hardening web browsers against man-in-the-middle and eavesdropping attacks
DESCRIPTION
Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks. Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh [email protected] Joint work with Haidong Xia. Motivation. Technology for securing Web applications is thought to be well-understood: - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/1.jpg)
Hardening Web Browsers Hardening Web Browsers Against Man-in-the-Middle Against Man-in-the-Middle
and Eavesdropping Attacksand Eavesdropping Attacks
Dr. José Carlos BrustoloniDept. Computer ScienceUniversity of [email protected] work with Haidong Xia
![Page 2: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/2.jpg)
Jose' Brustoloni 2May 12, 2005
MotivationMotivation
♦ Technology for securing Web applications is thought to be well-understood: HTTPS = HTTP + SSL/TLS
♦ What about the usability of this technology?
![Page 3: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/3.jpg)
Jose' Brustoloni 3May 12, 2005
ContributionsContributions
We performed user studies to answer three related questions:
1. With current browsers and users, how likely is an attack to succeed? A: Very likely. HTTPS provides alarmingly little actual
security.
2. Is it possible to make browsers more foolproof? A: Yes. We propose and demonstrate new user interface
techniques, CSCV and SPW, that greatly increase usable security.
3. Can user education improve Web browsing security? A: Yes, but better browser/CSCV had greater impact than did
education.
![Page 4: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/4.jpg)
Jose' Brustoloni 4May 12, 2005
Eavesdropping attacksEavesdropping attacks
♦ Easy to perform on local area networks with shared medium, e.g.: Ethernet (with hubs) Wi-Fi
♦ Many free applications can be used for eavesdropping, e.g.: tcpdump ethereal
![Page 5: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/5.jpg)
Jose' Brustoloni 5May 12, 2005
Man-in-the-middle (MITM) attacksMan-in-the-middle (MITM) attacks
♦ Actually only slightly more complicated than eavesdropping
♦ Easily available, free tools: arpspoof dnsspoof webmitm
♦ Necessary if no shared medium (e.g. switched Ethernet) or packets encrypted (e.g. WPA, SSL/TLS)
![Page 6: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/6.jpg)
Jose' Brustoloni 6May 12, 2005
MITM attack on switched EthernetMITM attack on switched Ethernet
![Page 7: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/7.jpg)
Jose' Brustoloni 7May 12, 2005
Access Point
SSID: “goodguy”
SSID: “badguy”
Stronger or CloserAccess Point(Tool: Airsnarf)
“ANY”
Wi-Fi Card
SSID: “goodguy”“badguy”
MITM attack on Wi-FiMITM attack on Wi-Fi
![Page 8: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/8.jpg)
Jose' Brustoloni 8May 12, 2005
Certificate verification (in theory)Certificate verification (in theory)
♦ Browser has public keys of major certifying authorities (CAs, e.g., Verisign)
♦ Secure site supposed to get certificate from one of these CAs, with: CA’s signature certificate expiration site’s name site’s public key
♦ Browser supposed to: check CA’s signature, expiration, site’s name, CA’s
revocation list get site’s public key and use it to authenticate site
![Page 9: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/9.jpg)
Jose' Brustoloni 9May 12, 2005
Certificate verification (in practice)Certificate verification (in practice)
♦ Public-key infrastructure (PKI) not universally deployed
♦ Certificate verification errors are common
♦ Browsers warn users of errors, but allow users to continue despite errors
→ Vulnerability to MITM attacks despite HTTPS
![Page 10: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/10.jpg)
Jose' Brustoloni 10May 12, 2005
Why certificate verification failsWhy certificate verification fails
1. Browser does not have public key of certificate’s issuer very common for internal sites → often not attack uncommon for public sites → high risk of attack
2. Certificate expired may result from simple inattention unlikely to be attack
3. Certificate’s subject not desired site if subject in same domain as desired site → unlikely to be
attack otherwise → high risk of attack
Current browsers allow user to proceed despite error in all of these cases
![Page 11: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/11.jpg)
Jose' Brustoloni 11May 12, 2005
Context-Sensitive Certificate Verification Context-Sensitive Certificate Verification (CSCV)(CSCV)
CSCV-aware private CA:1. Distributes its public key to organization members, on
removable media (e.g., floppy disk or USB key)2. Includes administrator’s contact information in issued
certificates
If certificate verification fails because issuer’s public key unknown, CSCV-aware browser:
1. Asks user for key on removable media2. If user does not have it, uses information in certificate to
guide user on how to contact CA’s administrator to overcome error
3. Does not allow user to continue without correcting error
![Page 12: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/12.jpg)
Jose' Brustoloni 12May 12, 2005
Unencrypted passwordsUnencrypted passwords
Existing browsers warn against unencrypted transmission, but:
♦ Do not discriminate between passwords and other data
♦ Warnings occur quite frequently♦ Often ignored or disabled by users
