Title: Phoolproof Phishing Prevention
1Phoolproof Phishing Prevention
- Bryan Parno, Cynthia Kuo, Adrian Perrig
- Carnegie Mellon University
2A Recent Email
Images from Anti-Phishing Working Groups
Phishing Archive
3Images from Anti-Phishing Working Groups
Phishing Archive
4The next page requests
- Name
- Address
- Telephone
- Credit Card Number, Expiration Date, Security
Code - PIN
- Account Number
- Personal ID
- Password
5Images from Anti-Phishing Working Groups
Phishing Archive
6But wait
WHOIS 210.104.211.21 Location Korea,
Republic Of
Even bigger problem I dont have an account
with US Bank!
Images from Anti-Phishing Working Groups
Phishing Archive
7(No Transcript)
8Phishing A Growing Problem
- Over 16,000 unique phishing attacks reported in
Nov. 2005, about double the number from 2004 - Estimates suggest phishing affected 1.2 million
US citizens and cost businesses billions of
dollars in 2004 - Additional losses due to consumer fears
Anti-Phishing Working Group, Phishing Activity
Trends Report, Dec. 2005
9Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
10Basic Phishing Attack
- Victim receives email seemingly from an
institution - Often reports a problem with victims account
- Email demands immediate action
- Victim led to a website that mimics that of the
institution - Prompted to enter account information, passwords,
personal information, etc. - Two variations
- Passive Attacker collects victims information
for later exploitation - Active Attacker relays victims information to
the real institution and plunders the account in
real time
11Current Phishing Techniques
- Employ visual elements from target site
- DNS Tricks
- www.ebay.com.kr
- www.ebay.com_at_192.168.0.5
- www.gooogle.com
- Unicode attacks
- JavaScript Attacks
- Spoofed SSL lock
- Certificates
- Phishers can acquire certificates for domains
they own - Certificate authorities make mistakes
12Advanced Phishing Attacks
- Spear-phishing Improved target selection
- Socially aware attacks Jakobsson 2005
- Mine social relationships from public data
- Phishing email appears to arrive from someone
known to the victim - Context-aware attacks ibid
- Your bid on eBay has won!
- The books on your Amazon wishlist are on sale!
13User Issues
- Security is a secondary objective
- Users choose bad passwords and readily disclose
them - Users cannot parse URLs, domain names or PKI
certificates - Users are inundated with warnings and pop-ups
14Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Heuristics
- Modified Passwords
- Origin Authentication
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
15Current Approaches
- Heuristics
- Spoofguard Chou et al. 2004, TrustBar HerzGbar
2004, eBay toolbar, SpoofStick - Recent studies indicate users ignore toolbar
warnings Wu et al. 2005
16Current Approaches
- Modified Passwords
- Single Sign-On
- Requires users to trust one institution with all
of their passwords - Still faces an authentication problem
- PwdHash Ross et al. 2005
- Promising approach, but vulnerable to pharming,
DNS spoofing, and dictionary attacks - One-time passwords (e.g., scratch cards, RSA
SecurID) - Vulnerable to active MitM attacks (already seen
in the wild)
Withdraw
17Current Approaches
- Origin Authentication
- Dynamic Security Skins DhamTyga 2004, Passmark,
and the Petname project - All rely on user diligence a single mistake
will result in a compromised account
18Key Insight
- Security must not depend entirely on fallible
users - System must be secure by default
- Design must be robust to user error
19Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
20Phishing Prevention Goals
- Ideal Users data only reaches intended
recipient - Practical Prevent a phisher from viewing or
modifying a users accounts - Reduce the power of attacks to that of
pre-Internet scams - E.g., an attacker can still subvert a company
insider
21Contributions
- Plan for human errors by guarding users accounts
even when they make mistakes - Use a mobile device to establish an authenticator
the user cannot readily disclose - Protect against active Man-in-the-Middle attacks
- Defend against keyloggers
- Develop a prototype implementation
22Design Principles
