june 19, 2006tippi21 web wallet preventing phishing attacks by revealing user intentions rob miller...
Post on 20-Dec-2015
216 views
TRANSCRIPT
![Page 1: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/1.jpg)
June 19, 2006 TIPPI2 1
Web Wallet Preventing Phishing Attacks by Revealing
User Intentions
Rob Miller & Min WuUser Interface Design Group
MIT CSAIL
Joint work with Simson Garfinkel, Greg Little
![Page 2: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/2.jpg)
June 19, 2006 TIPPI2 2
Do Security Indicators Work?
?
![Page 3: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/3.jpg)
June 19, 2006 TIPPI2 3
Security Indicators Don’t Work
• Users don’t know what to trust– Web page often looks more credible than indicator
• Security is a secondary task– Users don’t have to pay attention to the indicators,
so they don’t
• Indicators aren’t reliable– Sloppy but common web practices make them
inaccurate
• Current indicators only say “don’t go there”– So where should I go instead?
![Page 4: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/4.jpg)
June 19, 2006 TIPPI2 4
Our Approach: Web Wallet
![Page 5: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/5.jpg)
June 19, 2006 TIPPI2 5
Outline
• Security toolbar study [CHI ’06]
• Web Wallet [SOUPS ’06]
– Demo– Design principles– User study
• Related work
![Page 6: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/6.jpg)
June 19, 2006 TIPPI2 6
Three Kinds of Toolbar Information
SpoofStick
Netcraft Toolbar
Neutral-information Toolbar
eBay’s Account Guard
SpoofGuard
System-decision Toolbar
SSL-verification ToolbarTrustBar
![Page 7: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/7.jpg)
June 19, 2006 TIPPI2 7
Study Design
• Study should reflect the “secondary goal property” of security– In real life, security is rarely a user’s primary goal
• Users must be given tasks other than security– “In this study, you are the personal assistant for
John Smith. Here are 20 forwarded emails from him.”
• Tasks involve security decisions– John’s emails ask the user to manage his wish
lists at various e-commerce sites, which require logging in to the sites
![Page 8: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/8.jpg)
June 19, 2006 TIPPI2 8
![Page 9: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/9.jpg)
June 19, 2006 TIPPI2 9
Phishing Attacks in the Study
• 5 of the 20 emails are attacks, e.g.:
Similar name attack
IP address attack
Hijacked-server attack
Bestbuy.com www.bestbuy.com.ww2.us
Bestbuy.com 212.85.153.6
Bestbuy.com www.btinternet.com
![Page 10: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/10.jpg)
June 19, 2006 TIPPI2 10
Results
Neutral information
System decision
SSL verification
45% 38% 33%
0%
20%
40%
60%
80%
100%
Neutral-Informationtoolbar
SSL-Verificationtoolbar
System-Decisiontoolbar
Sp
oo
f R
ate
by
Wis
h-l
ist
Att
acks
![Page 11: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/11.jpg)
June 19, 2006 TIPPI2 11
Why Were Users Fooled?
• Users explain away indicators of attacks– www.ssl-yahoo.com:
• “a subdirectory of Yahoo, like mail.yahoo.com”– sign.travelocity.com.zaga-zaga.us:
• “must be an outsourcing site [for travelocity.com].”– www.btinternet.com (phishing for buy.com):
• “sometimes I go to a website and the site directs me to another address which is different from the one I have typed.”
– 200.114.156.78: • “I have been to sites that used IP addresses.”
– Potential fraudulent site: • “it is triggered because the web content is ‘informal’, just
like my spam filter says ‘this email is probably a spam.’”– New Site [BR]:
• “Yahoo must have a branch in Brazil.”
![Page 12: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/12.jpg)
June 19, 2006 TIPPI2 12
Why Were Users Fooled?
• Users had the wrong security model– “The site is authentic because it has a privacy
policy, VeriSign seal, contact information, and the submit button says ‘sign in using our secure server’.”
– “If a site works well with all its links, then the site is authentic. I cannot imagine that an attacker will mirror a whole site.”
• Security was not the primary goal– “I noticed the warning. But I had to take the risk to
get the task done.”– “I did look at the toolbar but did not notice the
warning under this attack.”
![Page 13: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/13.jpg)
June 19, 2006 TIPPI2 13
Why Do Security Indicators Fail?
