the battle against phishing: dynamic security skins rachna dhamija and j.d. tygar u.c. berkeley
Post on 12-Jan-2016
220 Views
Preview:
TRANSCRIPT
The Battle Against Phishing:Dynamic Security Skins
Rachna Dhamija
and J.D. Tygar
U.C. Berkeley
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property
3. General purpose graphics property
4. Golden arches property
5. Barn door property
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property
3. General purpose graphics property
4. Golden arches property
5. Barn door property
Limited Human Skills Property
• Limited password recall • Hard to parse domain names
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property1. Security is often the secondary goal
3. General purpose graphics property
4. Golden arches property
5. Barn door property
Users Don’t Check Certificates
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property
3. General purpose graphics property
4. Golden arches property
5. Barn door property
Firefox Browser: 4 SSL indicators
Firefox browser - No unsecure indicators
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property
3. General purpose graphics property
4. Golden arches property1. Train users not to automatically trust a logo or brand
5. Barn door property
The golden arches property
Security Properties for Usability
1. Limited human skills property
2. Unmotivated users property
3. General purpose graphics property
4. Golden arches property
5. Barn door property
Strong Password Protocols
• Stanford Web PwdHash
• Password Authenticated Key Agreement– EKE, SPEKE, SNAPI, AuthA, PAK, SRP, etc…
H(password, siteID)Password
ProtocolPassword
Password Authenticated Key Agreement
• Advantages:– preserve familiar use of passwords
• user doesn’t need a trusted device• secret stored in memory of the user
– server doesn’t store password– no passwords sent over the network– user authentication (& mutual authentication)
• But how to enter the password?
Our Solution: Usability Goals
• User must be able to verify password prompt, before entering password
• Rely on human skills– To login, recognize 1 image & recall 1 password– To verify server, compare 2 images
• Hard to spoof security indicators
Trusted Password Window
• Dedicated window
• Trusted path customization
• Random photo assigned or chosen
• Image stored in browser, do not have to go through server
• Image overlaid across window
• User recognizes image first– then enters password
• Password not sent to server
Security Indicators
• How can user distinguish secure windows?– Static indicators (SSL)
• Can be spoofed• User do not really examine it
– User customized indicators (Passmark/Petnames)• Require extra efforts from the user
– Automated customized indicators
Our Solution: Dynamic Security Skins
Automatically customize secure windows
Visual hashes– Random Art - visual hash algorithm – Generate unique abstract image for each authentication– Use the image to “skin” windows or web content– Browser generated or server generated
Browser Generated Images
Browser chooses random number and generates image
Can be used to modify border or web elements
Server Generated Images
Server & browser independently generate same image
Server can customize its own page
Conclusions
• Benefits:– Achieves mutual authentication– Resistant to phishing and spoofing– Relies on human skills
• Weaknesses:– Users must check images
• easier than checking a cert– Local storage of personal image reduces
portability, requires security– Doesn’t address spyware, keyloggers
Status and Future Work
• Iterative design & “lo-fi” testing of interface
• Formal user study
• DSS Mozilla extension
Customized Indicators: Petname Toolbar
Automated Indicators:Secure Random Dynamic Boundaries
top related