- Sidestep the arms race
- Incremental solutions provoke adaptations
- Provide mutual authentication
- Phishing exploits two authentication failures
- Server to User and User to Server
- Reduce reliance on users
- Users are unsuited to authenticating others or
themselves to others - We cannot rely on perfect user behavior
- Avoid dependence on browser interface
- Readily spoofed and distrusted by users
23Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
24Phoolproof Prevention Overview
- Mobile device creates a public key pair for each
site - Transmits public key to the server
- To access the site, the mobile device uses the
private key to authenticate to the server - Assists browser in establishing SSL/TLS session
- Server refuses access unless client can provide
users password and the mobile device
authenticates properly
25User Experience
- Setup
- Login to the institutions website
- Select Phoolproof Phishing Setup
- Confirm installation on device
- Use
- Select secure bookmark on device
- Login to the website
26Basic Phoolproof Setup
27Advanced Phoolproof Setup
- For additional security, establish a shared
secret via a trusted side-channel - Mail a nonce (or barcode) to address on file
- Display a barcode at an ATM
- Setup in person
- Trusted financial institutions could provide
setup for companies without a storefront - The problem of properly identifying new customers
predates the Internet - Existing research can help secure setup
28Phoolproof Connection Establishment
29Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
30Security Analysis
- Hijacking account setup
- Users must authenticate site and vice versa
- (only once/site)
- Users are at their most alert
- Advanced setup precludes most attacks
- Theft (or loss) of the mobile device
- Thief still needs the users password
- Device may require pin or biometric verification
- Users can call companies to revoke their keys
(like credit cards) - Malware on the mobile device
- Standard security solutions (e.g., antivirus,
firewalls) - Trusted hardware (e.g., TPMs)
- Mutual software attestation
31Security Analysis
- Malware on the computer
- Standard keylogger fails, since it only obtains
password - Compromise of the browser or the operating system
is still a problem - Attacks on the network
- Our system is immune to Man-in-the-Middle
attacks, pharming attacks, and domain hijacking - Local attacks on Bluetooth
- Phishing relies on large-scale attacks, not local
attacks - Attacker still lacks users password, so account
is secure - Existing research McCune et al. 2005
demonstrates how to establish a secure channel
32Outline
- Introduction
- Phishing Techniques
- Current Antiphishing Approaches
- Goals Design Principles
- Phoolproof Phishing Prevention
- Security Analysis
- Implementation
33Implementation Minimal infrastructure
- Mobile device Nokia Smartphone
- Coded in Java for portability to other
cellphones, PDAs, etc. - Small patch to Firefox
- Detects account setup tag
- Modifies SSL establishment
- Server changes are minimal for IIS, Apache and
Apache-SSL
optional_no_ca
SSLVerifyClient
none
SSLOptions
ExportCertData
- Plus two short perl scripts
34Implementation Performance
Average Time (s) Min, Max (s)
Key Creation (offline) 75.0 29, 168
Account Creation 0.4 0.3,0.5
Site Navigation 0.2 0.1,0.2
SSL/TLS Establishment 1.7 1.6,1.9
20 Trials
35Conclusions
- Phishing is a growing problem, and attacks will
only become more sophisticated - We should avoid relying on perfect user behavior
- Instead, we use cryptographic techniques to
protect even fallible users - Our implementation demonstrates the feasibility
of phoolproof phishing prevention
36Thank you!
parno_at_cmu.edu
37Future Work
- Expand prototype into a fully robust application
- Perform a user study to assess ease of use
- Integrate with our universitys web login
- Collaborate with other institutions
38Man-in-the-Middle Attack
- Immune to this attack for the same reason SSL/TLS
is immune - Attacker does not have access to the private key
material for the user or the server
39Preventing a MitM Attack
h
40Advanced ATM Setup
- Phone transfers trust in ATM to trust in online
account setup
camera
vision