Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way - PowerPoint PPT Presentation

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1

2

• Security the way Tim intended • Server says: WWW-Authenticate: Basic realm=" insert realm ” • User prompted for their password • Client says: Authorization: Basic QWxhZGluOnNlc2FtIG9wZW4= User agent remembers and sends for that URI domain/realm 3

• Every domain+realm does their own authentication No Single Sign On Password proliferation • Password unprotected Encoding is not encrypting • Who’s asking you for your password? For what? 4

5

6

• Encryption is to Security as Caching is to Performance • Trust, Trustworthy, and Trust for What? • Quis custodiet ipsos custodes? 7

• Cryptographically hash the password • With the username and realm Defense against Rainbow Tables • Nonces in the server challenge for replay protection • Started in 1994; RFC in 1997 • Resists passive attacker on the network • Minimizes handling of password plaintext No passing the password itself in the protocol No need to store the password in the clear Store it hashed with the username and realm 8

• The world was no longer a clean slate • Needs both browser support and server support • The protocol for negotiating mutual support allows a Man in the Middle to spoof lack of support Active attacker gets the password anyway • Three tier architectures Calling a back end service as the web user Sometimes you need that password to propagate the user authentication to some service not supporting Digest • Why put in the resources to support this? No attacks in the wild, no high value web site interactions, known imperfections 9

10

• Lessons: Defense in depth matters Secrets protecting secrets protecting secrets protecting ... It’s not turtles all the way down • Themes: Passwords – users vs system parts Web server and files Compliance 11

12

• Secure HyperText Transfer Protocol - S-HTTP: • Flexible framework for encryption of the HTML document Page data and submitted data – not the headers The specific URL moved into encrypted portion • Headers defined to specify type of encryption and algorithm, type of key management Supports pre arranged keys, public/private keys, PGP, etc. Server and client negotiate which enhancements they’ll use • Digital signature option – another form of authentication • End to end – clients can initiate the encrypted request Resists Man in the Middle 13

• End to end protection requires client side deployment of secrets A challenge still not overcome today Scale of client deployment much larger than server deployment • End user had to interact with secrets for web pages • Flexible framework meant (too) many choices for deployment Which type of secrets do which users have? Which type of secrets do which web pages require? 14

15

• Encryption! Authentication! Security! • Open standard • Authentication of the server using public key certificate • Authentication of the client using public key certificate is an option • The encryption part works pretty darn well • The authentication part… 16

• My browser has 175 “System Roots”. They’re all trusted to issue web site certificates. Associate the public key with the information in the certificate Who will watch the watchers? • 12 CA incidents in 2011 • Attack on Comodo Username/password of a Registration Authority stolen 9 fraudulent certificates issued, including login.yahoo.com, mail.google.com, login.skype.com, addons.mozilla.org Certificate revoked upon discovery • DigiNotar attacked and fraudulent certificates issued • KPN discovered attack tools on its server during an audit and stopped issuing certificates DDoS tool there for as long as 4 years 17

• Ask the user! Which no one seemed to think was a problem when the protocol was designed • What does it mean if a server has a self signed certificate? CA issued certificates cost money Users learned to ignore warnings Accepted by the usable security research community as early as 2008 • Crying Wolf: An Empirical Study of SSL Warning Effectiveness in 2009 used FF2 as a baseline in its study of clickthrough, with a 90% ignore rate in their Internet user study of a banking scenario. • ImperialViolet documented a 60% rate of bypassing SSL interstitials in 2012 18

In theory, there is no difference between theory and practice. In practice, there is. - Yogi Berra 19

• Citigroup.com • Citibank.info • Citibank.com • Citicards.com • Cititigroup.com • Citicreditcards.com • Citigroup.de • Citibank-cards.us • Citibank.co.uk • Citimoney.com • Citigroup.org • Citigold.net • Thisiscitigroup.org • Citigrøup.org 20

• Citigroup.com • Citibank.info • Citibank.com • Citicards.com • Cititigroup.com • Citicreditcards.com • Citigroup.de • Citibank-cards.us • Citibank.co.uk • Citimoney.com • Citigroup.org • Citigold.net • Thisiscitigroup.org • Citigrøup.org 21

22

23

• The Emperor’s New Security Indicators (2007) • Lab study of bank customers (67) • Removed HTTPS indicators – “https” in address bar and lock icon in bottom right 0 withheld password • Removed the customer selected site-authentication image Replaced it with a bank upgrade maintenance notice 23 of 25 using their own accounts entered their password As well as all 36 role playing • Role playing participants behaved significantly less securely About half were security primed 24

25

• Simulated spear phishing 97% fell for at least one 79% heeded active warnings when presented • Active warnings directly interrupt the task, give the user choices, and make recommendations Fail safely • Correlations between understanding a warning and heeding it (26) 26

• SSL turns out to be entirely orthogonal to the kind of website authentication humans need • Phishing for user passwords became the next valuable thing about pretending to be an existing web site 27

28

• First usable security standard • Charter: To enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web Specify a baseline set of security context information and practices for the secure and usable presentation of this information • Functional areas: TLS encryption, Domain name (authenticated or claimed), Certificate information, Browsing history, Errors • Principles: Visibility, assurance, attention 29 29

30

• Certificate Trust validation Extended Validation, self-signed, and untrusted, and user interactions around validation • Existence of encryption • Strong cipher suites • User interactions for error handling based on error severity Attempting to combat habituation • Consistent visual presentation of authenticated DNS identity • MUST NOTs – mixed content, obscuring security info, techno jargon, unsupervised installation, automatic bookmarks 31 31

• Standards Challenges “Successful standards enable” We had a lot of “Don’t do this thing” and constraints UI standards are process, not presentation • Context Challenges Browser vendor participation Some of the reasons vendors participate: interoperability (as required by/for the market), customer requirements (compliance and laws and features) Some of the reasons vendors don’t participate: IP/patents, dilution of their brand, market advantage in the area And then mobile Technology marches forward 32 32

• Firefox Click Through Rate (CTR) for malware warnings is 33% (2014) Google Chrome’s 70% • Mock Firefox styling closed that difference by 12 to 20 points in a 10 day at scale controlled experiment Text, layout, default button • Users heed warnings to sites they have not visited • Users unpredictable for warnings on sites they have visited • Survey said users trust high reputation sites more than malware warnings 33 33

34

35

• Who vouches for the code on this web site? Javascript Sandbox + same origin policy • Web mail Earliest web application serving data in pages not created by web site developers Broke domain name authentication assumptions Cross site scripting (XSS) • Response - HTML escaping of everything Where are my bold text and dancing pigs? • Next steps: Whitelist vs Blacklist of HTML tags What are the tradeoffs? 36

• Major technical university’s web site • Cross Site Scripting (XSS) Every link modified to redirect through proxy Links to other web sites (e.g. LinkedIn, Facebook) • Insecure Direct Object Reference Walk the OS file system • Lesson: Developers are (fallible) people too 37

• aka Code that executes • We had antivirus for OS malware – we knew that • GET stopped being safe and idempotent Which gave us CSRF JSON and XML enable CSRF with POST • Web based installations/download • Browser extensions 38

• Introduced in 2007 on Apple iPhone iOS Every game creator has the security responsibility of a web browser implementer • Is It Safe? What responsibility is assumed to be the user’s? Who can the user rely on? How much control can the user have? Are users any good at making these decisions? • Different mobile platforms make different choices Control of the lifecycle Control of the store Code signing Installation time permissions 39