why we must ask why
DESCRIPTION
WHY WE MUST ASK WHY. Markus Jakobsson, Principal Scientist, PayPal Keynote, June 7, 2011 MAAWG 22 nd General Meeting, San Francisco, CA. Why Did the Internet Turn out as it Did?. We first designed it to provide features , then for usability . We never designed it with abuse - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/1.jpg)
Messaging Anti-Abuse Working Group
MAAWG | maawg.org | San Francisco, CA 2011
WHY WE MUST ASK WHYMarkus Jakobsson, Principal Scientist, PayPalKeynote, June 7, 2011MAAWG 22nd General Meeting, San Francisco, CA
![Page 2: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/2.jpg)
Why Did the Internet Turn out as it Did?
We first designed it to provide features, then
for usability. We never designed it with abuse
in mind. We did not try to predict the future.
And now we are in a pickle.
![Page 3: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/3.jpg)
Predicting An Unsupervised Future
“Predicting the future is much too easy, anyway.
You look at the people around you, the street you
stand on, the visible air you breathe, and predict
more of the same. To hell with more. I want better.”
Ray Bradbury
![Page 4: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/4.jpg)
To Hell With More. I want better.
Who?
Where? What?
Weak Authentication
Weak Authentication
MalwareMalwareSpoofingSpoofing
Why?
Before we can address any problem, we need to know why it occurs.Talk focus: mobile Internet. Will be huge – and we can ask “why” before it is too late.
![Page 5: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/5.jpg)
Web/App Spoofing: Why Works?Where?
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
Jakobsson/Leddy: www.spoofkiller.com
![Page 6: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/6.jpg)
Web/App Spoofing: Why Works?Where?
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
Traditional countermeasures address this part (locks, colors, warnings – a user communication problem)
Jakobsson/Leddy: www.spoofkiller.com
![Page 7: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/7.jpg)
Web/App Spoofing: Why Works?Where?
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
An attacker is successful if
1.The victim is tricked, and as a result2.The victim acts, benefitting the attacker
Can we address this instead?
Jakobsson/Leddy: www.spoofkiller.com
![Page 8: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/8.jpg)
Imagine a World Where…Where?
GOOD SITE
+
NAÏVE USER
=
SUCCESS
Jakobsson/Leddy: www.spoofkiller.com
SPOOF SITE
+
NAÏVE USER(SAME ACTION)
=
ABORT
![Page 9: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/9.jpg)
Here is How to Do It!Where?
Jakobsson/Leddy: www.spoofkiller.com
Got cert?Got cert?
LOG IN NOW
ABORT
Y
N
![Page 10: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/10.jpg)
We are all Pavlov’s dogs!Where?
Jakobsson/Leddy: www.spoofkiller.com
![Page 11: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/11.jpg)
Demo time!Where?
Jakobsson/Leddy: www.spoofkiller.com
Demo produced by Hossein Siadaty
![Page 12: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/12.jpg)
Jakobsson/Leddy: www.spoofkiller.com
![Page 13: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/13.jpg)
Jakobsson/Leddy: www.spoofkiller.com
![Page 14: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/14.jpg)
Take-Home MessageWhere?
Jakobsson/Leddy: www.spoofkiller.com
It is more important to understand people than to understand computers.
It is more important to understand people than to understand computers.
![Page 15: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/15.jpg)
Now: Authentication
Jakobsson/Akavipat: www.fastword.me
Who?
People hate passwords – especially on handsets
• Slow to enter … … and then you realize you mistyped something!
• At the same time, recall rates are low for passwords … and reset is difficult / insecure / expensive
• PINs are faster … … but not very secure … and reuse is rampant
![Page 16: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/16.jpg)
Understanding usability issues
Jakobsson/Akavipat: www.fastword.me
Who?
Q. Why are passwords more painful than text? A. Text uses auto-correction/completion! Q. Why are passwords more painful than text? A. Text uses auto-correction/completion!
![Page 17: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/17.jpg)
Understanding recall issues
Jakobsson/Akavipat: www.fastword.me
Who?
Q. Why are (good) passwords hard to recall? A. Good passwords are weird! Q. Why are (good) passwords hard to recall? A. Good passwords are weird!
(Ebbinghausen, 1885)
![Page 18: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/18.jpg)
A stab at a solution
Jakobsson/Akavipat: www.fastword.me
Who?
Not so secure, you say?Approx. 64k words only.
