Web Browser Privacy and Security

1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 1 0
Web Browser Privacy and Security
Dhruv Mohindra (MSISPM)? Usable Privacy
Security, Spring 08
2
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
3
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
4
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
A Model For Informed Consent
1 0 1 1 1 0 1
Source Informed Consent by Design(Friedman, Lin,
Miller)?
5
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agreement Revisited...
1 0 1 1 1 0 1
6
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
On the other hand...
1 0 1 1 1 0 1
7
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
But with Web Browsers...

• None of the approaches work
• - One is too intrusive, the other too lax
• It is a good idea to reveal simple and required
  features
• - The vast population just wants to browse the
  Internet
• Hide complexity underneath, advanced users can
  find it
• - Expose tutorials and links so that others
  are satisfied
• Strike a trade-off between security and
  usability
• - Recovering Stored Passwords in Firefox

1 0 1 1 1 0 1
8
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Towards Better Usability...
Javascript( function()? var s,F,j,f,i s
"" F document.forms for(j0 jltF.length
j) f Fj for (i0 iltf.length
i) if (fi.type.toLowerCase()
"password") s fi.value "\n"
if (s) alert("Passwords in forms on this
page\n\n" s) else alert("There are no
passwords in forms on this page.") )()
1 0 1 1 1 0 1
9
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
10
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Secure Sockets Layer (SSL/TLS)?

• Set of cryptographic protocols
• that provide secure
• communications on the
• Internet, for applications
• Designed to protect from
• eavesdropping, tampering,
• replay and packet forgery.
• SSL/TLS Implementations do
• not signify secure places but
• security in 'transit'.

1 0 1 1 1 0 1
Image Source http//www.windowsitpro.com
11
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
12
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Exercise

• How many people feel that they are safe while
  browsing
• non TLS(SSL)-enabled websites?
• Have you every questioned someone about how SSL
• works and how you are safe with it? Or do you
  take
• technology for granted because everyone says
  Use SSL
• to browse securely?

1 0 1 1 1 0 1
13
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Demonstration
14
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Man-in-the-middle Attack
1 0 1 1 1 0 1
Source http//www.acm.org/crossroads/xrds11-1/gfx
/figure2-wifi.jpg
15
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Man-in-the-middle Attack

• SSL/TLS can be defeated with Social Engineering
• Run the following commands (with permission)-
• - arpspoof -t victim gateway
• - arpspoof -t gateway victim
• - echo 1 gt /proc/sys/net/ipv4/ip_forward
• - wireshark
• - webmitm -dd
• - ssldump -n -d -k webmitm.crt tee
  ssldump.log
• Where,
• victim is the IP address of the victim computer
• gateway is the IP address of the gateway
• (arpspoof utility comes with the dsniff package)?

1 0 1 1 1 0 1
16
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
17
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Anonymous Browsing

• What constitutes anonymity on the Internet?
• - Hiding the IP address
• - Disabling exchange of cookies
• - Other personally identifiable information
• TOR (The Onion Router)?
• - Routes traffic through three mix proxies by
  default
• - The sender encrypts a message thrice
• - Due to layered encryption, it is called
  Onion Routing
• - You are safer as long people in your
  anonymity set
• are non-identifiable
• - TOR is a SOCKS proxy and thus requires
  Privoxy
• - Privoxy handles http, https data and DNS
  lookups
• then passes traffic to TOR via a SOCKS
  connection

1 0 1 1 1 0 1
18
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
TOR Caveats

• False sense of completion
• - Sometimes users mistakenly feel protected
  while they
• are not
• Using TOR without Privoxy
• - Configuring a browser to use TOR as its
  SOCKS
• proxy doesn't work due to DNS lookups/leaks
• Execution of Client-side code
• - Enabling Java, Javascript, Flash or ActiveX
  is very
• dangerous.
• At first glance the whole system is difficult to
  grasp
• - No clear description of how tor, Vidalia,
  Privoxy work
• - No clear message that Privoxy is to run on
  port 8118
• while TOR on 9050 (useful when configuring
  browser)?

1 0 1 1 1 0 1
19
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
FoxTor on Linux

• TOR, Privoxy and FoxTor installed gracefully
• - Compiled source packages as usual and
  installed the
• Firefox extension using the web browser.
• Configuration of Privoxy was tricky
• - forward-socks4a / 127.0.0.19050 ., line
  had to be
• added in /etc/privoxy/config. Not mentioned in
  docs.
• - It would be nice to have FoxTor's 'help'
  have these
• descriptions
• Runtime Issues
• - FoxTor continues to say You are now Masked
  even
• when one has turned off either Privoxy or
  tor.
• - The user may not realize the real source of
  the
• problem and may try fiddling with FoxTor
  instead

1 0 1 1 1 0 1
20
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
21
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Recent Developments

• Context Sensitive Certificate Verification
• - Clarify relationship between user and server
• - Uses tokens and modifies web browsers
• - Displays a series of alert
  boxes...complicated?
• - Do you have information on removable
  media?
• - Are you internal member of Org. that owns
  server?
• - Doesn't help avoid dangers with public
  websites
• - Denial of Service
• Specific Password Warnings
• - Alert user while sending unencrypted
  passwords
• - Series of confirmation windows again...
• - User Study participants are more careful
  when you
• tell them Do not visit websites you
  consider too
• risky

1 0 1 1 1 0 1
22
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Agenda

• Web Browsing and 'The User'
• Technology Overview
• Security Concerns
• Privacy Matters
• Recent Developments
• Suggestions

1 0 1 1 1 0 1
23
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Context Sensitive Dialog Boxes
1 0 1 1 1 0 1
24
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
Context Sensitive Dialog Boxes
1 0 1 1 1 0 1
- Covey application or website specific risk -
More intuitive and easy to understand - Users
can click 'x' to dismiss anytime - 'Learn More'
is default, curious users will click at first
instinct - Conveys the initial meaning without
any verbose statements - Tailor according to
skill set of user, ask at browser installation
time - Change images while adapting to user's
daily usage and preferences
25
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Conclusion
26
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1
1 0 1 1 1 0 1
Questions