RuhR-Universität Bochum Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy Horst Görtz Institute for IT Security Ruhr-University Bochum, Germany ARES 2007 2 nd International Conference on Availability, Reliability and Security Vienna, 10-13 April 2007
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
RuhR-Universität Bochum
Compartmented Security for Browsers-
Or How to Thwart a Phisher with Trusted Computing
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Horst Görtz Institute for IT SecurityRuhr-University Bochum, Germany
ARES 20072nd International Conference on Availability, Reliability and SecurityVienna, 10-13 April 2007
2007-04-10Compartmented Security for Browsers (ARES 2007) 2
RuhR-Universität Bochum
Marcel Winandy
2007-04-10Compartmented Security for Browsers (ARES 2007) 3
RuhR-Universität Bochum
Marcel Winandy
"Classical" Phishing
…….
Costumers(e.g., bank)
Adversary A
credentials
credentials (e.g., username,password)
Collection Server
2007-04-10Compartmented Security for Browsers (ARES 2007) 4
RuhR-Universität Bochum
Marcel Winandy
Malware Phishing
Adversary A
credentials
…….
Costumers(e.g., bank)
Tailored to specific services, such as domestic banks
Collection Server
2007-04-10Compartmented Security for Browsers (ARES 2007) 5
RuhR-Universität Bochum
Marcel Winandy
Reasons for Success
● Strong assumptions on ordinary users● Legacy flaws of Internet technology (e.g. DNS)● Vulnerabilities of underlying computing platform
2007-04-10Compartmented Security for Browsers (ARES 2007) 6
RuhR-Universität Bochum
Marcel Winandy
Existing approaches
● Browser-based● Server-based● Operating System based
2007-04-10Compartmented Security for Browsers (ARES 2007) 7
RuhR-Universität Bochum
Marcel Winandy
Browser-based approaches
● White lists / black lists● Heuristic checks● Blinking browser boundaries● Logo-type certificates● Wallets
Browser F extra functionality
2007-04-10Compartmented Security for Browsers (ARES 2007) 8
RuhR-Universität Bochum
Marcel Winandy
Browser-based approaches
● White lists / black lists● Heuristic checks● Blinking browser boundaries● Logo-type certificates● Wallets
Browser FMalware Phishing !?
2007-04-10Compartmented Security for Browsers (ARES 2007) 9
2007-04-10Compartmented Security for Browsers (ARES 2007) 15
RuhR-Universität Bochum
Marcel Winandy
Basic Architecture
WalletProxy
authentication data
serviceusage
virtualnetwork Service
P
System S
Browser
Legacy OS
Security Kernel
Hardware(Trusted Computing Support)
U
realnetwork
compartment
2007-04-10Compartmented Security for Browsers (ARES 2007) 16
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
2007-04-10Compartmented Security for Browsers (ARES 2007) 17
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Setup login data
2007-04-10Compartmented Security for Browsers (ARES 2007) 18
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Setup login data
Call service
site
2007-04-10Compartmented Security for Browsers (ARES 2007) 19
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Insert login data
Setup login data
Call service
site
2007-04-10Compartmented Security for Browsers (ARES 2007) 20
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Insert login data
Setup login data
Call service
siteAuthenticate site and user
2007-04-10Compartmented Security for Browsers (ARES 2007) 21
RuhR-Universität Bochum
Marcel Winandy
Setup Procedure
● "Two-factor authentication"– User receives credentials out-of-band
● username, password (uid, pwdid), URLid of website, and ack.code
– Wallet blocks login forms in Browser– User has to enter credentials in Wallet– Wallet performs login procedure– User enters acknowledgement code in Browser
● "One-factor authentication"– User has to register online at website– Wallet blocks login forms in Browser– User has to enter credentials in Wallet– Wallet links password to website
● pwdid := hash(pwdiduser || r), r is random value
2007-04-10Compartmented Security for Browsers (ARES 2007) 22
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
2007-04-10Compartmented Security for Browsers (ARES 2007) 23
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
Trusted path
2007-04-10Compartmented Security for Browsers (ARES 2007) 24
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
System integrity
Trusted path
2007-04-10Compartmented Security for Browsers (ARES 2007) 25
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
2007-04-10Compartmented Security for Browsers (ARES 2007) 26
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
CompartmentManager
Secure GUIStorageManager
Proxy WalletW
start start
start
2007-04-10Compartmented Security for Browsers (ARES 2007) 27
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
CompartmentManager
Secure GUIStorageManager
Proxy WalletW
start start
start
Seal Wallet data toplatform configuration
2007-04-10Compartmented Security for Browsers (ARES 2007) 28
RuhR-Universität Bochum
Marcel Winandy
Implementation
Hardware TPM
Hypervisor Layer
Hardware Layer
Application Layer
Security Kernel
Compartment
Email Browser
{untrusted}
Compartment
WalletProxy
{trusted}
Isolation
Trusted Software Layer
2007-04-10Compartmented Security for Browsers (ARES 2007) 29