Web Browser Privacy and Security Part I. Usable Privacy and Security Carnegie Mellon University...

Web BrowserWeb BrowserPrivacy and SecurityPrivacy and Security

Part IPart I

Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/

Today’s TopicsToday’s Topics Trusted PathsTrusted Paths

Context-Sensitive Certificate Verification Context-Sensitive Certificate Verification (optional paper)(optional paper)


Trusted PathsTrusted Paths Trusted paths are used to help users Trusted paths are used to help users

ensure that they are communicating with ensure that they are communicating with whom they think they arewhom they think they are• Ex. Ctrl-Alt-Del in Windows systems cannot

be intercepted

Trusted paths for Web are difficult becauseTrusted paths for Web are difficult because• From remote server to browser to user

• Trivial to make fake UIs that look legit


Example Attack #1Example Attack #1



Is this from eBay?No trusted path, hard to tell


Example Attack #3Example Attack #3Is this from eBay?

No trusted path to realeBay to verify


One Idea: Dynamic Security One Idea: Dynamic Security SkinsSkins

User remembers one imageUser remembers one image• Shown in a trusted window

User remembers one passwordUser remembers one password• Ease of use

• Sites get hashed password only

Uses Secure Remote Password w/ serverUses Secure Remote Password w/ server• Generated using a shared secret

Dhamija and Tygar, The Battle Against Phishing:Dynamic Security Skins, SOUPS 2005


How to Show Trusted PathHow to Show Trusted Path Static security indicatorsStatic security indicators

• Ex. Secure window uses a certain color border

• Ex. Secure window uses lock icon

• Rejected, too predictable and easy to spoof

Custom security indicatorCustom security indicator• Ex. One indicator per site

• Ex. One indicator per user

• Rejected, too much effort

• (Also too much to remember)


Dynamic Security SkinsDynamic Security Skins

• In theory, lots of imagesshould make it hard to spoof

• Trusted path to password window


Dynamic Security SkinsDynamic Security Skins

• A unique pattern is generated by each web site (visual hash)

• Trusted path from password entryto web site


Another Idea: TokensAnother Idea: Tokens Two factor authenticationTwo factor authentication

• Something you have

• Usually cryptographic

SecureIDSecureID

Smart cardsSmart cards

Random cryptographic tokensRandom cryptographic tokens

Scratch cardsScratch cards


A Third Idea: Mobile PhonesA Third Idea: Mobile Phones Everyone’s got a mobile phoneEveryone’s got a mobile phone

Client side certificatesClient side certificates• Private keys generated/stored on phone

• New key for each phone

Keys linked to domain namesKeys linked to domain names

Key generated upon new connectionKey generated upon new connection

Bluetooth from phone to PCBluetooth from phone to PC

Very few server modificationsVery few server modifications


Discussion of Trusted PathDiscussion of Trusted Path ““[O]n each launch of Firefox, paint the [O]n each launch of Firefox, paint the

Firefox interface with a nonintrusive, Firefox interface with a nonintrusive, randomly generated pattern. Because sites randomly generated pattern. Because sites wouldn’t be able to replicate this pattern, wouldn’t be able to replicate this pattern, users would know when they were viewing users would know when they were viewing [a] spoofed UI”[a] spoofed UI”

Other ideas for trusted paths?Other ideas for trusted paths?

Other barriers to adoption?Other barriers to adoption?


Today’s TopicsToday’s Topics Trusted PathsTrusted Paths

Context-Sensitive Certificate Verification Context-Sensitive Certificate Verification (optional paper)(optional paper)


CertificatesCertificates A secure way of binding a public key with A secure way of binding a public key with

an identityan identity• Ex. Amazon sends its certificate via https

• Makes it easier to encrypt communications

How to know if this certificate is legitimate?How to know if this certificate is legitimate?• Certificate is also signed by a well-known

certificate authority (CA)

• Certificates of these CAs often included in web browser


Self-Signed CertificatesSelf-Signed Certificates Some sites use self-signed certificates Some sites use self-signed certificates

• Want to avoid monetary and overhead costs

• Often leads to security alerts like below


Why Certificate Verification Why Certificate Verification FailsFails

1.1. Browser may not know public key of the Browser may not know public key of the CA that issued the server’s certificateCA that issued the server’s certificate• Internal web server (only by members of the

organization) (significant annual fee)



1.1. Browser may not know public key of the Browser may not know public key of the CA that issued the server’s certificateCA that issued the server’s certificate• Internal web server (only by members of the

organization) (significant annual fee)

• Own CA: public key installed in browser (no verification errors), but large number of users / user owned computers means high maint

2.2. Issuer’s or the server’s certificate may be Issuer’s or the server’s certificate may be expiredexpired



3.3. Common name Common name of certificate does not of certificate does not match server’s fully qualified domain namematch server’s fully qualified domain name♦ Mistake, ex. s3.acme.com vs s10.acme.com♦ Might be attacker using his own identity with a

