How REMME protects against Phishing, Dictionary & brute-force, Pharming, DDoS and other types of malicious attacks

Following the rapid expansion of online connectivity, information security is of the highest demand nowadays. Internet network has evolved far beyond the mere exchange of information, connecting various aspects of our daily lives and being present even in fridges and cars. IoT, Big Data, ubiquitous handheld devices of all shapes — all this makes us carefully consider how to protect data on its way through all connected channels, either those of a service provider or a common user.

REMME acts on various architectural levels (based on OSI Multilevel Architecture):

• Physical level
• Data link level
• Network level
• Transportation level
• Session level
• Presentation level
• Application level

Now, let’s see how our solution can protect users and companies against various types of attacks.

DDoS

There are two types of DDoS attacks: low-level (SYN-flooding), and high-level (multiple requests to the application, e.g. multiple GET requests to the web server). Low-level attacks are processed at the data link level, while high-level — at the application level. REMME and SSL may limit the access to the application level on both the channel (IPSec) or transportation (TLS) levels.

Hardware Trojan

In this case, REMME offers an indirect protection from the malicious hardware that works through its physical form. If a common USB Disk is used as a keylogger, REMME may mitigate data losses, as the user won’t need to type passwords. A digital certificate can also be provided for all pluggable USB devices (this feature will be implemented in the upcoming version of REMME).

MiM (Man-in-the-middle) attack

cryptanalyzes and modifies victim’s data, by inserting another system on its way. There are multiple ways to perform such attack, e.g., ARP-spoofing, attacks on BGP routers, DNS server response substitution etc. To access the network traffic, it’s sufficient to change the internet provider’s BGP. You don’t even need to hack the router, as BGP doesn’t offer cryptographic authentication of the data exchange between the partners running a network segment. REMME encryption technologies eliminate data wiretapping or substitution, as standard protocols with unsafe channels switch over to encrypted ones (e.g. HTTP Strict-Transport-Security protocol, that makes browser always use HTTPS). While it is impossible to fend off MiM attacks in a standard hierarchical scheme of certificates (when an attacker has access to the certification body), REMME provides such protection, as attackers won’t be able to create fake certificates on behalf of the owner in a decentralized blockchain-based system.

Pharming

redirects the user to the false IP-address. By using fake DNS response, it is easy to frame a user, making him vulnerable to further phishing or MiM attacks. REMME technology can recognize if the system you want to connect with has a wrong signature.

XSS (Cross-Site Scripting)

adds an external script to the website, operating with the web page data, e.g. copying and sending data to the server. REMME can’t directly influence this process, but can minimize the damage from such attack as all data used for authentication is stored within a protected repository of system keys. Thus, scripts from the web page won’t receive access to this data, and all suspicious activities have to be confirmed through 2FA.

Malicious browser add-ons

Browser add-ons are very common these days, however, not all extensions may be useful. As extensions have access to the browser’s data sent both from the server and a client (via the data forms), malicious add-ons may intercept any sensitive information, including passwords and website session identifiers (cookies). A fresh example: in 2017, at least 37.000 users were tricked into downloading a fake AdBlock add-on for Google Chrome. Previously, in 2016 a student from Denmark discovered a set of Google Chrome malicious add-ons, hijacking Facebook accounts. REMME can help protect your data in such cases, as it uses SSL certificates for user authentication, kept in a specialized insulating storage. Thus, it’s impossible to reach protected SSL certificates via browser plugins or add-ons. In order to receive access to this storage, the attacker has to gain access to the whole system. Even in this case, the certificate will be protected with a key phrase, giving users additional time to recall the certificate.

Dictionary and brute-force attacks

These types of atacks are based on password mining. With asymmetrical cryptography, this type of attack has a close to zero chance of success, while requiring a tone of resources and efforts from hackers.

Password reuse attack

It is impossible with asymmetrical cryptography in place, as the Diffie-Hellman algorithm is used for identification with certificates and keys exchange, successfully eliminating the possibility of such attack.

Phishing

A targeted email attack, exploiting the human factor and using elements of social engineering. Phishing is commonly conducted through emails, sent to the recipient from a familiar person or service while containing malware or links to seemingly legitimate compromised websites. REMME S/MIME technology allows signing emails with a private key, adding an x.509 certificate with a public key in the message. Thus, it is easy to check the resource of the message that helps to define the level of trust, while revealing and blocking the virus source.

Evil twin

It’s a specific type of phishing attack in wireless networks. A hacker creates a copy of wireless entry point within a radius of user signal and substitutes the original entry point with its clone, redirecting all traffic of a victim. To protect the data from this type of attack, REMME suggests using WPA2-Enterprise encryption with EAP authorization in all wireless networks. This scheme can utilize Radius server with REMME solution, while the latter would require some tuning of its settings.

---

Learn More
To learn more about the REMME project check out our white paper and subscribe for email updates. Follow us on Twitter, and join our growing community in Telegram.