1 / 33

Web Wallet Preventing Phishing Attacks by Revealing User Intentions

Web Wallet Preventing Phishing Attacks by Revealing User Intentions. Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint work with Simson Garfinkel, Greg Little. Do Security Indicators Work?. ?. Security Indicators Don’t Work. Users don ’ t know what to trust

Download Presentation

Web Wallet Preventing Phishing Attacks by Revealing User Intentions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint work with Simson Garfinkel, Greg Little TIPPI2

  2. Do Security Indicators Work? ? TIPPI2

  3. Security Indicators Don’t Work • Users don’t know what to trust • Web page often looks more credible than indicator • Security is a secondary task • Users don’t have to pay attention to the indicators, so they don’t • Indicators aren’t reliable • Sloppy but common web practices make them inaccurate • Current indicators only say “don’t go there” • So where should I go instead? TIPPI2

  4. Our Approach: Web Wallet TIPPI2

  5. Outline • Security toolbar study [CHI ’06] • Web Wallet [SOUPS ’06] • Demo • Design principles • User study • Related work TIPPI2

  6. eBay’s Account Guard System-decision Toolbar SpoofGuard SSL-verification Toolbar TrustBar Three Kinds of Toolbar Information SpoofStick Neutral-information Toolbar Netcraft Toolbar TIPPI2

  7. Study Design • Study should reflect the “secondary goal property” of security • In real life, security is rarely a user’s primary goal • Users must be given tasks other than security • “In this study, you are the personal assistant for John Smith. Here are 20 forwarded emails from him.” • Tasks involve security decisions • John’s emails ask the user to manage his wish lists at various e-commerce sites, which require logging in to the sites TIPPI2

  8. TIPPI2

  9. Phishing Attacks in the Study • 5 of the 20 emails are attacks, e.g.: Similar name attack IP address attack Hijacked-server attack Bestbuy.com  www.bestbuy.com.ww2.us Bestbuy.com  212.85.153.6 Bestbuy.com  www.btinternet.com TIPPI2

  10. Results Neutral information SSL verification System decision TIPPI2

  11. Why Were Users Fooled? • Users explain away indicators of attacks • www.ssl-yahoo.com: • “a subdirectory of Yahoo, like mail.yahoo.com” • sign.travelocity.com.zaga-zaga.us: • “must be an outsourcing site [for travelocity.com].” • www.btinternet.com (phishing for buy.com): • “sometimes I go to a website and the site directs me to another address which is different from the one I have typed.” • 200.114.156.78: • “I have been to sites that used IP addresses.” • Potential fraudulent site: • “it is triggered because the web content is ‘informal’, just like my spam filter says ‘this email is probably a spam.’” • New Site [BR]: • “Yahoo must have a branch in Brazil.” TIPPI2

  12. Why Were Users Fooled? • Users had the wrong security model • “The site is authentic because it has a privacy policy, VeriSign seal, contact information, and the submit button says ‘sign in using our secure server’.” • “If a site works well with all its links, then the site is authentic. I cannot imagine that an attacker will mirror a whole site.” • Security was not the primary goal • “I noticed the warning. But I had to take the risk to get the task done.” • “I did look at the toolbar but did not notice the warning under this attack.” TIPPI2

  13. Why Do Security Indicators Fail? • Attack is more credible than indicator • Web page has richer cues than browser toolbar • Security is a separate, secondary task • Primary task wins • Separate security task is ignored • Sloppy but common web practices allow the user to rationalize the attack • Users do not know how to correctly interpret the toolbar display • Advising the user not to proceed is not the right approach • We need to provide a safe path TIPPI2

  14. Our Approach: Web Wallet • Redesign browser UI so that the user’s intention is clear • “Log in to bestbuy.com” • “Submit my credit card to amazon.com” • Block the action if the user’s intention disagrees with its actual effect • But offer a safe path to the user’s goal • Integrate security decisions into the user’s workflow • So they can’t be ignored TIPPI2

  15. Web Wallet DEMO TIPPI2

  16. TIPPI2

  17. TIPPI2

  18. TIPPI2

  19. TIPPI2

  20. TIPPI2

  21. Web Wallet Design Principles • Determine the user’s intention • Respect that intention TIPPI2

  22. Design Principles • Integrate security UI into the user’s workflow • Improve usability as well as security TIPPI2

  23. Design Principles • Use comparisons to put information in context • Ask user to choose, not just “are you sure?” TIPPI2

  24. Web Wallet User Study • Same scenario as the toolbar study • No tutorial • 30 users • Internet Explorer alone (10 users) • Web Wallet (20 users) • 5 phishing attacks • IE group saw only similar-name attacks, e.g.: • Web Wallet group saw Wallet-specific attacks bestbuy.com  www.bestbuy.com.ww2.us TIPPI2

  25. Attacks Against the Web Wallet 2. Undetected-form attack 1. Normal attack 3. Onscreen-keyboard attack TIPPI2

  26. Attacks Against the Web Wallet 4. Fake-wallet attack TIPPI2

  27. Attacks Against the Web Wallet 5. Fake-suggestion attack TIPPI2

  28. Results TIPPI2

  29. Which Features Helped? • Site description stopped 14 attacks (out of the 22 attacks where it was seen) • Choosing interface stopped 14 (out of 14 attacks where seen) TIPPI2

  30. Spoof Rate by Attack Type TIPPI2

  31. Fake-Wallet Attack • Web Wallet utterly failed to prevent the fake-wallet attack (spoof rate 64%) • Users had the wrong mental model for the security key • Spoofing is still a problem, since the Web Wallet itself can be spoofed • Dynamic skin • Personalized image • Active observer? Press F2 before you do any sensitive data submission Press F2 to open the Web Wallet TIPPI2

  32. Related Work • Dynamic security skins (Dhamija & Tygar) • Microsoft InfoCard (Cameron et al) • PwdHash (Ross et al) • Password Multiplier (Halderman et al) • GeoTrust TrustWatch TIPPI2

  33. Summary: Antiphishing UI Design Principles • Get the user’s intention • Respect that intention • Integrate security decisions into the user’s workflow • Compare-and-choose, don’t just confirm • More information at: http://uid.csail.mit.edu/ TIPPI2

More Related