CA generated certificate (difficult)


Aside: Phishing AttackAside: Phishing Attack

Signed certificate fromEquifax / Geotrust



3.3. Common name Common name of certificate does not of certificate does not match server’s fully qualified domain namematch server’s fully qualified domain name♦ Mistake, ex. s3.acme.com vs s10.acme.com♦ Might be attacker using his own identity with a

CA generated certificate (easy, but expensive)♦ Might be attacker using a stolen certificate

(along with the private key) (difficult)♦ Or might be self-signed certificate (easy)


DiscussionDiscussion


Context-Sensitive Certificate Context-Sensitive Certificate VerificationVerification

Clarify relationship between user and Clarify relationship between user and server’s (non verified) certificateserver’s (non verified) certificate• Not giving the user override mechanisms

Distribute signed certificates of internal Distribute signed certificates of internal servers out of bandservers out of band

Use typically unused certificate fields:Use typically unused certificate fields:• CA’s contact information (field: issuer

alternative name)

• CA administrator’s name, address, telephone and fax numbers, and work hours.


Context Sensitive Certificate Context Sensitive Certificate VerificationVerification


If you said you arean internal member…


If you said you arean external member…


Specific Passwords Specific Passwords WarningsWarnings

Helps prevent eavesdroppingHelps prevent eavesdropping

Allow overridingAllow overriding

Existing version:Existing version:



Is this an important account?


DiscussionDiscussion Thoughts so far on designs?Thoughts so far on designs?

• Context-sensitive Certificate Verification

• Specific Password Warnings


User StudiesUser Studies Computer literate users (CLU)Computer literate users (CLU)

Evaluate:Evaluate:• Likelihood of successful attack in

representative security-sensitive Web apps

• Possibility of “foolproofing” browsers, so they can be used securely even by untrained CLUs

• Can education about the relevant security principles, attacks, and tools improve the security of how users browse the Web? Note: This last hypothesis is not covered in this

presentation


Study’s DesignStudy’s Design 17 male participants (Pitt CS seniors)17 male participants (Pitt CS seniors)

Two studies:Two studies:• Unmodified browser (IE)

• Modified Mozilla Firebird 0.6.1 with CSCV and SPW

No feedback given between these two No feedback given between these two studiesstudies• (Note: ordering not randomized)


Study’s DesignStudy’s Design Visit three Visit three fictionalfictional but realistic sites but realistic sites

• Students given password protected accounts

Site1: “maintained by Pitt”Site1: “maintained by Pitt”• Monitor reward points (do well in exams, etc)• HTTPS + Certificate issued by internal CA

Site2: “e-merchant Site2: “e-merchant notnot affiliated with Pitt” affiliated with Pitt”• Spend reward points on books, CDs, etc.• HTTPS + bogus certificate

Site3: “users’ Web email accounts”Site3: “users’ Web email accounts”• HTTP only (no certificate)


Study’s DesignStudy’s Design

User’s ActionUser’s Action Score Score (points)(points)

Access to a site despite lack of Access to a site despite lack of securitysecurity

00

Simply did not visit the site Simply did not visit the site insecurelyinsecurely

5050

Correctly obtained and installed Correctly obtained and installed the issuing CA’s certificatethe issuing CA’s certificate

100100

Choosing not to access to 2nd Choosing not to access to 2nd and 3rd site insecurelyand 3rd site insecurely

100100


Study’s ResultsStudy’s Results Guesses?Guesses?


Study’s ResultsStudy’s Results With current Web browsers, the mentioned With current Web browsers, the mentioned

attacks are alarmingly likely to succeedattacks are alarmingly likely to succeed• More often than not, users’ behavior defeats

the existing Web security mechanisms.

• “um, another of those pop-ups.”

• “I always just click yes when I see these pop-ups.”


Study’s ResultsStudy’s Results CSCV blocked MITM attacks against CSCV blocked MITM attacks against

HTTPS-based applications completelyHTTPS-based applications completely

SPW greatly reduced the insecure SPW greatly reduced the insecure transmission of passwords in an HTTP-transmission of passwords in an HTTP-based applicationbased application

Although untrained, users had little trouble Although untrained, users had little trouble using CSCV and SPWusing CSCV and SPW


DiscussionDiscussion Thoughts on results?Thoughts on results?


DiscussionDiscussion Possible novelty effectsPossible novelty effects

• People might change behavior after getting used to new messages

Behavior outside of lab studyBehavior outside of lab study• People might still not go find person to verify

Web Browser Privacy and Security Part I. Usable Privacy and Security Carnegie Mellon University...

Documents

Transcript of Web Browser Privacy and Security Part I. Usable Privacy and Security Carnegie Mellon University...