• Attack is more credible than indicator– Web page has richer cues than browser toolbar
• Security is a separate, secondary task– Primary task wins– Separate security task is ignored
• Sloppy but common web practices allow the user to rationalize the attack– Users do not know how to correctly interpret the
toolbar display
• Advising the user not to proceed is not the right approach– We need to provide a safe path
![Page 14: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/14.jpg)
June 19, 2006 TIPPI2 14
Our Approach: Web Wallet
• Redesign browser UI so that the user’s intention is clear– “Log in to bestbuy.com”– “Submit my credit card to amazon.com”
• Block the action if the user’s intention disagrees with its actual effect– But offer a safe path to the user’s goal
• Integrate security decisions into the user’s workflow– So they can’t be ignored
![Page 15: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/15.jpg)
June 19, 2006 TIPPI2 15
Web Wallet
DEMO
![Page 16: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/16.jpg)
June 19, 2006 TIPPI2 16
![Page 17: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/17.jpg)
June 19, 2006 TIPPI2 17
![Page 18: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/18.jpg)
June 19, 2006 TIPPI2 18
![Page 19: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/19.jpg)
June 19, 2006 TIPPI2 19
![Page 20: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/20.jpg)
June 19, 2006 TIPPI2 20
![Page 21: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/21.jpg)
June 19, 2006 TIPPI2 21
Web Wallet Design Principles
• Determine the user’s intention
• Respect that intention
![Page 22: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/22.jpg)
June 19, 2006 TIPPI2 22
Design Principles
• Integrate security UI into the user’s workflow
• Improve usability as well as security
![Page 23: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/23.jpg)
June 19, 2006 TIPPI2 23
Design Principles
• Use comparisons to put information in context
• Ask user to choose, not just “are you sure?”
![Page 24: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/24.jpg)
June 19, 2006 TIPPI2 24
Web Wallet User Study
• Same scenario as the toolbar study• No tutorial• 30 users
– Internet Explorer alone (10 users) – Web Wallet (20 users)
• 5 phishing attacks– IE group saw only similar-name attacks, e.g.:
– Web Wallet group saw Wallet-specific attacks
bestbuy.com www.bestbuy.com.ww2.us
![Page 25: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/25.jpg)
June 19, 2006 TIPPI2 25
Attacks Against the Web Wallet
1. Normal attack
3. Onscreen-keyboard attack
2. Undetected-form attack
![Page 26: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/26.jpg)
June 19, 2006 TIPPI2 26
Attacks Against the Web Wallet
4. Fake-wallet attack
![Page 27: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/27.jpg)
June 19, 2006 TIPPI2 27
Attacks Against the Web Wallet
5. Fake-suggestion attack
![Page 28: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/28.jpg)
June 19, 2006 TIPPI2 28
Results
63%
29%7%
0%
20%
40%
60%
80%
100%
Normal attack with IE(control group)
Normal attack with theWeb Wallet
All phishing attacks withthe Web Wallet
Sp
oo
f R
ates
![Page 29: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/29.jpg)
June 19, 2006 TIPPI2 29
Which Features Helped?
• Site description stopped 14 attacks (out of the 22 attacks where it was seen)
• Choosing interface stopped 14 (out of 14 attacks where seen)
![Page 30: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/30.jpg)
June 19, 2006 TIPPI2 30
Spoof Rate by Attack Type
14%
21%
36%
64%
7%
0%
20%
40%
60%
80%
100%
Normal attack Online-keyboardattack
Fake-suggestionattack
Undetected-form attack
Fake-walletattack
Sp
oo
f R
ate
s
![Page 31: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/31.jpg)
June 19, 2006 TIPPI2 31
Fake-Wallet Attack
• Web Wallet utterly failed to prevent the fake-wallet attack (spoof rate 64%)
• Users had the wrong mental model for the security key
• Spoofing is still a problem, since the Web Wallet itself can be spoofed– Dynamic skin– Personalized image– Active observer?
Press F2 before you do any sensitive data submission
Press F2 to open the Web Wallet
![Page 32: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/32.jpg)
June 19, 2006 TIPPI2 32
Related Work
• Dynamic security skins (Dhamija & Tygar)
• Microsoft InfoCard (Cameron et al)
• PwdHash (Ross et al)
• Password Multiplier (Halderman et al)
• GeoTrust TrustWatch
![Page 33: June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d435503460f94a1f305/html5/thumbnails/33.jpg)
June 19, 2006 TIPPI2 33
Summary: Antiphishing UI Design Principles
• Get the user’s intention• Respect that intention• Integrate security decisions
into the user’s workflow• Compare-and-choose, don’t
just confirm
• More information at:
http://uid.csail.mit.edu/