00e0 l\u2019Institut T\u00e9l\u00e9com \/ T\u00e9l\u00e9com Bretagne, Examinateur.<br \/>\n&#8211; Franck VEYSSET, Chef du CERTA \u00e0 l\u2019ANSSI \/ COSSI, Examinateur.<br \/>\n&#8211; Maryline LAURENT, Professeur \u00e0 l\u2019Institut T\u00e9l\u00e9com \/ T\u00e9l\u00e9com SudParis, Directrice de Th\u00e8se.<\/p>\n<p><strong>R\u00e9sum\u00e9 :<\/strong><\/p>\n<p>Le d\u00e9veloppement de l\u2019Internet \u00e0 haut d\u00e9bit et l\u2019expansion du commerce \u00e9lectronique ont entra\u00een\u00e9 dans leur sillage de nouvelles attaques qui connaissent un vif succ\u00e8s. L\u2019une d\u2019entre elles est particuli\u00e8rement sensible dans l\u2019esprit collectif : celle qui s\u2019en prend directement aux portefeuilles des Internautes. <\/p>\n<p>Sa version la plus r\u00e9pandue\/connue est d\u00e9sign\u00e9e sous le terme phishing. Majoritairement v\u00e9hicul\u00e9e par des campagnes de spam, cette attaque vise \u00e0 voler des informations confidentielles (p.ex. identifiant, mot de passe, num\u00e9ro de carte bancaire) aux utilisateurs en usurpant l\u2019identit\u00e9 de sites marchands et\/ou bancaires. Au fur et \u00e0 mesure des ann\u00e9es, ces attaques se sont perfectionn\u00e9es jusqu\u2019\u00e0 proposer des sites webs contrefaits qui visuellement &#8211; hormis l\u2019URL visit\u00e9e &#8211; imitent \u00e0 la perfection les sites originaux. Par manque de vigilance, bon nombre d\u2019utilisateurs communiquent alors &#8211; en toute confiance &#8211; des donn\u00e9es confidentielles. Dans une premi\u00e8re partie de cette th\u00e8se, parmi les moyens de protection\/d\u00e9tection existants face \u00e0 ces attaques, nous nous int\u00e9ressons \u00e0 un m\u00e9canisme facile d\u2019acc\u00e8s pour l\u2019Internaute : les barres d\u2019outils anti-phishing, \u00e0 int\u00e9grer dans le navigateur web. La d\u00e9tection r\u00e9alis\u00e9e par ces barres d\u2019outils s\u2019appuie sur l\u2019utilisation de listes noires et tests heuristiques. Parmi l\u2019ensemble des tests heuristiques utilis\u00e9s (qu\u2019ils portent sur l\u2019URL ou le contenu de la page web), nous cherchons \u00e0 \u00e9valuer leur utilit\u00e9 et\/ou efficacit\u00e9 \u00e0 identifier\/diff\u00e9rencier les sites l\u00e9gitimes des sites de phishing. Ce travail permet notamment de distinguer les heuristiques d\u00e9cisifs, tout en discutant de leur p\u00e9rennit\u00e9.<\/p>\n<p>Une deuxi\u00e8me variante moins connue de cette attaque &#8211; le pharming &#8211; peut \u00eatre consid\u00e9r\u00e9e comme une version sophistiqu\u00e9e du phishing. L\u2019objectif de l\u2019attaque reste identique, le site web visit\u00e9 est tout aussi ressemblant \u00e0 l\u2019original mais &#8211; a contrario du phishing &#8211; l\u2019URL visit\u00e9e est cette fois-ci elle aussi totalement identique \u00e0 l\u2019originale. R\u00e9alis\u00e9es gr\u00e2ce \u00e0 une corruption DNS amont, ces attaques ont l\u2019avantage de ne n\u00e9cessiter aucune action de communication de la part de l\u2019attaquant : celui-ci n\u2019a en effet qu\u2019\u00e0 attendre la visite de l\u2019Internaute sur son site habituel. L\u2019absence de signes \u00ab\u00a0visibles\u00a0\u00bb rend donc l\u2019attaque perp\u00e9tr\u00e9e particuli\u00e8rement efficace et redoutable, m\u00eame pour un Internaute vigilant. Certes les efforts d\u00e9ploy\u00e9s c\u00f4t\u00e9 r\u00e9seau sont consid\u00e9rables pour r\u00e9pondre \u00e0 cette probl\u00e9matique. N\u00e9anmoins, le c\u00f4t\u00e9 client y reste encore trop expos\u00e9 et vuln\u00e9rable. Dans une deuxi\u00e8me partie de cette th\u00e8se, par le d\u00e9veloppement de deux propositions visant \u00e0 s\u2019int\u00e9grer dans le navigateur client, nous introduisons une technique de d\u00e9tection de ces attaques qui couple une analyse de r\u00e9ponses DNS \u00e0 une comparaison de pages webs. Ces deux propositions s\u2019appuient sur l\u2019utilisation d\u2019\u00e9l\u00e9ments de r\u00e9f\u00e9rence obtenus via un serveur DNS alternatif, leur principale diff\u00e9rence r\u00e9sidant dans la technique de r\u00e9cup\u00e9ration de la page web de r\u00e9f\u00e9rence. Gr\u00e2ce \u00e0 deux phases d\u2019exp\u00e9rimentation, nous d\u00e9montrons la viabilit\u00e9 du concept propos\u00e9.