Localhost Detour from Public to Private Networks

Yehuda Afek; Anat Bremler-Barr; Dor Israeli; Alon Noy

doi:10.1007/978-3-031-34671-2_1

Localhost Detour from Public to Private Networks

Yehuda Afek, Anat Bremler-Barr^*, Dor Israeli, Alon Noy

^*Corresponding author for this work

Reichman University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability. This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications [18, 20].

Original language	English
Title of host publication	Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings
Editors	Shlomi Dolev, Ehud Gudes, Pascal Paillier
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	1-17
Number of pages	17
ISBN (Print)	9783031346705
DOIs	https://doi.org/10.1007/978-3-031-34671-2_1
State	Published - 2023
Event	7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023 - Be'er Sheva, Israel Duration: 29 Jun 2023 → 30 Jun 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13914 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023
Country/Territory	Israel
City	Be'er Sheva
Period	29/06/23 → 30/06/23

Keywords

Browser Based Attack
IoT
Localhost
Private Network

Access to Document

10.1007/978-3-031-34671-2_1

Cite this

Afek, Y., Bremler-Barr, A., Israeli, D., & Noy, A. (2023). Localhost Detour from Public to Private Networks. In S. Dolev, E. Gudes, & P. Paillier (Eds.), Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings (pp. 1-17). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13914 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-34671-2_1

Afek, Yehuda ; Bremler-Barr, Anat ; Israeli, Dor et al. / Localhost Detour from Public to Private Networks. Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings. editor / Shlomi Dolev ; Ehud Gudes ; Pascal Paillier. Springer Science and Business Media Deutschland GmbH, 2023. pp. 1-17 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{bb9c427579434f53aa31eb11977f8962,

title = "Localhost Detour from Public to Private Networks",

abstract = "This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability. This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications [18, 20].",

keywords = "Browser Based Attack, IoT, Localhost, Private Network",

author = "Yehuda Afek and Anat Bremler-Barr and Dor Israeli and Alon Noy",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023 ; Conference date: 29-06-2023 Through 30-06-2023",

year = "2023",

doi = "10.1007/978-3-031-34671-2_1",

language = "אנגלית",

isbn = "9783031346705",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "1--17",

editor = "Shlomi Dolev and Ehud Gudes and Pascal Paillier",

booktitle = "Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings",

address = "גרמניה",

}

Afek, Y , Bremler-Barr, A, Israeli, D & Noy, A 2023, Localhost Detour from Public to Private Networks. in S Dolev, E Gudes & P Paillier (eds), Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13914 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 1-17, 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023, Be'er Sheva, Israel, 29/06/23. https://doi.org/10.1007/978-3-031-34671-2_1

Localhost Detour from Public to Private Networks. / Afek, Yehuda ; Bremler-Barr, Anat; Israeli, Dor et al.
Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings. ed. / Shlomi Dolev; Ehud Gudes; Pascal Paillier. Springer Science and Business Media Deutschland GmbH, 2023. p. 1-17 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13914 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Localhost Detour from Public to Private Networks

AU - Afek, Yehuda

AU - Bremler-Barr, Anat

AU - Israeli, Dor

AU - Noy, Alon

PY - 2023

Y1 - 2023

N2 - This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability. This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications [18, 20].

AB - This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability. This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications [18, 20].

KW - Browser Based Attack

KW - IoT

KW - Localhost

KW - Private Network

UR - http://www.scopus.com/inward/record.url?scp=85164933496&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-34671-2_1

DO - 10.1007/978-3-031-34671-2_1

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85164933496

SN - 9783031346705

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 17

BT - Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings

A2 - Dolev, Shlomi

A2 - Gudes, Ehud

A2 - Paillier, Pascal

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023

Y2 - 29 June 2023 through 30 June 2023

ER -

Afek Y , Bremler-Barr A, Israeli D, Noy A. Localhost Detour from Public to Private Networks. In Dolev S, Gudes E, Paillier P, editors, Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 1-17. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-34671-2_1