Compartmented Security for Browsers
-
Upload
marcel-winandy -
Category
Documents
-
view
438 -
download
4
description
Transcript of Compartmented Security for Browsers
![Page 1: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/1.jpg)
RuhR-Universität Bochum
Compartmented Security for Browsers-
Or How to Thwart a Phisher with Trusted Computing
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Horst Görtz Institute for IT SecurityRuhr-University Bochum, Germany
ARES 20072nd International Conference on Availability, Reliability and SecurityVienna, 10-13 April 2007
![Page 2: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/2.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 2
RuhR-Universität Bochum
Marcel Winandy
![Page 3: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/3.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 3
RuhR-Universität Bochum
Marcel Winandy
"Classical" Phishing
…….
Costumers(e.g., bank)
Adversary A
credentials
credentials (e.g., username,password)
Collection Server
![Page 4: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/4.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 4
RuhR-Universität Bochum
Marcel Winandy
Malware Phishing
Adversary A
credentials
…….
Costumers(e.g., bank)
Tailored to specific services, such as domestic banks
Collection Server
![Page 5: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/5.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 5
RuhR-Universität Bochum
Marcel Winandy
Reasons for Success
● Strong assumptions on ordinary users● Legacy flaws of Internet technology (e.g. DNS)● Vulnerabilities of underlying computing platform
![Page 6: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/6.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 6
RuhR-Universität Bochum
Marcel Winandy
Existing approaches
● Browser-based● Server-based● Operating System based
![Page 7: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/7.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 7
RuhR-Universität Bochum
Marcel Winandy
Browser-based approaches
● White lists / black lists● Heuristic checks● Blinking browser boundaries● Logo-type certificates● Wallets
Browser F extra functionality
![Page 8: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/8.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 8
RuhR-Universität Bochum
Marcel Winandy
Browser-based approaches
● White lists / black lists● Heuristic checks● Blinking browser boundaries● Logo-type certificates● Wallets
Browser FMalware Phishing !?
![Page 9: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/9.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 9
RuhR-Universität Bochum
Marcel Winandy
Server-Based Approaches
● User-friendly authentication protocols● Password-augmented SSL protocol● Trusted device augmented SSL protocol
ClientClient Server
F extra functionality
![Page 10: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/10.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 10
RuhR-Universität Bochum
Marcel Winandy
Server-Based Approaches
● User-friendly authentication protocols● Password-augmented SSL protocol● Trusted device augmented SSL protocol
ClientClient Server
F
Malware Phishing !?
![Page 11: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/11.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 11
RuhR-Universität Bochum
Marcel Winandy
OS-Based Approaches
● Isolation● Integrity Verification● Secure GUI● Virtualization
Example: Tahoma BOSBrowser Browser Browser
VMM
VM VMVM
![Page 12: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/12.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 12
RuhR-Universität Bochum
Marcel Winandy
OS-Based Approaches
● Isolation● Integrity Verification● Secure GUI● Virtualization
Example: Tahoma BOSBrowser Browser Browser
VMM
VM VMVMClassical Phishing !?
![Page 13: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/13.jpg)
13Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10
Idea:Combination
![Page 14: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/14.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 14
RuhR-Universität Bochum
Marcel Winandy
Our Approach
● Trusted wallet: Let the system...– authenticate legitimate service sites
– control and perform the user authentication
● Compartmentalization: Isolate browser / wallet● Trusted execution environment:
– Security kernel
– Trusted Computing
– Virtualization
![Page 15: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/15.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 15
RuhR-Universität Bochum
Marcel Winandy
Basic Architecture
WalletProxy
authentication data
serviceusage
virtualnetwork Service
P
System S
Browser
Legacy OS
Security Kernel
Hardware(Trusted Computing Support)
U
realnetwork
compartment
![Page 16: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/16.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 16
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
![Page 17: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/17.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 17
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Setup login data
![Page 18: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/18.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 18
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Setup login data
Call service
site
![Page 19: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/19.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 19
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Insert login data
Setup login data
Call service
site
![Page 20: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/20.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 20
RuhR-Universität Bochum
Marcel Winandy
Wallet-Proxy
BrowserB
U
authenticateUW
use_serviceU↔B use_serviceB↔W
update_proxyWB
WalletProxyW
PauthenticateWP
use_serviceP↔W
SSL secured channel
Insert login data
Setup login data
Call service
siteAuthenticate site and user
![Page 21: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/21.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 21
RuhR-Universität Bochum
Marcel Winandy
Setup Procedure
● "Two-factor authentication"– User receives credentials out-of-band
● username, password (uid, pwdid), URLid of website, and ack.code
– Wallet blocks login forms in Browser– User has to enter credentials in Wallet– Wallet performs login procedure– User enters acknowledgement code in Browser
● "One-factor authentication"– User has to register online at website– Wallet blocks login forms in Browser– User has to enter credentials in Wallet– Wallet links password to website
● pwdid := hash(pwdiduser || r), r is random value
![Page 22: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/22.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 22
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
![Page 23: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/23.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 23
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
Trusted path
![Page 24: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/24.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 24
RuhR-Universität Bochum
Marcel Winandy
Trusted Components
CompartmentManager
Secure GUIStorageManager
WalletProxyW
Net
start start
start
U
PTPM
sealing / unsealing
measurement
user interfaceinput / output
network connection
load / store data
System integrity
Trusted path
![Page 25: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/25.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 25
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
![Page 26: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/26.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 26
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
CompartmentManager
Secure GUIStorageManager
Proxy WalletW
start start
start
![Page 27: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/27.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 27
RuhR-Universität Bochum
Marcel Winandy
Secure Booting
CRTMBIOS
OS LoaderOS
TPM
PCRs
CompartmentManager
Secure GUIStorageManager
Proxy WalletW
start start
start
Seal Wallet data toplatform configuration
![Page 28: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/28.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 28
RuhR-Universität Bochum
Marcel Winandy
Implementation
Hardware TPM
Hypervisor Layer
Hardware Layer
Application Layer
Security Kernel
Compartment
Email Browser
{untrusted}
Compartment
WalletProxy
{trusted}
Isolation
Trusted Software Layer
![Page 29: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/29.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 29
RuhR-Universität Bochum
Marcel Winandy
Implementation
Hardware TPM
Hypervisor Layer
Hardware Layer
Application Layer
Security Kernel
Compartment
Email Browser
{untrusted}
Compartment
WalletProxy
{trusted}
Isolation
Trusted Software LayerCompartment MgrSecure GUI Storage Mgr
VideoInput TDDNet DiskL4 Microkernel
![Page 30: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/30.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 30
RuhR-Universität Bochum
Marcel Winandy
Ongoing and Future Work
● Web form scanner– Currently improving and enhancing implementation
● System updates (property-based attestation)– Currently working on PbA implementation
● What about additional user attributes?– e.g. address, age, credit card number, etc.
● Usability– Secure GUI ("mGUI")
– Proxy-Wallet
![Page 31: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/31.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 31
RuhR-Universität Bochum
Marcel Winandy
![Page 32: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/32.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 32
RuhR-Universität Bochum
Marcel Winandy
![Page 33: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/33.jpg)
2007-04-10Compartmented Security for Browsers (ARES 2007) 33
RuhR-Universität Bochum
Marcel Winandy
Questions ?
![Page 34: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/34.jpg)
34Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10
backup
![Page 35: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/35.jpg)
35Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10
![Page 36: Compartmented Security for Browsers](https://reader035.fdocuments.net/reader035/viewer/2022062419/5575bb76d8b42a312a8b460e/html5/thumbnails/36.jpg)
36Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10