1. RuhR-Universität Bochum
Compartmented Security for Browsers
-
Or How to Thwart a Phisher with Trusted Computing
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Horst Görtz Institute for IT Security
Ruhr-University Bochum, Germany
ARES 2007
2nd International Conference on Availability, Reliability and Security
Vienna, 10-13 April 2007
3. RuhR-Universität Bochum
"Classical" Phishing
Costumers
(e.g., bank)
…….
credentials
credentials (e.g., username,password)
Adversary A Collection Server
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 3
4. RuhR-Universität Bochum
Malware Phishing
Costumers
(e.g., bank)
…….
credentials
Adversary A Collection Server
Tailored to specific
services, such as
domestic banks
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 4
5. RuhR-Universität Bochum
Reasons for Success
● Strong assumptions on ordinary users
● Legacy flaws of Internet technology (e.g. DNS)
● Vulnerabilities of underlying computing platform
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 5
6. RuhR-Universität Bochum
Existing approaches
● Browser-based
● Server-based
● Operating System based
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 6
7. RuhR-Universität Bochum
Browser-based approaches
● White lists / black lists
● Heuristic checks
● Blinking browser boundaries
● Logo-type certificates
● Wallets
F extra functionality
Browser
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 7
8. RuhR-Universität Bochum
Browser-based approaches
● White lists / black lists
● Heuristic checks
● Blinking browser boundaries
● Logo-type certificates
● Wallets
Malware
Browser F Phishing !?
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 8
9. RuhR-Universität Bochum
Server-Based Approaches
● User-friendly authentication protocols
● Password-augmented SSL protocol
● Trusted device augmented SSL protocol
F extra functionality
Client Server
Client
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 9
14. RuhR-Universität Bochum
Our Approach
● Trusted wallet: Let the system...
– authenticate legitimate service sites
– control and perform the user authentication
● Compartmentalization: Isolate browser / wallet
● Trusted execution environment:
– Security kernel
– Trusted Computing
– Virtualization
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 14
15. RuhR-Universität Bochum
Basic Architecture
authentication data
compartment
service virtual real
usage Browser network Wallet network Service
U
Proxy P
Legacy OS
Security Kernel
Hardware
(Trusted Computing Support)
System S
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 15
16. RuhR-Universität Bochum
Wallet-Proxy
authenticate UW
update_proxy WB
use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 16
17. RuhR-Universität Bochum
Wallet-Proxy
Setup
login
data
authenticate UW
update_proxy WB
use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 17
18. RuhR-Universität Bochum
Wallet-Proxy
Setup
login
data
authenticate UW
update_proxy WB
use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel
Call
service
site
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 18
19. RuhR-Universität Bochum
Wallet-Proxy
Setup
login
data
authenticate UW
update_proxy WB
use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel
Call Insert
service login
site data
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 19
20. RuhR-Universität Bochum
Wallet-Proxy
Setup
login
data
authenticate UW
update_proxy WB
use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel
Call Insert
service login Authenticate
site data site and user
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 20
21. RuhR-Universität Bochum
Setup Procedure
● "Two-factor authentication"
– User receives credentials out-of-band
● username, password (uid, pwdid), URLid of website, and ack.code
– Wallet blocks login forms in Browser
– User has to enter credentials in Wallet
– Wallet performs login procedure
– User enters acknowledgement code in Browser
● "One-factor authentication"
– User has to register online at website
– Wallet blocks login forms in Browser
– User has to enter credentials in Wallet
– Wallet links password to website
● pwdid := hash(pwdiduser || r), r is random value
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 21
22. RuhR-Universität Bochum
Trusted Components
WalletProxy network connection
user interface
W
input / output load / store data
start
start Compartment start Storage
U Secure GUI
Manager Manager
sealing / unsealing
measurement
TPM Net P
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 22
23. RuhR-Universität Bochum
Trusted Components
WalletProxy network connection
user interface
W
input / output load / store data
start
start Compartment start Storage
U Secure GUI
Manager Manager
sealing / unsealing
measurement
TPM Net P
Trusted
path
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 23
24. RuhR-Universität Bochum
Trusted Components
WalletProxy network connection
user interface
W
input / output load / store data
start
start Compartment start Storage
U Secure GUI
Manager Manager
sealing / unsealing
measurement
TPM Net P
Trusted
path
System
integrity
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 24
25. RuhR-Universität Bochum
Secure Booting
OS
OS Loader TPM
BIOS
CRTM PCRs
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 25
26. RuhR-Universität Bochum
Secure Booting
Proxy Wallet
W
start
start Compartment start Storage
Secure GUI
Manager Manager
OS
OS Loader TPM
BIOS
CRTM PCRs
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 26
27. RuhR-Universität Bochum
Secure Booting
Proxy Wallet Seal Wallet data to
W
platform configuration
start
start Compartment start Storage
Secure GUI
Manager Manager
OS
OS Loader TPM
BIOS
CRTM PCRs
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 27
30. RuhR-Universität Bochum
Ongoing and Future Work
● Web form scanner
– Currently improving and enhancing implementation
● System updates (property-based attestation)
– Currently working on PbA implementation
● What about additional user attributes?
– e.g. address, age, credit card number, etc.
● Usability
– Secure GUI ("mGUI")
– Proxy-Wallet
Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 30