Conveying Trust

CMU Usable Privacy and SecurityLaboratory

http://cups.cs.cmu.edu/

Conveying TrustConveying Trust

Serge Egelman

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Portal to The InterwebPortal to The Interweb Threats to privacy:Threats to privacy:• Phishing

• Information interception

• Fraudulent sites

Web browser is centralWeb browser is central• Email

• IM

Detection must occur hereDetection must occur here

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

In The Beginning…In The Beginning… Man-in-the-middleMan-in-the-middle

SniffingSniffing

SSL solved theseSSL solved these

Browser SSL indicatorsBrowser SSL indicators• Locks

• Keys

• Borders

• URL bar

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

SSL IndicatorsSSL Indicators Microsoft IEMicrosoft IE

MozillaMozilla

FirefoxFirefox

SafariSafari

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

But What About Phishing?But What About Phishing? ToolbarsToolbars

User notificationUser notification• Audio

• Pop-ups

• Indicators

Community ratingsCommunity ratings

HeuristicsHeuristics

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars Clear SearchClear Search• Scans email using heuristics

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars CloudmarkCloudmark• Community ratings

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars eBay ToolbareBay Toolbar• Community ratings

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars SpoofGuardSpoofGuard• URL analysis

• Password analysis

• Image analysis

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars Trustbar (Mozilla)Trustbar (Mozilla)• Analyzes known sites

• Analyzes certificate information

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Phishing ToolbarsPhishing Toolbars TrustwatchTrustwatch• Site ratings

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

But Do They Work?But Do They Work? NoNo• 25 Sites tested

• Cloudmark: 10 (40%) identified

• Netcraft: 19 (76%) identified

• Spoofguard: 10 (40%) identified

• Trustwatch: 9 (36%) identified

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Activity #1Activity #1 Download a phishing toolbar:Download a phishing toolbar:• http://www.cloudmark.com/desktop/download/• http://pages.ebay.com/ebay_toolbar/• http://crypto.stanford.edu/SpoofGuard/• http://trustbar.mozdev.org/• http://toolbar.trustwatch.com/• http://toolbar.netcraft.com/

Pros? Cons?Pros? Cons?

Is it usable?Is it usable?

How could it be circumvented?How could it be circumvented?

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Other Browser PluginsOther Browser Plugins Previously mentioned toolbarsPreviously mentioned toolbars• Phishing

• Fraudulent sites

• Limited intelligence

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Password HashingPassword Hashing Many users use same passwordsMany users use same passwords• One compromise leads to many

• Knowing real password doesn’t help

Hashing solves thisHashing solves this• Passwords hashed automatically with domain

name

• User doesn’t know the difference

Mozilla extensionMozilla extension

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Dynamic Security SkinsDynamic Security Skins User remembers one imageUser remembers one image• Trusted window

User remembers one passwordUser remembers one password• Ease of use

• Sites get hashed password

Matches two patterns to trust serverMatches two patterns to trust server• Generated using a shared secret

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Trusted WindowTrusted Window

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Verifying SitesVerifying Sites

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Using TokensUsing Tokens Two factor authenticationTwo factor authentication• Something you have

• Usually cryptographic

SecureIDSecureID

Smart cardsSmart cards

Random cryptographic tokensRandom cryptographic tokens

Scratch cardsScratch cards

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Using PhonesUsing Phones Client side certificatesClient side certificates• Private keys generated/stored on phone

• New key for each phone

Keys linked to domain namesKeys linked to domain names

Key generated upon new connectionKey generated upon new connection

BluetoothBluetooth

No server modificationsNo server modifications

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Current Browser SupportCurrent Browser Support Hardware driversHardware drivers• Crappy browser support

• Example

Simple text boxSimple text box

Make using the device unobtrusiveMake using the device unobtrusive

Activity #2Activity #2

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

False Sense of SecurityFalse Sense of Security JavaScript tricksJavaScript tricks• ING example

• MITM

• Spyware

Stored imagesStored images• Bank of America example

• MITM

• Spyware

CAPTCHAsCAPTCHAs• MITM

• CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ • Serge Egelman

Activity #3Activity #3 What security features really need to be What security features really need to be

prominent?prominent?