Auto correct works
frogfroffrofrffrof
![Page 19: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/19.jpg)
A stab at a solution
Jakobsson/Akavipat: www.fastword.me
Who?
Auto correct works
frog flat work
![Page 20: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/20.jpg)
A Look at Speed
Jakobsson/Akavipat: www.fastword.me
Who?
![Page 21: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/21.jpg)
A Look at Security
Jakobsson/Akavipat: www.fastword.me
Who?
Average passwordAverage
password
Average fastwordAverage fastword
![Page 22: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/22.jpg)
Forgot your fastword? Hint: “frog”
Jakobsson/Akavipat: www.fastword.me
Who?
EFFECTIVE RECALL: 0.36+(1-0.36)*0.48=0.67 …. 67%
![Page 23: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/23.jpg)
Forgot your fastword? Hint: “frog”
Jakobsson/Akavipat: www.fastword.me
Who?
Average fastwordAverage fastword
Average passwordAverage password
![Page 24: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/24.jpg)
Big-Picture InsightWho?
We can improve as basic things as passwords – if we ask “why”.
We can improve as basic things as passwords – if we ask “why”.
Jakobsson/Akavipat: www.fastword.me
![Page 25: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/25.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
Problem: PowerProblem: Power
![Page 26: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/26.jpg)
Dealing with MalwareWhat?
Three truths:
1.Nasty malware is active2.Active routines are in RAM
3.Algorithms: time-space trade-off
Three truths:
1.Nasty malware is active2.Active routines are in RAM
3.Algorithms: time-space trade-off
Jakobsson/Johansson: www.fatskunk.com
![Page 27: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/27.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
cache
RAM
1. Swap out all programs (malware may refuse)
monolithkernel
![Page 28: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/28.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
monolithkernel
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAM pseudo-random content(malware refuses again)cache
RAM
![Page 29: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/29.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAMpseudo-random content(malware refuses again)
monolithkernel
cache
RAM
![Page 30: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/30.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAMpseudo-random content(malware refuses again)
3. Compute keyed digest of all RAM (access order unknown a priori)
monolithkernel
cache
RAM
![Page 31: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/31.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAMpseudo-random content(malware refuses again)
3. Compute keyed digest of all RAM (access order unknown a priori)
monolithkernel
cache
RAM
![Page 32: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/32.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAMpseudo-random content(malware refuses again)
3. Compute keyed digest of all RAM (access order unknown a priori)
monolithkernel
cache
RAMExternal verifier provides thisExternal verifier provides this
![Page 33: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/33.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
1. Swap out all programs (malware may refuse)
2. Overwrite all “free” RAMpseudo-random content(malware refuses again)
3. Compute keyed digest of all RAM (access order unknown a priori)
monolithkernel
cache
RAM
External verifier will time this(and check result of computation)
External verifier will time this(and check result of computation)
![Page 34: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/34.jpg)
Dealing with MalwareWhat?
Jakobsson/Johansson: www.fatskunk.com
Malware has options:
1.Swap out and become inactive2.Stay, cause delay, be detected3.Refuse connection, be detected
4.Die and remain unnoticed
Malware has options:
1.Swap out and become inactive2.Stay, cause delay, be detected3.Refuse connection, be detected
4.Die and remain unnoticed
![Page 35: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/35.jpg)
After test passedWhat?
Jakobsson/Johansson: www.fatskunk.com
Scan flash for inactive malware, make secure backup to cloud, DRM, password manager, virtualized phone
setup, banking app, vote casting, unlock data/apps, …
Scan flash for inactive malware, make secure backup to cloud, DRM, password manager, virtualized phone
setup, banking app, vote casting, unlock data/apps, …
![Page 36: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/36.jpg)
More detail: unlocking data/appsWhat?
Jakobsson/Johansson: www.fatskunk.com
Application
Encrypted storage of data and routines
Encrypted storage of data and routines
FLASH RAMApplication
Decrypted storage of data and routines
Decrypted storage of data and routines
GET KEY FROM VERIFIER.
LOADLOAD
![Page 37: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/37.jpg)
THE FUTURE MATTERS TODAYWhy?
Jakobsson/Johansson: www.fatskunk.com
Anticipating problems gives us time to innovate.
Anticipating problems gives us time to innovate.
![Page 38: WHY WE MUST ASK WHY](https://reader035.vdocument.in/reader035/viewer/2022062517/56813df3550346895da7cf41/html5/thumbnails/38.jpg)
Why does user education fail?A final why
Contact me to talk spoofing, authentication, malware, mobile, education … and “why”!