Phoolproof Phishing Prevention

1
Phoolproof Phishing Prevention

• Bryan Parno, Cynthia Kuo, Adrian Perrig
• Carnegie Mellon University

2
A Recent Email
Images from Anti-Phishing Working Groups
Phishing Archive
3
Images from Anti-Phishing Working Groups
Phishing Archive
4
The next page requests

• Name
• Address
• Telephone
• Credit Card Number, Expiration Date, Security
  Code
• PIN
• Account Number
• Personal ID
• Password

5
Images from Anti-Phishing Working Groups
Phishing Archive
6
But wait
WHOIS 210.104.211.21 Location Korea,
Republic Of
Even bigger problem I dont have an account
with US Bank!
Images from Anti-Phishing Working Groups
Phishing Archive
7
(No Transcript)
8
Phishing A Growing Problem

• Over 16,000 unique phishing attacks reported in
  Nov. 2005, about double the number from 2004
• Estimates suggest phishing affected 1.2 million
  US citizens and cost businesses billions of
  dollars in 2004
• Additional losses due to consumer fears

Anti-Phishing Working Group, Phishing Activity
Trends Report, Dec. 2005
9
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

10
Basic Phishing Attack

• Victim receives email seemingly from an
  institution
• Often reports a problem with victims account
• Email demands immediate action
• Victim led to a website that mimics that of the
  institution
• Prompted to enter account information, passwords,
  personal information, etc.
• Two variations
• Passive Attacker collects victims information
  for later exploitation
• Active Attacker relays victims information to
  the real institution and plunders the account in
  real time

11
Current Phishing Techniques

• Employ visual elements from target site
• DNS Tricks
• www.ebay.com.kr
• www.ebay.com_at_192.168.0.5
• www.gooogle.com
• Unicode attacks
• JavaScript Attacks
• Spoofed SSL lock
• Certificates
• Phishers can acquire certificates for domains
  they own
• Certificate authorities make mistakes

12
Advanced Phishing Attacks

• Spear-phishing Improved target selection
• Socially aware attacks Jakobsson 2005
• Mine social relationships from public data
• Phishing email appears to arrive from someone
  known to the victim
• Context-aware attacks ibid
• Your bid on eBay has won!
• The books on your Amazon wishlist are on sale!

13
User Issues

• Security is a secondary objective
• Users choose bad passwords and readily disclose
  them
• Users cannot parse URLs, domain names or PKI
  certificates
• Users are inundated with warnings and pop-ups

14
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Heuristics
• Modified Passwords
• Origin Authentication
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

15
Current Approaches

• Heuristics
• Spoofguard Chou et al. 2004, TrustBar HerzGbar
  2004, eBay toolbar, SpoofStick
• Recent studies indicate users ignore toolbar
  warnings Wu et al. 2005

16
Current Approaches

• Modified Passwords
• Single Sign-On
• Requires users to trust one institution with all
  of their passwords
• Still faces an authentication problem
• PwdHash Ross et al. 2005
• Promising approach, but vulnerable to pharming,
  DNS spoofing, and dictionary attacks
• One-time passwords (e.g., scratch cards, RSA
  SecurID)
• Vulnerable to active MitM attacks (already seen
  in the wild)

Withdraw

17
Current Approaches

• Origin Authentication
• Dynamic Security Skins DhamTyga 2004, Passmark,
  and the Petname project
• All rely on user diligence a single mistake
  will result in a compromised account

18
Key Insight

• Security must not depend entirely on fallible
  users
• System must be secure by default
• Design must be robust to user error

19
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

20
Phishing Prevention Goals

• Ideal Users data only reaches intended
  recipient
• Practical Prevent a phisher from viewing or
  modifying a users accounts
• Reduce the power of attacks to that of
  pre-Internet scams
• E.g., an attacker can still subvert a company
  insider

21
Contributions

• Plan for human errors by guarding users accounts
  even when they make mistakes
• Use a mobile device to establish an authenticator
  the user cannot readily disclose
• Protect against active Man-in-the-Middle attacks
• Defend against keyloggers
• Develop a prototype implementation

