Compartmented Security for Browsers

RuhR-Universität Bochum

Compartmented Security for Browsers
-
Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Horst Görtz Institute for IT Security
Ruhr-University Bochum, Germany

ARES 2007
2nd International Conference on Availability, Reliability and Security
Vienna, 10-13 April 2007


Marcel Winandy Compartmented Security for Browsers (ARES 2007) 2007-04-10 2


"Classical" Phishing

Costumers
(e.g., bank)
…….
credentials

credentials (e.g., username,password)

Adversary A Collection Server



Malware Phishing

Costumers
(e.g., bank)
…….
credentials

Adversary A Collection Server
Tailored to specific
services, such as
domestic banks



Reasons for Success
● Strong assumptions on ordinary users
● Legacy flaws of Internet technology (e.g. DNS)
● Vulnerabilities of underlying computing platform



Existing approaches
● Browser-based
● Server-based
● Operating System based



Browser-based approaches
● White lists / black lists
● Heuristic checks
● Blinking browser boundaries
● Logo-type certificates
● Wallets

F extra functionality
Browser



Browser-based approaches
● White lists / black lists
● Heuristic checks
● Blinking browser boundaries
● Logo-type certificates
● Wallets
Malware
Browser F Phishing !?



Server-Based Approaches
● User-friendly authentication protocols
● Password-augmented SSL protocol
● Trusted device augmented SSL protocol

F extra functionality
Client Server
Client



Server-Based Approaches
● User-friendly authentication protocols
● Password-augmented SSL protocol
● Trusted device augmented SSL protocol

F
Client Server
Client

Malware
Phishing !?



OS-Based Approaches
● Isolation
● Integrity Verification
● Secure GUI
● Virtualization

Example: Tahoma BOS
Browser Browser Browser

VM VM VM

VMM



OS-Based Approaches
● Isolation
● Integrity Verification
● Secure GUI
● Virtualization

Example: Tahoma BOS
Browser Browser Browser
Classical
VM VM VM
Phishing !?
VMM


Idea:
Combination



Our Approach
● Trusted wallet: Let the system...
– authenticate legitimate service sites
– control and perform the user authentication
● Compartmentalization: Isolate browser / wallet
● Trusted execution environment:
– Security kernel
– Trusted Computing
– Virtualization



Basic Architecture

authentication data

compartment
service virtual real
usage Browser network Wallet network Service
U
Proxy P
Legacy OS
Security Kernel
Hardware
(Trusted Computing Support)

System S



Wallet-Proxy

authenticate UW
update_proxy WB

use_service U↔B use_service B↔W authenticate WP
Browser WalletProxy
U use_service P↔W P
B W
SSL secured channel



Wallet-Proxy

Setup
login
data
authenticate UW
update_proxy WB

Browser WalletProxy
B W
SSL secured channel



Wallet-Proxy

Setup
login
data
authenticate UW
update_proxy WB

Browser WalletProxy
B W
SSL secured channel
Call
service
site



Wallet-Proxy

Setup
login
data
authenticate UW
update_proxy WB

Browser WalletProxy
B W
SSL secured channel
Call Insert
service login
site data



Wallet-Proxy

Setup
login
data
authenticate UW
update_proxy WB

Browser WalletProxy
B W
SSL secured channel
Call Insert
service login Authenticate
site data site and user



Setup Procedure
● "Two-factor authentication"
– User receives credentials out-of-band
● username, password (uid, pwdid), URLid of website, and ack.code
– Wallet blocks login forms in Browser
– User has to enter credentials in Wallet
– Wallet performs login procedure
– User enters acknowledgement code in Browser
● "One-factor authentication"
– User has to register online at website
– Wallet blocks login forms in Browser
– User has to enter credentials in Wallet
– Wallet links password to website
● pwdid := hash(pwdiduser || r), r is random value



Trusted Components

WalletProxy network connection

user interface
W
input / output load / store data

start

start Compartment start Storage
U Secure GUI
Manager Manager
sealing / unsealing

measurement
TPM Net P



Trusted Components


user interface
W

start

U Secure GUI
Manager Manager
sealing / unsealing

measurement
TPM Net P
Trusted
path



Trusted Components


user interface
W

start

U Secure GUI
Manager Manager
sealing / unsealing

measurement
TPM Net P
Trusted
path
System
integrity



Secure Booting

OS
OS Loader TPM
BIOS
CRTM PCRs



Secure Booting

Proxy Wallet
W

start

Secure GUI
Manager Manager

OS
OS Loader TPM
BIOS
CRTM PCRs



Secure Booting

Proxy Wallet Seal Wallet data to
W
platform configuration
start

Secure GUI
Manager Manager

OS
OS Loader TPM
BIOS
CRTM PCRs



Implementation

Isolation
{untrusted } {trusted }

Wallet
Email Browser
Proxy

Application Layer
Compartment Compartment

Trusted Software Layer
Security Kernel
Hypervisor Layer

Hardware TPM Hardware Layer



Implementation

Isolation
{untrusted } {trusted }

Wallet
Email Browser
Proxy

Application Layer
Compartment Compartment

Secure GUI Trusted Software Layer
Compartment Mgr Storage Mgr
Security Kernel
Input Video Net TDD Disk
Hypervisor Layer
L4 Microkernel

Hardware TPM Hardware Layer



Ongoing and Future Work
● Web form scanner
– Currently improving and enhancing implementation
● System updates (property-based attestation)
– Currently working on PbA implementation
● What about additional user attributes?
– e.g. address, age, credit card number, etc.
● Usability
– Secure GUI ("mGUI")
– Proxy-Wallet


Questions ?


backup


Compartmented Security for Browsers

Recommandé

Recommandé

Contenu connexe

Similaire à Compartmented Security for Browsers

Similaire à Compartmented Security for Browsers (20)

Plus de Marcel Winandy

Plus de Marcel Winandy (10)

Compartmented Security for Browsers