web browser privacy and security part i. usable privacy and security carnegie mellon university...
Post on 21-Dec-2015
219 views
TRANSCRIPT
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Today’s TopicsToday’s Topics Trusted PathsTrusted Paths
Context-Sensitive Certificate Verification Context-Sensitive Certificate Verification (optional paper)(optional paper)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Trusted PathsTrusted Paths Trusted paths are used to help users Trusted paths are used to help users
ensure that they are communicating with ensure that they are communicating with whom they think they arewhom they think they are• Ex. Ctrl-Alt-Del in Windows systems cannot
be intercepted
Trusted paths for Web are difficult becauseTrusted paths for Web are difficult because• From remote server to browser to user
• Trivial to make fake UIs that look legit
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #1Example Attack #1
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #1Example Attack #1
Is this from eBay?No trusted path, hard to tell
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #2Example Attack #2
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #2Example Attack #2
Is this from eBay?No trusted path, hard to tell
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #3Example Attack #3
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Example Attack #3Example Attack #3Is this from eBay?
No trusted path to realeBay to verify
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
One Idea: Dynamic Security One Idea: Dynamic Security SkinsSkins
User remembers one imageUser remembers one image• Shown in a trusted window
User remembers one passwordUser remembers one password• Ease of use
• Sites get hashed password only
Uses Secure Remote Password w/ serverUses Secure Remote Password w/ server• Generated using a shared secret
Dhamija and Tygar, The Battle Against Phishing:Dynamic Security Skins, SOUPS 2005
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
How to Show Trusted PathHow to Show Trusted Path Static security indicatorsStatic security indicators
• Ex. Secure window uses a certain color border
• Ex. Secure window uses lock icon
• Rejected, too predictable and easy to spoof
Custom security indicatorCustom security indicator• Ex. One indicator per site
• Ex. One indicator per user
• Rejected, too much effort
• (Also too much to remember)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Dynamic Security SkinsDynamic Security Skins
• In theory, lots of imagesshould make it hard to spoof
• Trusted path to password window
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Dynamic Security SkinsDynamic Security Skins
• A unique pattern is generated by each web site (visual hash)
• Trusted path from password entryto web site
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Another Idea: TokensAnother Idea: Tokens Two factor authenticationTwo factor authentication
• Something you have
• Usually cryptographic
SecureIDSecureID
Smart cardsSmart cards
Random cryptographic tokensRandom cryptographic tokens
Scratch cardsScratch cards
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
A Third Idea: Mobile PhonesA Third Idea: Mobile Phones Everyone’s got a mobile phoneEveryone’s got a mobile phone
Client side certificatesClient side certificates• Private keys generated/stored on phone
• New key for each phone
Keys linked to domain namesKeys linked to domain names
Key generated upon new connectionKey generated upon new connection
Bluetooth from phone to PCBluetooth from phone to PC
Very few server modificationsVery few server modifications
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Discussion of Trusted PathDiscussion of Trusted Path ““[O]n each launch of Firefox, paint the [O]n each launch of Firefox, paint the
Firefox interface with a nonintrusive, Firefox interface with a nonintrusive, randomly generated pattern. Because sites randomly generated pattern. Because sites wouldn’t be able to replicate this pattern, wouldn’t be able to replicate this pattern, users would know when they were viewing users would know when they were viewing [a] spoofed UI”[a] spoofed UI”
Other ideas for trusted paths?Other ideas for trusted paths?
Other barriers to adoption?Other barriers to adoption?
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Today’s TopicsToday’s Topics Trusted PathsTrusted Paths
Context-Sensitive Certificate Verification Context-Sensitive Certificate Verification (optional paper)(optional paper)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
CertificatesCertificates A secure way of binding a public key with A secure way of binding a public key with
an identityan identity• Ex. Amazon sends its certificate via https
• Makes it easier to encrypt communications
How to know if this certificate is legitimate?How to know if this certificate is legitimate?• Certificate is also signed by a well-known
certificate authority (CA)
• Certificates of these CAs often included in web browser
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Self-Signed CertificatesSelf-Signed Certificates Some sites use self-signed certificates Some sites use self-signed certificates
• Want to avoid monetary and overhead costs
• Often leads to security alerts like below
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
1.1. Browser may not know public key of the Browser may not know public key of the CA that issued the server’s certificateCA that issued the server’s certificate• Internal web server (only by members of the
organization) (significant annual fee)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
1.1. Browser may not know public key of the Browser may not know public key of the CA that issued the server’s certificateCA that issued the server’s certificate• Internal web server (only by members of the
organization) (significant annual fee)
• Own CA: public key installed in browser (no verification errors), but large number of users / user owned computers means high maint
2.2. Issuer’s or the server’s certificate may be Issuer’s or the server’s certificate may be expiredexpired
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
3.3. Common name Common name of certificate does not of certificate does not match server’s fully qualified domain namematch server’s fully qualified domain name♦ Mistake, ex. s3.acme.com vs s10.acme.com♦ Might be attacker using his own identity with a
CA generated certificate (difficult)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Aside: Phishing AttackAside: Phishing Attack
Signed certificate fromEquifax / Geotrust
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
3.3. Common name Common name of certificate does not of certificate does not match server’s fully qualified domain namematch server’s fully qualified domain name♦ Mistake, ex. s3.acme.com vs s10.acme.com♦ Might be attacker using his own identity with a
CA generated certificate (easy, but expensive)♦ Might be attacker using a stolen certificate
(along with the private key) (difficult)♦ Or might be self-signed certificate (easy)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Why Certificate Verification Why Certificate Verification FailsFails
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
DiscussionDiscussion
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Context-Sensitive Certificate Context-Sensitive Certificate VerificationVerification
Clarify relationship between user and Clarify relationship between user and server’s (non verified) certificateserver’s (non verified) certificate• Not giving the user override mechanisms
Distribute signed certificates of internal Distribute signed certificates of internal servers out of bandservers out of band
Use typically unused certificate fields:Use typically unused certificate fields:• CA’s contact information (field: issuer
alternative name)
• CA administrator’s name, address, telephone and fax numbers, and work hours.
