Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
-
Upload
darcy-pearson -
Category
Documents
-
view
222 -
download
0
Transcript of Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
![Page 1: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/1.jpg)
Saphe surfing!
1
SAPHE
Secure Anti-Phishing Environment
Presented by Uri Sternfeld
![Page 2: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/2.jpg)
Saphe surfing!
2
Motivation
• Phishing caused 3 Billion $ damages in 2007 alone
• Current solutions are not effective enough
![Page 3: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/3.jpg)
Saphe surfing!
3
What is Phishing?
• Any attempt to masquerade as a legitimate server in order to obtain sensitive information
• Usually done by soliciting an unsuspecting user to follow a fraudulent link From: your bank
To: unsuspecting user
There are problems in your account. Please follow attached link to solve them.
![Page 4: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/4.jpg)
Saphe surfing!
4
Why Phishing works?
• Users are naïve• Its hard to detect differences in URLs:
http://www.myrealbankserver.co.il/login.asp
http://www.myrea1bankserver.co.il/login.asp
• Over-reliance on SSL securityDid you
notice the small lock icon in the
corner?
![Page 5: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/5.jpg)
Saphe surfing!
5
Current solutions
• Maintaining black lists (Firefox & IE7)• Phishing solicitations detection• Idiosyncratic characteristics
That’s me!
![Page 6: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/6.jpg)
Saphe surfing!
6
A relevant warning
• This was recently published in a major Israeli bank’s web site:
click me
![Page 7: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/7.jpg)
Saphe surfing!
7
The Saphe Solution
• Relies on a password known only to the user and the real server
• Protects against:– Any impersonation of the real server– DNS poisoning– Man-in-the-Middle attacks
![Page 8: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/8.jpg)
Saphe surfing!
8
Security assumptions
• AES is a strong encryption algorithm• SSLv3.0 is a secure protocol• Digital certificates positively identify
the owner of a domain
![Page 9: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/9.jpg)
Saphe surfing!
9
The general idea
• Use the password to authenticate the server to the user before using it to authenticate the user to the server
• Encrypt information about the current session to detect any tampering
![Page 10: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/10.jpg)
Saphe surfing!
10
How it works
• Client-side code (plugin) automatically guards the user
• Server-side code creates data that authenticates the server to the plugin
• All the user needs to do is notice the plugin dialog box (or the lack of it…)
![Page 11: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/11.jpg)
Saphe surfing!
11
![Page 12: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/12.jpg)
Saphe surfing!
12
How it really works
• Plugin automatically started when relevant MIME-type is detected
• The password is NOT sent until the server is authenticated and the connection is proven to be tamper-free
• All links MUST be secure (HTTPS)
![Page 13: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/13.jpg)
Saphe surfing!
13
How it really works (ctd)
• Client-side and server-side random challenge buffers are used (to prevent replay attacks)
• Encryption key is derived from the password and the challenges
• Data integrity is guaranteed with HMAC
![Page 14: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/14.jpg)
Saphe surfing!
14
How it really works (ctd2)
• Key derivation function is computationally demanding to slow offline enumeration
• The server encrypts the following:– Connection source IP address– URL requested during the connection– Login URL
![Page 15: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/15.jpg)
Saphe surfing!
15
How it really works (ctd3)
• User machine’s real IP address is retrieved from a secured (HTTPS) known server
![Page 16: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/16.jpg)
Saphe surfing!
16
Next:Thwarting Phishing
attacks!
![Page 17: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/17.jpg)
Saphe surfing!
17
Phishing scenario #1
• Redirecting the user to a fraudulent domain
• Forged web page similar to the real one
• Passive Phishing• (Most common scenario)
![Page 18: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/18.jpg)
Saphe surfing!
18
Phishing scenario #2
• Active Phishing
![Page 19: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/19.jpg)
Saphe surfing!
19
Phishing scenario #3
• DNS poisoning
![Page 20: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/20.jpg)
Saphe surfing!
20
Phishing scenario #4
• Man-in-the-Middle
![Page 21: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/21.jpg)
Saphe surfing!
21
Implementation details
• Firefox plugin written as a DLL in C++
• Server side code written in C++• Test server written in Python
• Tested on Windows XP with Firefox 1.5
![Page 22: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/22.jpg)
Saphe surfing!
22
Future versions
• Support more browsers and operating systems
• Automatic installer• Allow HTML code in Saphe data• Support password hashes
![Page 23: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/23.jpg)
Saphe surfing!
23
How much is the phish?
Questions?(How many fish are in this presentation?)
![Page 24: Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.](https://reader035.fdocuments.net/reader035/viewer/2022062518/56649f495503460f94c6af4a/html5/thumbnails/24.jpg)
Saphe surfing!
24
For more details:
http://tau-itw.wikidot.com/project:safelogin
mailto:[email protected]