![Page 13: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/13.jpg)
Jose' Brustoloni 13May 12, 2005
Specific Password Warnings (SPW)Specific Password Warnings (SPW)
♦ Browser detects user about to send password unencrypted
♦ Asks if password protects important account♦ If so, strongly discourages user from
continuing: Tells user signs of secure site (https:, closed
padlock) Asks user to consider possibility of MITM replica
of usually secure site Asks user to consider consequences of financial
or privacy loss
![Page 14: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/14.jpg)
Jose' Brustoloni 14May 12, 2005
Just-in-Time Instruction (JITI)Just-in-Time Instruction (JITI)
♦ Warn-and-Continue (WC) – e.g., Internet Explorer (IE):
1. Uses concepts that users do not understand2. Does not fully disclose possible consequences3. Does not tell users how to overcome error4. Can be ignored by users
![Page 15: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/15.jpg)
Jose' Brustoloni 15May 12, 2005
Improving JITIImproving JITI
♦ Guidance Without Override (GWO) – e.g., CSCV:
Addresses all four shortcomings in WC Not always possible
♦ Guidance With Override (G+O) – e.g., SPW:
Unlike GWO, can be ignored by user More generally applicable, but less secure
![Page 16: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/16.jpg)
Jose' Brustoloni 16May 12, 2005
Well-in-Advance Instruction (WIAI)Well-in-Advance Instruction (WIAI)
♦ Whitten’s alternative to JITI♦ Safe staging: each stage enables only data and
functions that user knows how to manipulate safely
♦ Our instantiation: Staged PKI Client (SPKIC)1. Use browser with restricted functions and learn to
reject unverified certificates, not to send unencrypted passwords, and how to get CA’s public key
2. Learn about MITM attacks, set up CA, issue bona fide and bogus certificates
3. Use IE without restrictions
![Page 17: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/17.jpg)
Jose' Brustoloni 17May 12, 2005
User studiesUser studies
Male CS undergrads
1. Untrained, using unmodified IE
2. Untrained, using modified Mozilla with CSCV, SPW
3. After staged security training, using unmodified IE
Scenario
1. Check balance at “rewards” site in students’ university –
with HTTPS, certificate from unknown CA, correct local contact info
2. Spend rewards to buy one or more items at e-merchant site –
with HTTPS, certificate from unknown CA, bogus contact info
3. Get order confirmation message at Web-based email site –
with HTTP only / no certificate
![Page 18: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/18.jpg)
Jose' Brustoloni 18May 12, 2005
Experimental resultsExperimental results
• Alarming insecurity for untrained users with existing browsers
• Users actually behaved less securely with HTTPS• CSCV, SPW, and SPKIC all had highly significant benefits• CSCV’s effect significantly higher than SPKIC’s
![Page 19: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/19.jpg)
Jose' Brustoloni 19May 12, 2005
CaveatsCaveats
♦ Task completion bias♦ Difficulty effect♦ Age, gender, education level, ability not
controlled
![Page 20: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/20.jpg)
Jose' Brustoloni 20May 12, 2005
Related workRelated work
♦ Usable security (Adams & Sasse, Anderson, Zurko & Simon, Sandhu, Xia & Brustoloni)
♦ Whitten & Tygar – PGP♦ Out-of-band certificate fingerprint verification♦ Identity-based cryptography♦ Ackerman & Cranor – critics♦ Ye & Smith – browser trusted paths♦ Yan & al. – education on password selection
![Page 21: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/21.jpg)
Jose' Brustoloni 21May 12, 2005
ConclusionsConclusions
♦ Most users do not check or understand certificates and ignore warnings
♦ Delegating security decisions to users defeats Web security
♦ CSCV: Discriminate context in which certificate verification fails & guide user in correction
♦ SPW: Warn possible consequences of sending passwords unencrypted
♦ CSCV and SPW greatly increase usable security of browsers
![Page 22: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/22.jpg)
Jose' Brustoloni 22May 12, 2005
Significance analysisSignificance analysis
![Page 23: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/23.jpg)
Jose' Brustoloni 23May 12, 2005
Dialog for certificate on removable mediaDialog for certificate on removable media
![Page 24: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/24.jpg)
Jose' Brustoloni 24May 12, 2005
Dialog for determining relationship between Dialog for determining relationship between client and serverclient and server
![Page 25: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/25.jpg)
Jose' Brustoloni 25May 12, 2005
Dialog guiding inside member for Dialog guiding inside member for getting certificategetting certificate
![Page 26: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/26.jpg)
Jose' Brustoloni 26May 12, 2005
Dialog cautioning public client about Dialog cautioning public client about certificate errorcertificate error
![Page 27: Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks](https://reader036.vdocument.in/reader036/viewer/2022081519/56814053550346895dabc5d6/html5/thumbnails/27.jpg)
Jose' Brustoloni 27May 12, 2005
Dialog for unencrypted password – Dialog for unencrypted password – important accountimportant account