Phoolproof Phishing Prevention - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Phoolproof Phishing Prevention

Description:

Phoolproof Phishing Prevention – PowerPoint PPT presentation

Number of Views:299
Avg rating:3.0/5.0
Slides: 46
Provided by: Bryan112
Category:

less

Transcript and Presenter's Notes

Title: Phoolproof Phishing Prevention


1
Phoolproof Phishing Prevention
  • Bryan Parno, Cynthia Kuo, Adrian Perrig
  • Carnegie Mellon University

2
A Recent Email
Images from Anti-Phishing Working Groups
Phishing Archive
3
Images from Anti-Phishing Working Groups
Phishing Archive
4
The next page requests
  • Name
  • Address
  • Telephone
  • Credit Card Number, Expiration Date, Security
    Code
  • PIN
  • Account Number
  • Personal ID
  • Password

5
Images from Anti-Phishing Working Groups
Phishing Archive
6
But wait
WHOIS 210.104.211.21 Location Korea,
Republic Of
Even bigger problem I dont have an account
with US Bank!
Images from Anti-Phishing Working Groups
Phishing Archive
7
(No Transcript)
8
Phishing A Growing Problem
  • Over 16,000 unique phishing attacks reported in
    Nov. 2005, about double the number from 2004
  • Estimates suggest phishing affected 1.2 million
    US citizens and cost businesses billions of
    dollars in 2004
  • Additional losses due to consumer fears

Anti-Phishing Working Group, Phishing Activity
Trends Report, Dec. 2005
9
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

10
Basic Phishing Attack
  • Victim receives email seemingly from an
    institution
  • Often reports a problem with victims account
  • Email demands immediate action
  • Victim led to a website that mimics that of the
    institution
  • Prompted to enter account information, passwords,
    personal information, etc.
  • Two variations
  • Passive Attacker collects victims information
    for later exploitation
  • Active Attacker relays victims information to
    the real institution and plunders the account in
    real time

11
Current Phishing Techniques
  • Employ visual elements from target site
  • DNS Tricks
  • www.ebay.com.kr
  • www.ebay.com_at_192.168.0.5
  • www.gooogle.com
  • Unicode attacks
  • JavaScript Attacks
  • Spoofed SSL lock
  • Certificates
  • Phishers can acquire certificates for domains
    they own
  • Certificate authorities make mistakes

12
Advanced Phishing Attacks
  • Spear-phishing Improved target selection
  • Socially aware attacks Jakobsson 2005
  • Mine social relationships from public data
  • Phishing email appears to arrive from someone
    known to the victim
  • Context-aware attacks ibid
  • Your bid on eBay has won!
  • The books on your Amazon wishlist are on sale!

13
User Issues
  • Security is a secondary objective
  • Users choose bad passwords and readily disclose
    them
  • Users cannot parse URLs, domain names or PKI
    certificates
  • Users are inundated with warnings and pop-ups

14
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Heuristics
  • Modified Passwords
  • Origin Authentication
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

15
Current Approaches
  • Heuristics
  • Spoofguard Chou et al. 2004, TrustBar HerzGbar
    2004, eBay toolbar, SpoofStick
  • Recent studies indicate users ignore toolbar
    warnings Wu et al. 2005

16
Current Approaches
  • Modified Passwords
  • Single Sign-On
  • Requires users to trust one institution with all
    of their passwords
  • Still faces an authentication problem
  • PwdHash Ross et al. 2005
  • Promising approach, but vulnerable to pharming,
    DNS spoofing, and dictionary attacks
  • One-time passwords (e.g., scratch cards, RSA
    SecurID)
  • Vulnerable to active MitM attacks (already seen
    in the wild)

Withdraw

17
Current Approaches
  • Origin Authentication
  • Dynamic Security Skins DhamTyga 2004, Passmark,
    and the Petname project
  • All rely on user diligence a single mistake
    will result in a compromised account

18
Key Insight
  • Security must not depend entirely on fallible
    users
  • System must be secure by default
  • Design must be robust to user error

19
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

20
Phishing Prevention Goals
  • Ideal Users data only reaches intended
    recipient
  • Practical Prevent a phisher from viewing or
    modifying a users accounts
  • Reduce the power of attacks to that of
    pre-Internet scams
  • E.g., an attacker can still subvert a company
    insider

