Computer Security Lab: Rice University

Now that we’ve migrated to WordPress, we’re updating these web pages. The publications page is updated and some project pages are on their way.

To build more trustworthy voting systems, Johns Hopkins University’s Avi Rubin will lead “A Center for Correct, Usable, Reliable, Auditable and Transparent Elections” (ACCURATE). A collaborative project involving six institutions, ACCURATE will investigate software architectures, tamper-resistant hardware, cryptographic protocols and verification systems as applied to electronic voting systems. Additionally, ACCURATE will examine system usability and how public policy, in combination with technology, can better safeguard voting nationwide. The center’s research and findings will also apply to other systems where end-to-end security is paramount.

The full NSF press release is available on their web site. See also accurate-voting.org.

The NSF has awarded Rice University a grant to study peer-to-peer (p2p) overlay networks.

Security for overlay networks will require understanding the extent to which malicious users, controlling a non-trivial fraction of the overlay network nodes, can corrupt or defeat the correct functioning of the network. We will design, implement, and evaluate techniques to address these issues. Likewise, we will investigate the ability of overlay networks to leverage peers that trust each other to behave properly. When such extrinsic trust relationships exist, they may simplify security issues and increase confidence in the result.

Incentives for distributed systems address the threat of “freeloading” nodes who, rather than trying to destroy the network, merely want to get service for free without providing any service in return. We will model, design, implement, and evaluate systems that give participants natural incentives to follow the protocols correctly. Our research proposal will also support a collaboration with Roger Dingledine, one of the authors of Tor, a widely used anonymous communication system; we will investigate incentives issues in Tor as well.

We found that the Google Desktop personal search engine contained a serious security flaw that would allow a third party to read the search result summaries that are embedded in normal Google web searches by the local search engine.

An attacker would not be able to read your files directly, but the search results often contain snippets of your files. If you had a file with a list of web passwords, for example, an attacker might be able to read some of those passwords.

Has Google fixed this?

We made Google aware of the issue in late November. They have redesigned the embedding mechanism to prevent our attack and are now distributing a version that is not vulnerable. The Google Desktop application has an auto-update feature, and Google is rolling the updates out right now.

How can I tell if I have the new version?

From the Google Desktop icon in your task bar, select “About.” If the version number is 121004 (December 10, 2004) or more recent, then you’re safe.

What should I do if I’m running an older version?

In the Preferences dialog, you may deselect the checkbox for “Show Desktop Search results on Google Web Search result pages”. If you do this, you will also defeat the attack. You can still safely search your local computer; you just won’t see local search results integrated into Google web searches. The Google Desktop software will eventually update itself automatically.

Does it matter what web browser I use?

Any browser is vulnerable to this attack, so long as Google Desktop is integrating local search results into web searches performed at Google.com.

How does the attack work?

The user must visit the web page of a potential attacker. The attacker includes a Java applet in the web page. This applet will appear to the user as a normal part of the web page, but it will also make certain network connections that trick the Google Desktop into integrating its local search results, even though the applet never actually connects to Google. The applet can then read these integrated results and transmit them back to the attacker’s web server.

Furthermore, in cases where the user’s computer network is subject to “man-in-the-middle” attacks, including most 802.11 wireless networks, particularly when used in public locations, the user need not explicitly visit the attacker’s web page. The attacker could tamper with the network connections being made by the user’s web browser and could inject the attack into any other web page.

What about other desktop search programs?

As far as we know, Google Desktop is the only local search engine whose results are seamlessly integrated with web search results. Other local search engines do not have this feature, so would be safe from our attack. We have not yet done a detailed examination of these other search engines, so we cannot say whether other vulnerabilities might exist.

Who discovered this flaw?

This work was a collaboration by Seth Fogarty and Seth Nielson (Rice graduate students), advised by Dan Wallach (a Rice professor). The work began as a final project in Wallach’s Computer Systems Security course.

I’m with the press and I’d like to interview…

To arrange an interview with one of us at Rice, you should contact Jade Boyd in Rice’s Media Relations department (+1-713-348-6778). If you are looking for a comment from Google, you should contact Nate Tyler .

Where can I get more information?

We’ve made a technical report available with more details.

Press coverage

New York Times, Slashdot, San Jose Mercury News, Houston Chronicle, The Motley Fool, TechWeb, and many others.