370 likes | 535 Views
Joel Fendrick. Security in Online Banking. Overview. Encryption Methods AES (Advanced Encryption Standard) SSL (Secure Socket Layer) TLS (Transport Layer Security) TLS Advantage Over SSL Security Example Attacks Countermeasure. Encryption Methods. Asymmetric Symmetric Hashing.
E N D
Joel Fendrick Security in Online Banking
Overview • Encryption Methods • AES (Advanced Encryption Standard) • SSL (Secure Socket Layer) • TLS (Transport Layer Security) • TLS Advantage Over SSL • Security Example • Attacks • Countermeasure
Encryption Methods • Asymmetric • Symmetric • Hashing
Asymmetric • Each user has two keys • Private • Public • Public key stored in public database • Messages encrypted with public key can only be decrypted with private key. • Encrypted with private -> decrypted with public
Symmetric • No private/public • Only means of decryption is if you have the right key • Security issue in exchanging the key
Hashing • Unique fixed length string of characters from selected text • One way process • Cannot recreate document from hash • If anything changes in text, hash would change • Can be used to determine integrity of file
Suppose hash of a document was: 9c5292056062f70a2f14330cf4d30c7f If anything at all changes in document a new hash is formed 91857f37a636882c78de9961e791c81a Making it easy to tell if the message has been altered in any way
AES (Advanced Encryption Standard) • Cryptographic algorithm used to protect electronic data • Block cipher that can encrypt and decrypt information • Capable of using keys of 128, 192, and 256 bits • Encrypts data into blocks of 128 bits
Pseudo code http://www.garykessler.net/library/crypto.html#fig17
in[] and out[] • 16-byte arrays with the plaintext and cipher text, respectively. (According to the specification, both of these arrays are actually 4*Nb bytes in length but Nb=4 in AES.) • w[] • array containing the key material and is 4*(Nr+1) words in length. (Again, according to the specification, the multiplier is actually Nb.) • state[] • a 2-dimensional array containing bytes in 4 rows and 4 columns. (According to the specification, this arrays is 4 rows by Nb columns.)
SubBytes • takes the value of a word within a State and substitutes it with another value by a predefined S-box • ShiftRows • circularly shifts each row in the State by some number of predefined bytes • MixColumns • takes the value of a 4-word column within the State and changes the four values using a predefined mathematical function • AddRoundKey • XORs a key that is the same length as the block, using an Expanded Key derived from the original Cipher Key
Walkthrough • This walkthrough is of Rijndael encryption • Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size). • However, the block size must always be 128 bits in AES, and the key size may be either 128, 192, or 256 bits. • http://www.formaestudio.com/rijndaelinspector/
AES Flaw • 2009 weakness identified • Interesting in mathematical P.O.V. • Not really relevant in application • Finding the key of AES is four times easier than previously believed • Steps to find = 8 followed by 37 zeroes
1 trillion machines each test 1 billion keys per second • Would take more than 2 billion years to recover AES-128 key • AndreyBogdanov (K.U.Leuven), • Dmitry Khovratovich (Microsoft Research), • Christian Rechberger (ENS Paris)
SSL (Secure Socket Layer) • 3 basic properties • Connection is private • Peer’s identity can be authenticated using asymmetric cryptography • Connection is reliable • message check using keyed Message Authentication Code (MAC)
Two layers: can include length description and content • Lowest Layer = SSL Record Protocol • Second Layer = Handshake Protocol
TLS (Transport Layer Security) • Two layers • TLS Record Protocol • TLS Handshake Protocol • Encapsulates higher level protocols
TLS Record Protocol • Two basic properties • The connection is private • Symmetric Data encryption • The connection is reliable • Keyed MAC included in each message
TLS Handshake Protocol • Three basic properties • Peer’s identity can be authenticated using asymmetric or public key cryptography • The negotiation of a shared secret is secure • The negotiation is reliable
Advantage over SSL • Application protocol independent • Higher level protocols can layer on top of it transparently • Decisions on how to initiate TLS handshaking and how to interpret authentication certificates are left up to the designers of the higher level protocols
Security Example • Either SSL or TLS protocol • We’ll focus on SSL since it is the basis for TLS
Browser sends message via SSL to bank server • Bank responds by sending a certificate • Includes banks public key • Browser authenticates certificate and generate random session key • Uses this key to encrypt the data
Bank’s server receives session key and decrypts • Key was sent encrypted by bank’s public key • Bank uses private key to decrypt • Session key that now both bank and client know is used for rest of communication
Banks Didn’t Use SSL? • Bank of America • Wachovia • US Bank • Chase • American Express • Etc. • SSL login form listed as optional • Outside the US at this time HSBC was the only known bank not to use SSL authentication • British multinational banking and financial services company As of 2006 a number of big banks were not requiring the use of SSL authentication
Attacks • Man-in-the-middle • Man-in-the-browser
Man-in-the-middle • Someone intercepts the communication between two systems
Specific MITM Attack • Victim visits site that uses TLS 1.0 and receives a cookie, this cookie injects the client-side BEAST (Browser Exploit Against SSL/TLS) • Attacker can now use a network sniffer to look for active TLS connections • Grabs and decrypts the HTTPS cookie • Allows attacker to hijack victim’s session with that site.
