Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing

The security of the vast majority of ``secure\u27\u27 Web services rests on SSL server PKI. However, this PKI doesn\u27t work if the the adversary can trick the browser into appearing to tell the user the wrong thing about the certificates and cryptography. The seminal web spoofing work of Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla source, we have implemented techniques that protect a wide variety of browser-user communications, that require little participation by the user and minimal disruption of the displayed server content. We have prepared shell scripts that install these modifications on the Mozilla source, to enable others to replicate this work. In on-going work, we are cleaning up and fine-tuning our code. In future work, we hope to examine more deeply the role of user interfaces in enabling users to make effective trust judgments

W3Bcrypt: Encryption as a Stylesheet

While web-based communications (e.g., webmail or web chatrooms) are increasingly protected by transport-layer cryptographic mechanisms, such as the SSL/TLS protocol, there are many situations where even the web server (or its operator) cannot be trusted. The end-to-end (E2E) encryption of data becomes increasingly important in these trust models to protect the confidentiality and integrity of the data against snooping and modification. We introduce W3Bcrypt, an extension to the Mozilla Firefox platform that enables application-level cryptographic protection for web content. In effect, we view cryptographic operations as a type of style to be applied to web content, similar to and along with layout and coloring operations. Among the main benefits of using encryption as a stylesheet are (a) reduced workload on the web server, (b) targeted content publication, and (c) greatly increased privacy. This paper discusses our implementation for Firefox, although the core ideas are applicable to most current browsers

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

Building Trusted Paths for Web Browsers

The communication between the Web browser and the human user is one component of the server-client channel. It is not the user but the browser that receives all server information and establishes the secure connection. The browser\u27s user interface signals, such as SSL lock, https protocol header et al., indicate whether the browser-server communication at the current moment is secure. Those user interface signals indicating the security status of browser should be clearly and correctly understood by the user. A survey of modern Web browsers shows the information provided by current browsers is insufficient for users to make trust judgment. Our Web spoofing work further proved that the browser status information is not reliable either. We discuss the criteria for and how to build the trusted paths between a browser and a human user. We present an open source implementation of one of the designs--synchronized random dynamic (SRD) boundary, based on Modified Mozilla source code, together with its usability study results

Bear: An Open-Source Virtual Secure Coprocessor based on TCPA

This paper reports on our ongoing project to use TCPA to transform a desktop Linux machine into a virtual secure coprocessor: more powerful but less secure than higher-end devices. We use TCPA hardware and modified boot loaders to protect fairly static components, such as a trusted kernel; we use an enforcer module---configured as Linux Security Module---to protected more dynamic system components; we use an encrypted loopback filesystem to protect highly dynamic components. All our code is open source and available under GPL from http://enforcer.sourceforge.net

Web Spoofing Revisited: SSL and Beyond

Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificate information, and response time. In their seminal work on Web spoofing, Felten et al showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions, and Web technology has evolved much since 1996. The Web has since become the pre-eminent medium for electronic service delivery to remote users, and the security of many commerce, government, and academic network applications critically rests on the assumption that users can authenticate the servers with which they interact. This situation raises the question: is the browser-user communication model today secure enough to warrant this assumption? In this paper, we answer this question by systematically showing how a malicious server can forge every one of the above cues. Our work extends the prior results by examining contemporary browsers, and by forging all of the SSL information a client sees, including the very existence of an SSL session (thus providing a cautionary tale about the security of one of the most common applications of PKI). We have made these techniques available for public demonstration, because anything less than working code would not convincingly answer the question. We also discuss implications and potential countermeasures, both short-term and long-term

Enhanced Security for Preventing Man-in-the-Middle Attacks in Authentication, DataEntry and Transaction Verification

There is increasing coverage in the literature highlighting threats to online financial systems. Attacks range from the prevalent reverse social engineering technique known as phishing; where spam emails are sent to customers with links to fake websites, to Trojans that monitor a customer’s account log on process that captures authentication details that are later replayed for financial gain. This ultimately results in loss of monetary funds for affected victims. As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases. This paper has three main purposes. The first is to detail the current threats and vulnerabilities to online financial systems and in particular online banking, from the selected literature. The second is to present the known prevention techniques for protecting against these attacks. The third is to present a conceptual model for authentication, data entry and transaction verification. It is suggested that the design adds another layer of security to existing methods to either prevent a MitM attack or to make the procedure of capturing and reassembling customer log on and transaction details more computationally and time intensive than what it is worth to an attacker. The model is based on a graphical authentication application previously developed called Authentigraph

Remotely Keyed CryptoGraphics - Secure Remote Display Access Using (Mostly) Untrusted Hardware - Extended Version

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. Such software may be inadvertently installed by a user that is casually browsing the web, or may be purposely installed by an attacker or even the owner of a system. This is particularly problematic in the case of utility computing, early manifestations of which are Internet cafes and thin-client computing. Traditional trusted computing approaches offer a partial solution to this by significantly increasing the size of the trusted computing base (TCB) to include the operating system and other software. We examine the problem of protecting a user accessing specific services in such an environment. We focus on secure video broadcasts and remote desktop access when using any convenient, and often untrusted, terminal as two example applications. We posit that, at least for such applications, the TCB can be confined to a suitably modified graphics processing unit (GPU). Specifically, to prevent spyware on untrusted clients from accessing the user's data, we restrict the boundary of trust to the client's GPU by moving image decryption into GPUs. We use the GPU in order to leverage existing capabilities as opposed to designing a new component from scratch. We discuss the applicability of GPU-based decryption in these two sample scenarios and identify the limitations of the current generation of GPUs. We propose straightforward modifications to future GPUs that will allow the realization of the full approach

Electronic Documents and Digital Signatures

Often, the main motivation for using PKI in business environments is to streamline workflow, by enabling humans to digitally sign electronic documents, instead of manually signing paper ones. However, this application fails if adversaries can construct electronic documents whose viewed contents can change in useful ways, without invalidating the digital signature. In this paper, we examine the space of such attacks, and describe how many popular electronic document formats and PKI packages permit them