22
Design Principles

• Sidestep the arms race
• Incremental solutions provoke adaptations
• Provide mutual authentication
• Phishing exploits two authentication failures
• Server to User and User to Server
• Reduce reliance on users
• Users are unsuited to authenticating others or
  themselves to others
• We cannot rely on perfect user behavior
• Avoid dependence on browser interface
• Readily spoofed and distrusted by users

23
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

24
Phoolproof Prevention Overview

• Mobile device creates a public key pair for each
  site
• Transmits public key to the server
• To access the site, the mobile device uses the
  private key to authenticate to the server
• Assists browser in establishing SSL/TLS session
• Server refuses access unless client can provide
  users password and the mobile device
  authenticates properly

25
User Experience

• Setup
• Login to the institutions website
• Select Phoolproof Phishing Setup
• Confirm installation on device
• Use
• Select secure bookmark on device
• Login to the website

26
Basic Phoolproof Setup
27
Advanced Phoolproof Setup

• For additional security, establish a shared
  secret via a trusted side-channel
• Mail a nonce (or barcode) to address on file
• Display a barcode at an ATM
• Setup in person
• Trusted financial institutions could provide
  setup for companies without a storefront
• The problem of properly identifying new customers
  predates the Internet
• Existing research can help secure setup

28
Phoolproof Connection Establishment
29
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

30
Security Analysis

• Hijacking account setup
• Users must authenticate site and vice versa
• (only once/site)
• Users are at their most alert
• Advanced setup precludes most attacks
• Theft (or loss) of the mobile device
• Thief still needs the users password
• Device may require pin or biometric verification
• Users can call companies to revoke their keys
  (like credit cards)
• Malware on the mobile device
• Standard security solutions (e.g., antivirus,
  firewalls)
• Trusted hardware (e.g., TPMs)
• Mutual software attestation

31
Security Analysis

• Malware on the computer
• Standard keylogger fails, since it only obtains
  password
• Compromise of the browser or the operating system
  is still a problem
• Attacks on the network
• Our system is immune to Man-in-the-Middle
  attacks, pharming attacks, and domain hijacking
• Local attacks on Bluetooth
• Phishing relies on large-scale attacks, not local
  attacks
• Attacker still lacks users password, so account
  is secure
• Existing research McCune et al. 2005
  demonstrates how to establish a secure channel

32
Outline

• Introduction
• Phishing Techniques
• Current Antiphishing Approaches
• Goals Design Principles
• Phoolproof Phishing Prevention
• Security Analysis
• Implementation

33
Implementation Minimal infrastructure

• Mobile device Nokia Smartphone
• Coded in Java for portability to other
  cellphones, PDAs, etc.
• Small patch to Firefox
• Detects account setup tag
• Modifies SSL establishment
• Server changes are minimal for IIS, Apache and
  Apache-SSL

• For Apache 2.0

optional_no_ca
SSLVerifyClient
none
SSLOptions
ExportCertData

• Plus two short perl scripts

34
Implementation Performance
Average Time (s) Min, Max (s)
Key Creation (offline) 75.0 29, 168
Account Creation 0.4 0.3,0.5
Site Navigation 0.2 0.1,0.2
SSL/TLS Establishment 1.7 1.6,1.9
20 Trials
35
Conclusions

• Phishing is a growing problem, and attacks will
  only become more sophisticated
• We should avoid relying on perfect user behavior
• Instead, we use cryptographic techniques to
  protect even fallible users
• Our implementation demonstrates the feasibility
  of phoolproof phishing prevention

36
Thank you!
parno_at_cmu.edu
37
Future Work

• Expand prototype into a fully robust application
• Perform a user study to assess ease of use
• Integrate with our universitys web login
• Collaborate with other institutions

38
Man-in-the-Middle Attack

• Immune to this attack for the same reason SSL/TLS
  is immune
• Attacker does not have access to the private key
  material for the user or the server

39
Preventing a MitM Attack
h
40
Advanced ATM Setup

• Phone transfers trust in ATM to trust in online
  account setup

camera
vision