Solution • Difficult • Attacks confidentiality VS authenticity like most attacks • Requires major change in the protocol itself • There are some fixes, but they cause compatibility issue with some existing SSL applications
Man-in-the-browser • Malware already infecting user computer • Kicks in after user has logged onto site • Hijack money and siphon it into criminal accounts
Solution • Use a trusted browser • Can be stored on a flash drive • Since stored in own secure environment it is not susceptible to malware in the same way as a traditional browser
Countermeasure • Historically piecemeal approach • Generally recommends several defenses that support each other • Often creates gaps within the layer architecture leaving some elements exposed to threats
Some banks implement a secure USB token • “provides secure online banking session even if computer is riddled with malware” • Read-only portable USB device • When plugged in encrypts the customers keystrokes • Launches virtualized OS • Launches secure browser • Launches a secure network between client and bank server
This is an attempt to create a virtual machine that is walled off from the rest of the PC • Protection from clients system • Makes sense that banks would want to protect their customers, as they are often the weakest link and biggest threat vector
Conclusion • Be careful and aware • Pay attention and confirm site is legitimate • Security is evolving , but so are the attacks
References • [1] HIPAA Collaborative of Wisconsin. (2010). The Basics of Encryption. Retrieved on March 22, 2012, from • http://www.hipaacow.org/docs/encryption%20whitepaper%207.7.10.doc • [2] NIST. (2001). Retrieved on March 22, 2012, from FIPS Publications website: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf • [3] KatholiekeUniversiteit Leuven (2011, August 17). First flaws in the Advanced Encryption Standard used for internet banking identified. ScienceDaily. Retrieved on March 22, 2012, from http://www.sciencedaily.com/releases/2011/08/110817075424.htm • [4] Dierks, T., & Rescorla, E. (2008, August). The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved on March 22, 2012, from • http://tools.ietf.org/html/rfc5246 • [5] Freier, A., & Karlton, P. (2011, August). The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved on March 22, 2012, from • http://tools.ietf.org/html/rfc6101 • [6] Onyszko, T. (2002, July 19). WindowsSecurity.com. Retrieved on March 23, 2012, from http://www.windowsecurity.com/articles/secure_socket_layer.html • [7] Online banking security and technical frequently asked questions. (2012). Retrieved on March 23, 2012, from http://www.bankofamerica.com/onlinebanking/index.cfm?adlink=&context=en&locale=&statecheck=WI&template=faq_security&cm_mmc=&cm_sp= • [8] Ou, G. (2006, April 27). Many banks failing to use ssl authentication. Retrieved on March 23, 2012, from • http://www.zdnet.com/blog/ou/many-banks-failing-to-use-ssl-authentication/201 • [9] OWASP. (2009, April 23). The open web application security project. Retrieved on March 23, 2012, from • https://www.owasp.org/index.php/Man-in-the-middle_attack • [10] Fisher, D. (2011, September 19). threatpost. Retrieved on March 23, 2012, from http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091911 • [11] Bethlehem, D. (2012, February 12). Strong authentication by itself is not enough to prevent man-in-the-browser attacks. Retrieved on March 24, 2012, from http://data-protection.safenet-inc.com/2012/02/strong- • [12] Ramirez, D. (2007). Case study: Itu-t recommendation x.805 applied to an enterprise environment— banking. Bell Labs Technical Journal, 12(3), 55-64. • [13] (2011). Securing the weakest link. Bank Technology News,24(6), 1 & 35.