NAISS: A reverse proxy approach to mitigate MageCart's e-skimmers in e-commerce

The rise of payment details theft has led to increasing concerns regarding the security of e-commerce platforms. For the MageCart threat family, the attacks employ e-skimmers, which are pieces of software code that instruct clients to forward payment details to an attacker-controlled server. They can be injected into hosting providers' servers as HTML tags such as script, iframe, and img. By leveraging image steganography - the technique of hiding structured information inside images without visual perturbances - MageCart groups can deliver eskimmers without raising suspicion. In this work, we systematically review applicable solutions in the literature and evaluate their drawbacks in the setting of a compromised hosting provider. While promising, existing solutions in the literature present shortcomings such as a lack of compatibility, adaptability, or functionality in the presence of an attacker. Based on this review, we compile a set of features for a better solution, which we use as a foundation for designing our proposed solution - NAISS: Network Authentication of Images to Stop e-Skimmers. Through our solution, digital signatures of individual images are checked inside a serverside middlebox residing in the hosting provider's network to prevent the transmission of unauthorized images to clients. Elliptic curve signatures are provided by the e-commerce platform developer prior to uploading a website to the hosting provider. Our proof-of-concept implementation shows that NAISS is capable of filtering 100% of present stegoimages, regardless of their novelty, while imposing a minimal performance detriment and no client-side modifications.