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Context Sensitive Certificate Context Sensitive Certificate VerificationVerification
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
If you said you arean internal member…
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
If you said you arean external member…
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Specific Passwords Specific Passwords WarningsWarnings
Helps prevent eavesdroppingHelps prevent eavesdropping
Allow overridingAllow overriding
Existing version:Existing version:
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Specific Passwords Specific Passwords WarningsWarnings
Is this an important account?
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Specific Passwords Specific Passwords WarningsWarnings
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
DiscussionDiscussion Thoughts so far on designs?Thoughts so far on designs?
• Context-sensitive Certificate Verification
• Specific Password Warnings
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
User StudiesUser Studies Computer literate users (CLU)Computer literate users (CLU)
Evaluate:Evaluate:• Likelihood of successful attack in
representative security-sensitive Web apps
• Possibility of “foolproofing” browsers, so they can be used securely even by untrained CLUs
• Can education about the relevant security principles, attacks, and tools improve the security of how users browse the Web? Note: This last hypothesis is not covered in this
presentation
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s DesignStudy’s Design 17 male participants (Pitt CS seniors)17 male participants (Pitt CS seniors)
Two studies:Two studies:• Unmodified browser (IE)
• Modified Mozilla Firebird 0.6.1 with CSCV and SPW
No feedback given between these two No feedback given between these two studiesstudies• (Note: ordering not randomized)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s DesignStudy’s Design Visit three Visit three fictionalfictional but realistic sites but realistic sites
• Students given password protected accounts
Site1: “maintained by Pitt”Site1: “maintained by Pitt”• Monitor reward points (do well in exams, etc)• HTTPS + Certificate issued by internal CA
Site2: “e-merchant Site2: “e-merchant notnot affiliated with Pitt” affiliated with Pitt”• Spend reward points on books, CDs, etc.• HTTPS + bogus certificate
Site3: “users’ Web email accounts”Site3: “users’ Web email accounts”• HTTP only (no certificate)
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s DesignStudy’s Design
User’s ActionUser’s Action Score Score (points)(points)
Access to a site despite lack of Access to a site despite lack of securitysecurity
00
Simply did not visit the site Simply did not visit the site insecurelyinsecurely
5050
Correctly obtained and installed Correctly obtained and installed the issuing CA’s certificatethe issuing CA’s certificate
100100
Choosing not to access to 2nd Choosing not to access to 2nd and 3rd site insecurelyand 3rd site insecurely
100100
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s ResultsStudy’s Results Guesses?Guesses?
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s ResultsStudy’s Results With current Web browsers, the mentioned With current Web browsers, the mentioned
attacks are alarmingly likely to succeedattacks are alarmingly likely to succeed• More often than not, users’ behavior defeats
the existing Web security mechanisms.
• “um, another of those pop-ups.”
• “I always just click yes when I see these pop-ups.”
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
Study’s ResultsStudy’s Results CSCV blocked MITM attacks against CSCV blocked MITM attacks against
HTTPS-based applications completelyHTTPS-based applications completely
SPW greatly reduced the insecure SPW greatly reduced the insecure transmission of passwords in an HTTP-transmission of passwords in an HTTP-based applicationbased application
Although untrained, users had little trouble Although untrained, users had little trouble using CSCV and SPWusing CSCV and SPW
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
DiscussionDiscussion Thoughts on results?Thoughts on results?
Usable Privacy and Security • Carnegie Mellon University • Spring 2007 • Cranor/Hong • http://cups.cs.cmu.edu/courses/ups-sp06/
DiscussionDiscussion Possible novelty effectsPossible novelty effects
• People might change behavior after getting used to new messages
Behavior outside of lab studyBehavior outside of lab study• People might still not go find person to verify