conveying trust
DESCRIPTION
Conveying Trust. Serge Egelman. Portal to The Interweb. Threats to privacy: Phishing Information interception Fraudulent sites Web browser is central Email IM Detection must occur here. In The Beginning…. Man-in-the-middle Sniffing SSL solved these Browser SSL indicators Locks - PowerPoint PPT PresentationTRANSCRIPT
CMU Usable Privacy and SecurityLaboratory
http://cups.cs.cmu.edu/
Conveying TrustConveying Trust
Serge Egelman
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Portal to The InterwebPortal to The Interweb Threats to privacy:Threats to privacy:• Phishing
• Information interception
• Fraudulent sites
Web browser is centralWeb browser is central• Email
• IM
Detection must occur hereDetection must occur here
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
In The Beginning…In The Beginning… Man-in-the-middleMan-in-the-middle
SniffingSniffing
SSL solved theseSSL solved these
Browser SSL indicatorsBrowser SSL indicators• Locks
• Keys
• Borders
• URL bar
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
SSL IndicatorsSSL Indicators Microsoft IEMicrosoft IE
MozillaMozilla
FirefoxFirefox
SafariSafari
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
But What About Phishing?But What About Phishing? ToolbarsToolbars
User notificationUser notification• Audio
• Pop-ups
• Indicators
Community ratingsCommunity ratings
HeuristicsHeuristics
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars Clear SearchClear Search• Scans email using heuristics
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars CloudmarkCloudmark• Community ratings
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars eBay ToolbareBay Toolbar• Community ratings
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars SpoofGuardSpoofGuard• URL analysis
• Password analysis
• Image analysis
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars Trustbar (Mozilla)Trustbar (Mozilla)• Analyzes known sites
• Analyzes certificate information
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Phishing ToolbarsPhishing Toolbars TrustwatchTrustwatch• Site ratings
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
But Do They Work?But Do They Work? NoNo• 25 Sites tested
• Cloudmark: 10 (40%) identified
• Netcraft: 19 (76%) identified
• Spoofguard: 10 (40%) identified
• Trustwatch: 9 (36%) identified
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Activity #1Activity #1 Download a phishing toolbar:Download a phishing toolbar:• http://www.cloudmark.com/desktop/download/• http://pages.ebay.com/ebay_toolbar/• http://crypto.stanford.edu/SpoofGuard/• http://trustbar.mozdev.org/• http://toolbar.trustwatch.com/• http://toolbar.netcraft.com/
Pros? Cons?Pros? Cons?
Is it usable?Is it usable?
How could it be circumvented?How could it be circumvented?
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Other Browser PluginsOther Browser Plugins Previously mentioned toolbarsPreviously mentioned toolbars• Phishing
• Fraudulent sites
• Limited intelligence
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Password HashingPassword Hashing Many users use same passwordsMany users use same passwords• One compromise leads to many
• Knowing real password doesn’t help
Hashing solves thisHashing solves this• Passwords hashed automatically with domain
name
• User doesn’t know the difference
Mozilla extensionMozilla extension
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Dynamic Security SkinsDynamic Security Skins User remembers one imageUser remembers one image• Trusted window
User remembers one passwordUser remembers one password• Ease of use
• Sites get hashed password
Matches two patterns to trust serverMatches two patterns to trust server• Generated using a shared secret
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Trusted WindowTrusted Window
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Verifying SitesVerifying Sites
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Using TokensUsing Tokens Two factor authenticationTwo factor authentication• Something you have
• Usually cryptographic
SecureIDSecureID
Smart cardsSmart cards
Random cryptographic tokensRandom cryptographic tokens
Scratch cardsScratch cards
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Using PhonesUsing Phones Client side certificatesClient side certificates• Private keys generated/stored on phone
• New key for each phone
Keys linked to domain namesKeys linked to domain names
Key generated upon new connectionKey generated upon new connection
BluetoothBluetooth
No server modificationsNo server modifications
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Current Browser SupportCurrent Browser Support Hardware driversHardware drivers• Crappy browser support
• Example
Simple text boxSimple text box
Make using the device unobtrusiveMake using the device unobtrusive
Activity #2Activity #2
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
False Sense of SecurityFalse Sense of Security JavaScript tricksJavaScript tricks• ING example
• MITM
• Spyware
Stored imagesStored images• Bank of America example
• MITM
• Spyware
CAPTCHAsCAPTCHAs• MITM
• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman
Activity #3Activity #3 What security features really need to be What security features really need to be
prominent?prominent?