Title: Web Browser Privacy and Security
11 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 1 0
Web Browser Privacy and Security
Dhruv Mohindra (MSISPM)? Usable Privacy
Security, Spring 08
21 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
31 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
41 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
A Model For Informed Consent
1 0 1 1 1 0 1
Source Informed Consent by Design(Friedman, Lin,
Miller)?
51 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agreement Revisited...
1 0 1 1 1 0 1
61 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
On the other hand...
1 0 1 1 1 0 1
71 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
But with Web Browsers...
- None of the approaches work
- - One is too intrusive, the other too lax
- It is a good idea to reveal simple and required
features - - The vast population just wants to browse the
Internet - Hide complexity underneath, advanced users can
find it - - Expose tutorials and links so that others
are satisfied - Strike a trade-off between security and
usability - - Recovering Stored Passwords in Firefox
1 0 1 1 1 0 1
81 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Towards Better Usability...
Javascript( function()? var s,F,j,f,i s
"" F document.forms for(j0 jltF.length
j) f Fj for (i0 iltf.length
i) if (fi.type.toLowerCase()
"password") s fi.value "\n"
if (s) alert("Passwords in forms on this
page\n\n" s) else alert("There are no
passwords in forms on this page.") )()
1 0 1 1 1 0 1
91 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
101 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Secure Sockets Layer (SSL/TLS)?
- Set of cryptographic protocols
- that provide secure
- communications on the
- Internet, for applications
- Designed to protect from
- eavesdropping, tampering,
- replay and packet forgery.
- SSL/TLS Implementations do
- not signify secure places but
- security in 'transit'.
1 0 1 1 1 0 1
Image Source http//www.windowsitpro.com
111 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
121 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Exercise
- How many people feel that they are safe while
browsing - non TLS(SSL)-enabled websites?
- Have you every questioned someone about how SSL
- works and how you are safe with it? Or do you
take - technology for granted because everyone says
Use SSL - to browse securely?
1 0 1 1 1 0 1
131 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Demonstration
141 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Man-in-the-middle Attack
1 0 1 1 1 0 1
Source http//www.acm.org/crossroads/xrds11-1/gfx
/figure2-wifi.jpg
151 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Man-in-the-middle Attack
- SSL/TLS can be defeated with Social Engineering
-
- Run the following commands (with permission)-
- - arpspoof -t victim gateway
- - arpspoof -t gateway victim
- - echo 1 gt /proc/sys/net/ipv4/ip_forward
- - wireshark
- - webmitm -dd
- - ssldump -n -d -k webmitm.crt tee
ssldump.log - Where,
- victim is the IP address of the victim computer
- gateway is the IP address of the gateway
- (arpspoof utility comes with the dsniff package)?
1 0 1 1 1 0 1
161 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
171 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Anonymous Browsing
- What constitutes anonymity on the Internet?
- - Hiding the IP address
- - Disabling exchange of cookies
- - Other personally identifiable information
- TOR (The Onion Router)?
- - Routes traffic through three mix proxies by
default - - The sender encrypts a message thrice
- - Due to layered encryption, it is called
Onion Routing - - You are safer as long people in your
anonymity set - are non-identifiable
- - TOR is a SOCKS proxy and thus requires
Privoxy - - Privoxy handles http, https data and DNS
lookups - then passes traffic to TOR via a SOCKS
connection
1 0 1 1 1 0 1
181 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
TOR Caveats
- False sense of completion
- - Sometimes users mistakenly feel protected
while they - are not
- Using TOR without Privoxy
- - Configuring a browser to use TOR as its
SOCKS - proxy doesn't work due to DNS lookups/leaks
- Execution of Client-side code
- - Enabling Java, Javascript, Flash or ActiveX
is very - dangerous.
- At first glance the whole system is difficult to
grasp - - No clear description of how tor, Vidalia,
Privoxy work - - No clear message that Privoxy is to run on
port 8118 - while TOR on 9050 (useful when configuring
browser)?
1 0 1 1 1 0 1
191 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
FoxTor on Linux
- TOR, Privoxy and FoxTor installed gracefully
- - Compiled source packages as usual and
installed the - Firefox extension using the web browser.
- Configuration of Privoxy was tricky
- - forward-socks4a / 127.0.0.19050 ., line
had to be - added in /etc/privoxy/config. Not mentioned in
docs. - - It would be nice to have FoxTor's 'help'
have these - descriptions
- Runtime Issues
- - FoxTor continues to say You are now Masked
even - when one has turned off either Privoxy or
tor. - - The user may not realize the real source of
the - problem and may try fiddling with FoxTor
instead
1 0 1 1 1 0 1
201 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
211 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Recent Developments
- Context Sensitive Certificate Verification
- - Clarify relationship between user and server
- - Uses tokens and modifies web browsers
- - Displays a series of alert
boxes...complicated? - - Do you have information on removable
media? - - Are you internal member of Org. that owns
server? - - Doesn't help avoid dangers with public
websites - - Denial of Service
- Specific Password Warnings
- - Alert user while sending unencrypted
passwords - - Series of confirmation windows again...
- - User Study participants are more careful
when you - tell them Do not visit websites you
consider too - risky
1 0 1 1 1 0 1
221 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda
- Web Browsing and 'The User'
- Technology Overview
- Security Concerns
- Privacy Matters
- Recent Developments
- Suggestions
1 0 1 1 1 0 1
231 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Context Sensitive Dialog Boxes
1 0 1 1 1 0 1
241 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Context Sensitive Dialog Boxes
1 0 1 1 1 0 1
- Covey application or website specific risk -
More intuitive and easy to understand - Users
can click 'x' to dismiss anytime - 'Learn More'
is default, curious users will click at first
instinct - Conveys the initial meaning without
any verbose statements - Tailor according to
skill set of user, ask at browser installation
time - Change images while adapting to user's
daily usage and preferences
251 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Conclusion
261 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Questions