21
Contributions
  • Plan for human errors by guarding users accounts
    even when they make mistakes
  • Use a mobile device to establish an authenticator
    the user cannot readily disclose
  • Protect against active Man-in-the-Middle attacks
  • Defend against keyloggers
  • Develop a prototype implementation

22
Design Principles
  • Sidestep the arms race
  • Incremental solutions provoke adaptations
  • Provide mutual authentication
  • Phishing exploits two authentication failures
  • Server to User and User to Server
  • Reduce reliance on users
  • Users are unsuited to authenticating others or
    themselves to others
  • We cannot rely on perfect user behavior
  • Avoid dependence on browser interface
  • Readily spoofed and distrusted by users

23
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

24
Phoolproof Prevention Overview
  • Mobile device creates a public key pair for each
    site
  • Transmits public key to the server
  • To access the site, the mobile device uses the
    private key to authenticate to the server
  • Assists browser in establishing SSL/TLS session
  • Server refuses access unless client can provide
    users password and the mobile device
    authenticates properly

25
User Experience
  • Setup
  • Login to the institutions website
  • Select Phoolproof Phishing Setup
  • Confirm installation on device
  • Use
  • Select secure bookmark on device
  • Login to the website

26
Basic Phoolproof Setup
27
Advanced Phoolproof Setup
  • For additional security, establish a shared
    secret via a trusted side-channel
  • Mail a nonce (or barcode) to address on file
  • Display a barcode at an ATM
  • Setup in person
  • Trusted financial institutions could provide
    setup for companies without a storefront
  • The problem of properly identifying new customers
    predates the Internet
  • Existing research can help secure setup

28
Phoolproof Connection Establishment
29
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

30
Security Analysis
  • Hijacking account setup
  • Users must authenticate site and vice versa
  • (only once/site)
  • Users are at their most alert
  • Advanced setup precludes most attacks
  • Theft (or loss) of the mobile device
  • Thief still needs the users password
  • Device may require pin or biometric verification
  • Users can call companies to revoke their keys
    (like credit cards)
  • Malware on the mobile device
  • Standard security solutions (e.g., antivirus,
    firewalls)
  • Trusted hardware (e.g., TPMs)
  • Mutual software attestation

31
Security Analysis
  • Malware on the computer
  • Standard keylogger fails, since it only obtains
    password
  • Compromise of the browser or the operating system
    is still a problem
  • Attacks on the network
  • Our system is immune to Man-in-the-Middle
    attacks, pharming attacks, and domain hijacking
  • Local attacks on Bluetooth
  • Phishing relies on large-scale attacks, not local
    attacks
  • Attacker still lacks users password, so account
    is secure
  • Existing research McCune et al. 2005
    demonstrates how to establish a secure channel

32
Outline
  • Introduction
  • Phishing Techniques
  • Current Antiphishing Approaches
  • Goals Design Principles
  • Phoolproof Phishing Prevention
  • Security Analysis
  • Implementation

33
Implementation Minimal infrastructure
  • Mobile device Nokia Smartphone
  • Coded in Java for portability to other
    cellphones, PDAs, etc.
  • Small patch to Firefox
  • Detects account setup tag
  • Modifies SSL establishment
  • Server changes are minimal for IIS, Apache and
    Apache-SSL
  • For Apache 2.0

optional_no_ca
SSLVerifyClient
none
SSLOptions
ExportCertData
  • Plus two short perl scripts

34
Setup
35
Setup
36
Setup
37
Setup
38
Login
39
Login
40
Login
41
Login
42
Login
43
Implementation Performance
20 Trials
44
Conclusions
  • Phishing is a growing problem, and attacks will
    only become more sophisticated
  • We should avoid relying on perfect user behavior
  • Instead, we use cryptographic techniques to
    protect even fallible users
  • Our implementation demonstrates the feasibility
    of phoolproof phishing prevention

45
Thank you!
parno_at_cmu.edu
46
Future Work
  • Expand prototype into a fully robust application
  • Perform a user study to assess ease of use
  • Integrate with our universitys web login
  • Collaborate with other institutions

47
Man-in-the-Middle Attack
  • Immune to this attack for the same reason SSL/TLS
    is immune
  • Attacker does not have access to the private key
    material for the user or the server

48
Preventing a MitM Attack
h
49
Advanced ATM Setup
  • Phone transfers trust in ATM to trust in online
    account setup

camera
vision
Write a Comment
User Comments (0)
About PowerShow.com