saphe secure anti phishing environment presented by uri sternfeld n.
Skip this Video
Loading SlideShow in 5 Seconds..
SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld PowerPoint Presentation
Download Presentation
SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

Loading in 2 Seconds...

play fullscreen
1 / 24

SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

121 Vues Download Presentation
Télécharger la présentation

SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SAPHESecure Anti-Phishing EnvironmentPresented by Uri Sternfeld Saphe surfing!

  2. Motivation • Phishing caused 3 Billion $ damages in 2007 alone • Current solutions are not effective enough Saphe surfing!

  3. What is Phishing? • Any attempt to masquerade as a legitimate server in order to obtain sensitive information • Usually done by soliciting an unsuspecting user to follow a fraudulent link From: your bank To: unsuspecting user There are problems in your account. Please follow attached link to solve them. Saphe surfing!

  4. Why Phishing works? • Users are naïve • Its hard to detect differences in URLs: • Over-reliance on SSL security Did you notice the small lock icon in the corner? Saphe surfing!

  5. Current solutions • Maintaining black lists (Firefox & IE7) • Phishing solicitations detection • Idiosyncratic characteristics That’s me! Saphe surfing!

  6. A relevant warning • This was recently published in a major Israeli bank’s web site: click me Saphe surfing!

  7. The Saphe Solution • Relies on a password known only to the user and the real server • Protects against: • Any impersonation of the real server • DNS poisoning • Man-in-the-Middle attacks Saphe surfing!

  8. Security assumptions • AES is a strong encryption algorithm • SSLv3.0 is a secure protocol • Digital certificates positively identify the owner of a domain Saphe surfing!

  9. The general idea • Use the password to authenticate the server to the user before using it to authenticate the user to the server • Encrypt information about the current session to detect any tampering Saphe surfing!

  10. How it works • Client-side code (plugin) automatically guards the user • Server-side code creates data that authenticates the server to the plugin • All the user needs to do is notice the plugin dialog box (or the lack of it…) Saphe surfing!

  11. Saphe surfing!

  12. How it really works • Plugin automatically started when relevant MIME-type is detected • The password is NOT sent until the server is authenticatedand the connection is proven to be tamper-free • All links MUST be secure (HTTPS) Saphe surfing!

  13. How it really works (ctd) • Client-side and server-side random challenge buffers are used (to prevent replay attacks) • Encryption key is derived from the password and the challenges • Data integrity is guaranteed with HMAC Saphe surfing!

  14. How it really works (ctd2) • Key derivation function is computationally demanding to slow offline enumeration • The server encrypts the following: • Connection source IP address • URL requested during the connection • Login URL Saphe surfing!

  15. How it really works (ctd3) • User machine’s real IP address is retrieved from a secured (HTTPS) known server Saphe surfing!

  16. Next:Thwarting Phishing attacks! Saphe surfing!

  17. Phishing scenario #1 • Redirecting the user to a fraudulent domain • Forged web page similar to the real one • Passive Phishing • (Most common scenario) Saphe surfing!

  18. Phishing scenario #2 • Active Phishing Saphe surfing!

  19. Phishing scenario #3 • DNS poisoning Saphe surfing!

  20. Phishing scenario #4 • Man-in-the-Middle Saphe surfing!

  21. Implementation details • Firefox plugin written as a DLL in C++ • Server side code written in C++ • Test server written in Python • Tested on Windows XP with Firefox 1.5 Saphe surfing!

  22. Future versions • Support more browsers and operating systems • Automatic installer • Allow HTML code in Saphe data • Support password hashes Saphe surfing!

  23. How much is the phish? Questions? (How many fish are in this presentation?) Saphe surfing!

  24. For more details: Saphe surfing!