<\/p>\n<p><strong>Abstract :<\/strong><\/p>\n<p>The development of online transactions and \u00ab\u00a0always-connected\u00a0\u00bb broadband Internet access is a great improvement for Internet users, who can now benefit from easy access to many services, regardless of the time or their location. The main drawback of this new market place is to attract attackers looking for easy and rapid profits. <\/p>\n<p>One major threat is known as a phishing attack. By using website forgery to spoof the identity of a company that proposes financial services, phishing attacks trick Internet users into revealing confidential information (e.g. login, password, credit card number). Because most of the end-users check the legitimacy of a login website by looking at the visual aspect of the webpage displayed by the web browser &#8211; with no consideration for the visited URL or the presence and positioning of security components -, attackers capitalize on this weakness and design near-perfect copies of legitimate websites, displayed through a fraudulent URL. To attract as many victims as possible, most of the time phishing attacks are carried out through spam campaigns. One popular method for detecting phishing attacks is to integrate an anti-phishing protection into the web browser of the user (i.e. anti-phishing toolbar), which makes use of two kinds of classification methods : blacklists and heuristic tests. The first part of this thesis consists of a study of the effectiveness and the value of heuristics tests in differentiating legitimate from fraudulent websites. We conclude by identifying the decisive heuristics as well as discussing about their life span.<\/p>\n<p>In more sophisticated versions of phishing attacks &#8211; i.e. pharming attacks -, the threat is imperceptible to the user : the visited URL is the legitimate one and the visual aspect of the fake website is very similar to the original one. As a result, pharming attacks are particularly effective and difficult to detect. They are carried out by exploiting DNS vulnerabilities at the client-side, in the ISP (Internet Service Provider) network or at the server-side. While many efforts aim to address this problem in the ISP network and at the server-side, the client-side remains excessively exposed. In the second part of this thesis, we introduce two approaches &#8211; intended to be integrated into the client\u2019s web browser &#8211; to detect pharming attacks at the client-side. These approaches combine both an IP address check and a webpage content analysis, performed using the information provided by multiple DNS servers. Their main difference lies in the method of retrieving the webpage which is used for the comparison. By performing two sets of experimentations, we validate our concept.<\/p>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>Jeudi 24 Novembre 2011 \u00e0 14h00 en Amphi 10 \u00ab\u00a0Vers une D\u00e9tection des Attaques de Phishing et Pharming C\u00f4t\u00e9 Client\u00a0\u00bb. jury : &#8211; Ludovic M\u00c9, Professeur \u00e0 Sup\u00e9lec, Rapporteur. &#8211; Radu STATE, Chercheur associ\u00e9 \u00e0 l\u2019Universit\u00e9 du Luxembourg, Rapporteur. &#8211; Guy PUJOLLE, Professeur \u00e0 l\u2019UPMC \/ LIP6, Examinateur. &#8211; Laurent TOUTAIN, Ma\u00eetre de Conf\u00e9rences \u00e0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[428],"tags":[],"class_list":["post-239","post","type-post","status-publish","format-standard","hentry","category-theses-2011-fr","entry"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=239"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/239\/revisions"}],"predecessor-version":[{"id":1983,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/239\/revisions\/1983"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}