320 likes | 458 Vues
Phoolproof Phishing Prevention. Bryan Parno, Cynthia Kuo, Adrian Perrig Carnegie Mellon University. A Recent Email…. Images from Anti-Phishing Working Group’s Phishing Archive. Images from Anti-Phishing Working Group’s Phishing Archive. The next page requests:. Name Address Telephone
E N D
Phoolproof Phishing Prevention Bryan Parno, Cynthia Kuo, Adrian Perrig Carnegie Mellon University
A Recent Email… Images from Anti-Phishing Working Group’s Phishing Archive
The next page requests: • Name • Address • Telephone • Credit Card Number, Expiration Date, Security Code • PIN • Account Number • Personal ID • Password
But wait… WHOIS 210.104.211.21: Location: Korea, Republic Of Even bigger problem: I don’t have an account with US Bank! Images from Anti-Phishing Working Group’s Phishing Archive
Phishing: A Growing Problem • Over 16,000 unique phishing attacks reported in Nov. 2005, about double the number from 2004 • Estimates suggest phishing affected 1.2 million US citizens and cost businesses billions of dollars in 2004 • Additional losses due to consumer fears [Anti-Phishing Working Group, Phishing Activity Trends Report, Dec. 2005]
Outline • Introduction • Current Antiphishing Approaches • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Outline • Introduction • Current Antiphishing Approaches • Heuristics • Modified Passwords • Origin Authentication • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Current Approaches • Heuristics • Spoofguard [Chou et al. 2004], TrustBar [HerzGbar 2004], eBay toolbar, SpoofStick • Recent studies indicate users ignore toolbar warnings [Wu et al. 2005]
username, one-time password username, one-time password Current Approaches • Modified Passwords • Single Sign-On • Requires users to trust one institution with all of their passwords • Still faces an authentication problem • PwdHash [Ross et al. 2005] • Promising approach, but vulnerable to pharming, DNS spoofing, and dictionary attacks • One-time passwords (e.g., scratch cards, RSA SecurID) • Vulnerable to active MitM attacks (already seen in the wild) Withdraw $$$$$
Current Approaches • Origin Authentication • Dynamic Security Skins [DhamTyga 2004], Passmark, and the Petname project • All rely on user diligence – a single mistake will result in a compromised account
Key Insight • Security must not depend entirely on fallible users • System must be secure by default • Design must be robust to user error
Outline • Introduction • Phishing Techniques • Current Antiphishing Approaches • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Phishing Prevention Goals • Ideal: User’s data only reaches intended recipient • Practical: Prevent a phisher from viewing or modifying a user’s accounts • Reduce the power of attacks to that of pre-Internet scams • E.g., an attacker can still subvert a company insider
Contributions • Plan for human errors by guarding users’ accounts even when they make mistakes • Use a mobile device to establish an authenticator the user cannot readily disclose • Protect against active Man-in-the-Middle attacks • Defend against keyloggers • Develop a prototype implementation
Design Principles • Sidestep the arms race • Incremental solutions provoke adaptations • Provide mutual authentication • Phishing exploits two authentication failures: Server to User and User to Server • Reduce reliance on users • Users are unsuited to authenticating others or themselves to others • We cannot rely on perfect user behavior • Avoid dependence on browser interface • Readily spoofed and distrusted by users
Outline • Introduction • Phishing Techniques • Current Antiphishing Approaches • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Phoolproof Prevention Overview • Mobile device creates a public key pair for each site • Transmits public key to the server • To access the site, the mobile device uses the private key to authenticate to the server • Assists browser in establishing SSL/TLS session • Server refuses access unless client can provide user’s password and the mobile device authenticates properly
User Experience • Setup • Login to the institution’s website • Select Phoolproof Phishing Setup • Confirm installation on device • Use • Select secure bookmark on device • Login to the website
Establish SSL Connection User Information PubKS <!-- ACCOUNT_CREATE --> Domain, Site Name PubKj PubKj Basic Phoolproof Setup
Advanced Phoolproof Setup • For additional security, establish a shared secret via a trusted side-channel • Mail a nonce (or barcode) to address on file • Display a barcode at an ATM • Setup in person • Trusted financial institutions could provide setup for companies without a storefront • The problem of properly identifying new customers predates the Internet • Existing research can help secure setup
URL S T A N D A R D S S L Hello Messages DHs, SigS(DHs) PubKS PubKS PubKj PubKj h = H(MS || prev msgs) SigPrivKj(h) DHc, SigPrivKj(h) Phoolproof Connection Establishment
Outline • Introduction • Phishing Techniques • Current Antiphishing Approaches • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Security Analysis • Hijacking account setup • Users must authenticate site and vice versa (only once/site) • Users are at their most alert • Advanced setup precludes most attacks • Theft (or loss) of the mobile device • Thief still needs the user’s password • Device may require pin or biometric verification • Users can call companies to revoke their keys (like credit cards) • Malware on the mobile device • Standard security solutions (e.g., antivirus, firewalls) • Trusted hardware (e.g., TPMs) • Mutual software attestation
Security Analysis • Malware on the computer • Standard keylogger fails, since it only obtains password • Compromise of the browser or the operating system is still a problem • Attacks on the network • Our system is immune to Man-in-the-Middle attacks, pharming attacks, and domain hijacking • Local attacks on Bluetooth • Phishing relies on large-scale attacks, not local attacks • Attacker still lacks user’s password, so account is secure • Existing research [McCune et al. 2005] demonstrates how to establish a secure channel
Outline • Introduction • Phishing Techniques • Current Antiphishing Approaches • Goals & Design Principles • Phoolproof Phishing Prevention • Security Analysis • Implementation
Implementation: Minimal infrastructure • Mobile device: Nokia Smartphone • Coded in Java for portability to other cellphones, PDAs, etc. • Small patch to Firefox • Detects account setup tag • Modifies SSL establishment • Server changes are minimal for IIS, Apache and Apache-SSL • For Apache 2.0: SSLVerifyClient none SSLOptions • Plus two short perl scripts
Implementation: Performance 20 Trials
Conclusions • Phishing is a growing problem, and attacks will only become more sophisticated • We should avoid relying on perfect user behavior • Instead, we use cryptographic techniques to protect even fallible users • Our implementation demonstrates the feasibility of phoolproof phishing prevention
Thank you! parno@cmu.edu